Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: do not trust front end message history #570

Merged
merged 11 commits into from
Mar 3, 2025
Merged

feat: do not trust front end message history #570

merged 11 commits into from
Mar 3, 2025

Conversation

stefl
Copy link
Contributor

@stefl stefl commented Feb 28, 2025

Description

  • Addresses a security / threat detection issue where we are currently trusting that the message history that the front end sends has not been manipulated
  • Instead, we now load the message history from the database and append the user's most recent message
  • We then use that as the input to the LLM, and this is what we send to the threat detection services
  • In combination with the preceding PR, we can guarantee that the only new input that is sent to the LLM is the latest user message

To test:

  • Start a chat
  • Add a message using the left hand side
  • Try repeatedly adding messages, leaving and reloading the chat to make sure that the state of the left and right hand sides of the UI remain consistent

@vercel Vercel
Copy link

vercel bot commented Feb 28, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
oak-ai-lesson-assistant ✅ Ready (Inspect) Visit Preview 💬 Add feedback Mar 3, 2025 11:39am

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 28, 2025
edited
Loading

Playwright test results

passed  17 passed
skipped  2 skipped

Details

report  Open report ↗︎
stats  19 tests across 16 suites
duration  2 minutes, 32 seconds
commit  9020f33

Skipped tests

No persona › tests/auth.test.ts › authenticate through Clerk UI
No persona › tests/chat-performance.test.ts › Component renders during lesson chat › There are no unnecessary rerenders across left and right side of chat

codeincontext
codeincontext reviewed Mar 3, 2025
View reviewed changes
apps/nextjs/src/components/AppComponents/Chat/AiSdk.tsx Outdated
Comment on lines 72 to 73
// NOTE: this lesson plan is used by the chat endpoint
lessonPlan,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we delete line 49 above now? const lessonPlan = useLessonPlanStore((state) => state.lessonPlan);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed we can!

codeincontext
codeincontext reviewed Mar 3, 2025
View reviewed changes
apps/nextjs/src/app/api/chat/chatHandler.ts
lessonPlan = parsedOutput.lessonPlan as LooseLessonPlan;
}
} catch (error) {
log.error(`Error parsing output for chat ${chatId}`, error);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just want to confirm that we don't want to report to sentry here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks - I've added Sentry reporting. For now, no additional error handling for the front end though

codeincontext
codeincontext reviewed Mar 3, 2025
View reviewed changes
apps/nextjs/src/app/api/chat/chatHandler.ts
);
return { messages, lessonPlan };
} catch (error) {
log.error(`Error loading chat data for chat ${chatId}`, error);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again here, just want to confirm that we don't want to report to sentry

codeincontext
codeincontext reviewed Mar 3, 2025
View reviewed changes
apps/nextjs/src/app/api/chat/chatHandler.ts
Comment on lines +383 to +393
aila = await createAilaInstance({
config,
options,
chatId,
userId,
messages,
lessonPlan: dbLessonPlan,
llmService,
moderationAiClient,
threatDetectors,
});
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much nicer!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cheers!

codeincontext
codeincontext reviewed Mar 3, 2025
View reviewed changes
Copy link
Collaborator

@codeincontext codeincontext left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking really good. I'll approve after you've seen the comments, but each is minor

@stefl stefl requested a review from codeincontext March 3, 2025 11:23
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 3, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@stefl stefl merged commit d504476 into main Mar 3, 2025
21 checks passed
@stefl stefl deleted the feat/messages_ss_2 branch March 3, 2025 13:24
@mikeritson-oak mikeritson-oak mentioned this pull request Mar 3, 2025
Merged
@oak-machine-user
Copy link
Collaborator

🎉 This PR is included in version 1.26.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codeincontext codeincontext codeincontext approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stefl @oak-machine-user @codeincontext