Adding safeguards for LLM and bumping litellm version for safety#457
Merged
Conversation
✅ Deploy Preview for flowfile-wasm canceled.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several important security and safety enhancements to the AI agent and tool execution framework, along with some documentation and code quality improvements. The main focus is on stricter validation and auditing of potentially dangerous operations such as SQL queries and Python script execution, as well as improved sanitization of user-provided data. Additionally, the documentation has been updated for clarity and to reflect recent changes.
Security and Validation Enhancements:
python_scriptnodes to block dangerous patterns (e.g.,__import__,importlib,eval, etc.), mirroring thepolars_codevalidation logic. This prevents unsafe code from being executed by the agent. (flowfile_core/flowfile_core/ai/tools/executor/handlers/add.py,flowfile_core/flowfile_core/ai/tools/executor/handlers/update.py) [1] [2] [3]COPY,MERGE,INTO OUTFILE,LOAD DATA,PRAGMA,ATTACH,DETACH) invalidate_sql_query, further securing database interactions. (flowfile_core/flowfile_core/flowfile/sources/external_sources/sql_source/sql_source.py) [1] [2]database_readerqueries by the AI agent are now flagged as high-risk and annotated in the audit log for better traceability. (flowfile_core/flowfile_core/ai/tools/executor/handlers/update.py) [1] [2]sql_query_validation,db_query_change, andpython_script_validation. (flowfile_core/flowfile_core/ai/safety.py)Data Sanitization and Limits:
flowfile_core/flowfile_core/ai/context/builder.py)flowfile_core/flowfile_core/ai/audit.py)Documentation Updates:
docs/ai/providers.mdto clarify environment variable fallback, rate limits, and credential storage, and removed outdated or redundant sections. [1] [2] [3] [4]Other Improvements:
database_readeradd/update operations to prevent runaway query execution by the agent. (flowfile_core/flowfile_core/ai/agents/planner/_internal.py)These changes collectively strengthen the security posture of the AI agent, improve the reliability of audit trails, and enhance the safety of user-facing operations.