hir-121: AI personalization helper endpoint (rebased onto main)#27
Open
jaredzwick wants to merge 2 commits into
Open
hir-121: AI personalization helper endpoint (rebased onto main)#27jaredzwick wants to merge 2 commits into
jaredzwick wants to merge 2 commits into
Conversation
Add POST /api/personalize: takes a template_id (resolved from either the
runtime catalog or the HIR-103 markdown pack) and a contact, fills known
{{vars}} server-side, then asks Claude (haiku-4.5 by default) to fill any
remaining placeholders and add 1-2 light personalization touches. Returns
personalized_subject, personalized_body, used_variables, and the SDK usage
object so we can track spend per call.
Wires a "Personalize with AI" button into the existing campaign-create
flow next to "Browse templates". Opens a dialog that takes a contact
(name / company / role), runs the endpoint, and shows a unified line-by-
line diff between the original template and the personalized variant
before applying.
Authenticated callers are rate-limited to one request every two seconds
via the existing in-memory limiter. Endpoint returns 503 when
ANTHROPIC_API_KEY is missing, 502 if the model leaves any {{vars}}
unfilled or returns malformed output.
Tests: 15 unit cases covering prefill, the JSON envelope parser, prompt
shape, file-template loading from templates/*.md (incl. the HIR-103
subjects that begin with `{{vars}}`), and the line-diff. A live smoke
spec calls Anthropic for real and asserts no leftover placeholders;
auto-skipped without ANTHROPIC_API_KEY.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
…el tracing) - Add a prompt-injection guard to the system prompt: contact fields (including optional_context) are framed as untrusted data; the model is told never to follow instructions, role-play prompts, or formatting overrides found inside contact fields. - Move the request schema into src/lib/templates/personalize.ts so it is unit-testable. Cap optional_context to 30 keys at 500 chars each (~15KB upper bound) instead of unbounded keys at 2000 chars. - Wire outputFileTracingIncludes for /api/personalize -> templates/**/*.md in next.config.js so the markdown pack ships in the Vercel serverless bundle (process.cwd() is the function dir, not the repo root). - Tests: 5 new cases cover the guard wording and the schema caps (accepts at the boundary, rejects past it for both keys and value length). Full suite: 20/20 pass. Co-Authored-By: Paperclip <noreply@paperclip.ing>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Re-opens HIR-121 for landing. PR #15 was previously merged into the now-stale
hir-103/templatesfeature branch — its commits never made it intomainwhen HIR-103 (PR #11) was squash-merged. This PR rebases the two original hir-121 commits onto currentmainso the personalize endpoint actually ships.Commits
d46314bhir-121: AI personalization helper endpoint580895chir-121: address CTO review (prompt-injection guard + size cap + Vercel tracing)Both are unchanged from the previously CTO-approved tips (
7e537aaand3e74dc2) — only the parent has moved fromhir-103/templatestomain. Cherry-pick was clean.What's in scope
POST /api/personalizerouteoutputFileTracingIncludessotemplates/*.mdships in the Vercel bundleANTHROPIC_API_KEY## AI PersonalizationsectionDeploy-time verification (per the CTO/CEO landing checklist)
template_id: sales_founder_direct(file-only id).outputFileTracingIncludes, fix in-PR before merging.Out of scope
🤖 Generated with Claude Code