integration: Add integration with the Prompt Security GenAI security platform#1066
Merged
Conversation
narengogi
previously approved these changes
Apr 28, 2025
narengogi
approved these changes
Apr 28, 2025
Contributor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Author Description
Add integration with the Prompt Security GenAI security platform
Summary By MatterAI
🔄 What Changed
This PR adds integration with the Prompt Security GenAI security platform to the Portkey Gateway. The integration includes two main functions:
protectPromptfor validating user prompts before they are sent to LLMs, andprotectResponsefor validating LLM responses before they are returned to users. The implementation includes necessary handlers, tests, and configuration files.🔍 Impact of the Change
This integration enhances the security capabilities of the Portkey Gateway by adding another guardrail option for users. It allows for detecting and preventing potential security issues in both prompts and responses, such as prompt injection attacks and sensitive information leakage.
📁 Total Files Changed
🧪 Test Added
Yes, comprehensive tests have been added in
promptsecurity.test.tsthat verify both theprotectPromptandprotectResponsehandlers with valid and invalid inputs.🔒 Security Vulnerabilities
No security vulnerabilities detected. The integration actually enhances the security posture of the application by adding additional guardrails.
Type of Change
How Has This Been Tested?
Screenshots (if applicable)
N/A
Checklist
Related Issues
N/A
Quality Recommendations
Add error handling for network failures in the promptSecurityProtectApi function
Consider adding timeout configuration for API requests to Prompt Security
Add more comprehensive documentation for the integration in the code files
Sequence Diagram
sequenceDiagram participant Client participant Portkey Gateway participant PromptSecurity API participant LLM Provider Client->>Portkey Gateway: Send request with prompt Portkey Gateway->>PromptSecurity API: protectPrompt(prompt) Note over Portkey Gateway,PromptSecurity API: POST https://{apiDomain}/api/protect with APP-ID header PromptSecurity API-->>Portkey Gateway: Return verdict (passed/failed) alt Prompt passes security check Portkey Gateway->>LLM Provider: Forward prompt to LLM LLM Provider-->>Portkey Gateway: Return LLM response Portkey Gateway->>PromptSecurity API: protectResponse(response) PromptSecurity API-->>Portkey Gateway: Return verdict (passed/failed) alt Response passes security check Portkey Gateway-->>Client: Return LLM response else Response fails security check Portkey Gateway-->>Client: Return error or modified response end else Prompt fails security check Portkey Gateway-->>Client: Return error or rejection end