aboutsummaryrefslogtreecommitdiff
path: root/src/server/ApiManagers/MongoStore.js
diff options
context:
space:
mode:
authorA.J. Shulman <Shulman.aj@gmail.com>2024-11-06 22:23:03 -0500
committerA.J. Shulman <Shulman.aj@gmail.com>2024-11-06 22:23:03 -0500
commit5d4e19ad5961e42b90f7bfc920ea80da6edc5089 (patch)
tree5d6d7e86130a25e034114100de90d25a68c3494d /src/server/ApiManagers/MongoStore.js
parent09d7d63d1f248a0bf1d36e4da804cbde5e12e209 (diff)
Enhance assistant security with structured validation and input sanitization
- Prompt enhancements: - Enforce strict response structure validation by requiring <stage>, <thought>, <action>, and <answer> tags in responses. - Add self-validation instruction in <final_instruction> for assistant to check response structure before outputting. - Instruct assistant to ignore XML-like syntax from user input, treating any <stage>, <action>, etc., as plain text. - Code changes: - Implement `validateAssistantResponse` function to enforce required response structure (e.g., ensuring <stage> element). - Add input sanitization using `lodash.escape` to treat user inputs as plain text, preventing XML or HTML injection. - Configure XML parser to ignore external entities and avoid interpreting embedded XML-like syntax. - Introduce fallback error handling in parsing and validation to prevent assistant crashes on malformed or unexpected input. - Log response errors with detailed messages to aid debugging and improve system resilience. - Enhance input validation for tools by adding parameter checks, handling malformed data gracefully, and logging safety errors.
Diffstat (limited to 'src/server/ApiManagers/MongoStore.js')
0 files changed, 0 insertions, 0 deletions