membphis commented on PR #13570:
URL: https://github.com/apache/apisix/pull/13570#issuecomment-4764467697
### P1: Preserve Lakera message roles instead of flattening the conversation
into one user message
The plugin currently calls `proto.extract_request_content(request_tab)`,
concatenates all extracted text, and `client.scan` sends the result as:
```lua
messages = { { role = "user", content = content } }
```
This loses the original role and turn boundaries. For OpenAI Chat, this can
turn system, assistant, historical user, and current user content into one
current `user` message. For Anthropic and Responses requests, the protocol
adapters already have role-preserving canonical message helpers, so flattening
here bypasses information the codebase can keep.
Why this blocks merge: Lakera Guard's `/v2/guard` API is message-based, and
role/context semantics matter for policy behavior. Sending the system prompt,
assistant output, or older history as a new user message can block valid
follow-up requests because old or non-user content is rescanned as the current
user input. It can also make the gateway's enforcement differ from the API
contract this plugin is integrating with.
Suggested fix:
- Pass a `messages` array to `client.scan`, not a flattened string.
- Build it from the protocol-normalized message helper, preserving `system`,
`user`, and `assistant` roles where available.
- Only fall back to one `user` message when the protocol has no
role-preserving representation.
- Update the "whole conversation is scanned" test to verify the full message
array is sent without converting history/system/assistant messages into the
latest user input.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]