Replaces the L2 cache layer's SQLite implementation with an async SQLAlchemy-based database model (CacheEntries). Updates cache_manager.py to use db_query and db_save for cache operations, adds semantic cache handling with ChromaDB, and introduces async cache clearing and expiration cleaning methods. Adds the CacheEntries model and integrates it into the database API.
Extended the list of dangerous keywords in the _partially_shield_content method to cover more attack vectors, including system commands, privilege escalation, information leakage, and social engineering. This enhances the robustness of the message shielding mechanism against prompt injection and related attacks.
Enhanced the default_patterns list in PromptInjectionDetector with more comprehensive and specific regular expressions to improve detection of prompt injection attempts, including new patterns for admin commands, system prompts, privilege escalation, and sensitive information leakage. This update aims to strengthen the robustness of the anti-prompt-injection mechanism.
Introduced a ProcessResult enum to standardize anti-injector message processing outcomes. Updated anti_injector.py to return ProcessResult values instead of booleans, and refactored bot.py to handle these results with improved logging and clearer control flow. This change improves code clarity and maintainability for anti-prompt injection logic.
Introduces a comprehensive anti-prompt injection system for LLMs, including rule-based and LLM-based detection, user ban/whitelist management, message shielding, and statistics tracking. Adds new modules under src/chat/antipromptinjector, integrates anti-injection checks into the message receive flow, updates configuration and database models, and provides test scripts. Also updates templates and logger aliases to support the new system.
Changed the MCP SSE support item from completed to incomplete in the TODO list to reflect current project status.
Co-Authored-By: tt-P607 <68868379+tt-P607@users.noreply.github.com>
Introduces a ToolCache class to manage caching of tool invocation results with support for both exact and approximate (similarity-based) query matching. Includes methods for cache retrieval, storage, expiration, cleanup, and statistics. This helps improve efficiency by reusing previous results and reducing redundant tool executions.
Co-Authored-By: tt-P607 <68868379+tt-P607@users.noreply.github.com>
Deleted Nix flake files, pre-commit configuration, environment files, sample data, and a batch script. Also commented out automatic triggers in the Docker GitHub Actions workflow, leaving only manual dispatch. This simplifies the repository by removing development environment and automation tooling.
Co-Authored-By: tt-P607 <68868379+tt-P607@users.noreply.github.com>
Deleted the pull request template and related GitHub Actions workflows for precheck and Ruff checks. This streamlines the repository by removing automated PR checks and formatting enforcement.
Co-Authored-By: tt-P607 <68868379+tt-P607@users.noreply.github.com>
Updated the antipromptinjector flowchart for improved clarity and logic. Fixed indentation in expression_selector.py to correct code structure. Removed obsolete db_migration_plan.md documentation.
