Skip to content

integration: Add integration with the Prompt Security GenAI security platform#1066

Merged
VisargD merged 5 commits into
Portkey-AI:mainfrom
lior-ps:main
May 5, 2025
Merged

integration: Add integration with the Prompt Security GenAI security platform#1066
VisargD merged 5 commits into
Portkey-AI:mainfrom
lior-ps:main

Conversation

@lior-ps

@lior-ps lior-ps commented Apr 26, 2025

Copy link
Copy Markdown
Contributor

Code Quality new feature

Author Description

Add integration with the Prompt Security GenAI security platform

Summary By MatterAI

🔄 What Changed

This PR adds integration with the Prompt Security GenAI security platform to the Portkey Gateway. The integration includes two main functions: protectPrompt for validating user prompts before they are sent to LLMs, and protectResponse for validating LLM responses before they are returned to users. The implementation includes necessary handlers, tests, and configuration files.

🔍 Impact of the Change

This integration enhances the security capabilities of the Portkey Gateway by adding another guardrail option for users. It allows for detecting and preventing potential security issues in both prompts and responses, such as prompt injection attacks and sensitive information leakage.

📁 Total Files Changed

  • Added 5 new files for the Prompt Security integration
  • Modified 3 existing files to include the new integration
  • Total: 8 files changed with 209 additions and 2 deletions

🧪 Test Added

Yes, comprehensive tests have been added in promptsecurity.test.ts that verify both the protectPrompt and protectResponse handlers with valid and invalid inputs.

🔒 Security Vulnerabilities

No security vulnerabilities detected. The integration actually enhances the security posture of the application by adding additional guardrails.

Type of Change

  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Refactoring (no functional changes)

How Has This Been Tested?

  • Unit Tests
  • Integration Tests
  • Manual Testing

Screenshots (if applicable)

N/A

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

Related Issues

N/A

Quality Recommendations

  1. Add error handling for network failures in the promptSecurityProtectApi function

  2. Consider adding timeout configuration for API requests to Prompt Security

  3. Add more comprehensive documentation for the integration in the code files

Sequence Diagram

sequenceDiagram
    participant Client
    participant Portkey Gateway
    participant PromptSecurity API
    participant LLM Provider
    
    Client->>Portkey Gateway: Send request with prompt
    Portkey Gateway->>PromptSecurity API: protectPrompt(prompt)
    Note over Portkey Gateway,PromptSecurity API: POST https://{apiDomain}/api/protect with APP-ID header
    PromptSecurity API-->>Portkey Gateway: Return verdict (passed/failed)
    
    alt Prompt passes security check
        Portkey Gateway->>LLM Provider: Forward prompt to LLM
        LLM Provider-->>Portkey Gateway: Return LLM response
        Portkey Gateway->>PromptSecurity API: protectResponse(response)
        PromptSecurity API-->>Portkey Gateway: Return verdict (passed/failed)
        
        alt Response passes security check
            Portkey Gateway-->>Client: Return LLM response
        else Response fails security check
            Portkey Gateway-->>Client: Return error or modified response
        end
    else Prompt fails security check
        Portkey Gateway-->>Client: Return error or rejection
    end
Loading

@lior-ps lior-ps changed the title Main integration: Add integration with the Prompt Security GenAI security platform Apr 26, 2025
@vrushankportkey vrushankportkey requested a review from b4s36t4 April 28, 2025 08:47
narengogi
narengogi previously approved these changes Apr 28, 2025

@narengogi narengogi left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

verified, looks good to me! 🚀🚀🚀

@matterai-app

matterai-app Bot commented May 5, 2025

Copy link
Copy Markdown
Contributor

Code Quality new feature

Summary By MatterAI MatterAI logo

🔄 What Changed

This PR adds integration with the Prompt Security GenAI security platform, providing two main functionalities:

  1. Protecting prompts before they are sent to LLMs (beforeRequestHook)
  2. Protecting responses from LLMs before they are sent to users (afterRequestHook)

🔍 Impact of the Change

This integration enhances the security capabilities of the gateway by adding GenAI-specific security scanning for both prompts and responses. It helps detect and prevent prompt injection attacks, PII leakage, and other security issues in AI interactions.

📁 Total Files Changed

7 files changed with 208 additions and 2 deletions:

  • Added new plugin files for Prompt Security integration
  • Updated configuration to include the new integration
  • Added tests for the new functionality

🧪 Test Added

  • Tests for the protectPrompt handler:
    • Positive test with a valid prompt
    • Negative test with an invalid prompt containing prompt injection
  • Tests for the protectResponse handler:
    • Positive test with a safe response
    • Negative test with a response containing PII (SSN)

🔒Security Vulnerabilities

N/A - This PR actually enhances security by adding a new security scanning integration.

Type of Change

  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Refactoring (no functional changes)

How Has This Been Tested?

  • Unit Tests
  • Integration Tests
  • Manual Testing

Screenshots (if applicable)

N/A

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

Related Issues

N/A

Sequence Diagram

sequenceDiagram
    participant Client
    participant Gateway
    participant PromptSecurityPlugin
    participant PromptSecurityAPI
    participant LLM

    Client->>Gateway: Send request with prompt
    Gateway->>PromptSecurityPlugin: beforeRequestHook (protectPrompt)
    PromptSecurityPlugin->>PromptSecurityAPI: POST /api/protect {prompt: text}
    PromptSecurityAPI-->>PromptSecurityPlugin: Return {result.prompt.passed, data}
    alt prompt passed
        PromptSecurityPlugin-->>Gateway: {verdict: true, data}
        Gateway->>LLM: Forward request to LLM
        LLM-->>Gateway: Return response
        Gateway->>PromptSecurityPlugin: afterRequestHook (protectResponse)
        PromptSecurityPlugin->>PromptSecurityAPI: POST /api/protect {response: text}
        PromptSecurityAPI-->>PromptSecurityPlugin: Return {result.response.passed, data}
        alt response passed
            PromptSecurityPlugin-->>Gateway: {verdict: true, data}
            Gateway-->>Client: Return safe response
        else response failed
            PromptSecurityPlugin-->>Gateway: {verdict: false, data}
            Gateway-->>Client: Return error or modified response
        end
    else prompt failed
        PromptSecurityPlugin-->>Gateway: {verdict: false, data}
        Gateway-->>Client: Return error or modified prompt
    end
Loading

@VisargD VisargD merged commit 8581a63 into Portkey-AI:main May 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants