janiussyafiq opened a new pull request, #13606:
URL: https://github.com/apache/apisix/pull/13606
### Description
PR-2 of `ai-lakera-guard`, following the input-scanning MVP (#13570). Adds
**response (output) scanning** for non-streaming and streaming (SSE) traffic.
Back-compatible: `direction` still defaults to `input`.
- **Schema:** `direction` extended to `input`/`output`/`both`; adds
`response_failure_message`.
- **Response path** (`lua_body_filter`, the same dispatch
`ai-aliyun-content-moderation` uses):
- **Non-streaming:** scans `ctx.var.llm_response_text`; a flagged response
is replaced with a provider-compatible deny.
- **Streaming:** buffers the SSE response, scans the assembled completion
once, then releases it verbatim (clean) or replaces it with a deny SSE
terminated by `[DONE]` (flagged). Because the stream's
`200`/`text/event-stream` headers are already committed when buffering begins,
a streamed block is delivered as the deny **body** — `deny_code` does not apply
to streams.
- Docs (en + zh) and tests added.
#### Which issue(s) this PR fixes:
Part of #13291.
### Checklist
- [x] I have explained the need for this PR and the problem it solves
- [x] I have explained the changes or the new features added to this PR
- [x] I have added tests corresponding to this change
- [x] I have updated the documentation to reflect this change
- [x] I have verified that this change is backward compatible
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]