janiussyafiq opened a new pull request, #13425: URL: https://github.com/apache/apisix/pull/13425
### Description This is **PR-1 of a 9-PR phased delivery** of the `ai-lakera-guard` plugin, restructured from the closed [#13355](https://github.com/apache/apisix/pull/13355) into vertical-slice PRs per the design at [api7/rfcs#32](https://github.com/api7/rfcs/pull/32) (RFC restructure incoming) and tracking issue [#13291](https://github.com/apache/apisix/issues/13291). The approach mirrors the ai-cache phased series at [api7/rfcs#49](https://github.com/api7/rfcs/pull/49). **What ships in PR-1 (walking skeleton):** - Plugin registered at priority **1028** (between \`ai-aws-content-moderation\` at 1050 and \`ai-aliyun-content-moderation\` at 1029). - \`access\` phase request scan for the \`openai-chat\` protocol only. - Schema covers \`endpoint{url, api_key, timeout_ms, ssl_verify, keepalive, keepalive_pool, keepalive_timeout_ms}\` + \`on_block{status, message}\`. \`encrypt_fields = ["endpoint.api_key"]\` wired up front for \`\$secret://\` compatibility (e2e secret tests land in PR-4). - Flagged prompts → \`on_block.status\` (default 200) with provider-shaped \`chat.completion\` deny body via \`apisix.plugins.ai-protocols.openai-chat.build_deny_response\`. - Other 3 client protocols (\`openai-responses\`, \`anthropic-messages\`, \`bedrock-converse\`) are no-op + warn — PR-2 lights them up. - HTTP client supports \`keepalive\` + \`ssl_verify\` + custom \`timeout_ms\`, matching \`ai-aliyun-content-moderation\`'s connection-pool defaults. **Deferred to later PRs** (each end-to-end shippable): - PR-2: 3 more protocols - PR-3: \`action: alert\`, \`direction\` enum, \`project_id\`, \`reveal_failure_categories\`, \`ctx.var.lakera_guard_scan_info\` - PR-4: \`fail_open\`, \`\$secret://\` e2e tests, user docs - PR-5: \`lua_body_filter\` for \`ai_chat\` (response-side non-streaming) - PR-6: Composition tests with \`ai-aliyun-content-moderation\` + upstream-error skip - PR-7..9: SSE streaming (side-buffer, max-age trigger, edge cases, streaming docs) #### Which issue(s) this PR fixes: Partial implementation of #13291. Supersedes #13355. ### Checklist - [x] I have explained the need for this PR and the problem it solves - [x] I have explained the changes or the new features added to this PR - [x] I have added tests corresponding to this change - [ ] I have updated the documentation to reflect this change (user docs land in PR-4 per phased plan) - [x] I have verified that this change is backward compatible (new plugin; no existing behavior affected) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
