Added detailed debug logs for text extraction and LLM detection input in the anti-injector module. Refactored message processing to only use user-added content for detection, avoiding duplicate text. Fixed import paths for command_skip_list in plugin manager and anti_injector_manager to reflect new module structure.
Split the anti-prompt-injector module into core, processors, management, and decision submodules for better maintainability and separation of concerns. Moved and refactored detection, shielding, statistics, user ban, message processing, and counter-attack logic into dedicated files. Updated imports and initialization in __init__.py and anti_injector.py to use the new structure. No functional changes to detection logic, but code organization is significantly improved.
Updated logic in heartFC_chat.py and relationship_manager.py to prioritize 'chat_info_platform', then 'user_platform', and finally a default when determining platform information. Added a fallback to 'unknown' in get_person_id if platform is None, improving robustness when platform data is missing.
Co-Authored-By: tt-P607 <68868379+tt-P607@users.noreply.github.com>
Refactored configuration classes to inherit from a new ValidatedConfigBase using Pydantic for robust validation and error reporting. Updated api_ada_configs.py, config.py, config_base.py, and official_configs.py to replace dataclasses with Pydantic models, add field validation, and improve error messages. This change enhances configuration reliability and developer feedback for misconfigurations. Also includes minor code cleanups and removal of unused variables in other modules.
Cleaned up various files by removing unused or redundant import statements to improve code readability and reduce potential confusion. No functional changes were made.
Extended the list of dangerous keywords in the _partially_shield_content method to cover more attack vectors, including system commands, privilege escalation, information leakage, and social engineering. This enhances the robustness of the message shielding mechanism against prompt injection and related attacks.
Enhanced the default_patterns list in PromptInjectionDetector with more comprehensive and specific regular expressions to improve detection of prompt injection attempts, including new patterns for admin commands, system prompts, privilege escalation, and sensitive information leakage. This update aims to strengthen the robustness of the anti-prompt-injection mechanism.
Introduced a ProcessResult enum to standardize anti-injector message processing outcomes. Updated anti_injector.py to return ProcessResult values instead of booleans, and refactored bot.py to handle these results with improved logging and clearer control flow. This change improves code clarity and maintainability for anti-prompt injection logic.
Introduces a comprehensive anti-prompt injection system for LLMs, including rule-based and LLM-based detection, user ban/whitelist management, message shielding, and statistics tracking. Adds new modules under src/chat/antipromptinjector, integrates anti-injection checks into the message receive flow, updates configuration and database models, and provides test scripts. Also updates templates and logger aliases to support the new system.
Updated the antipromptinjector flowchart for improved clarity and logic. Fixed indentation in expression_selector.py to correct code structure. Removed obsolete db_migration_plan.md documentation.
