feat: Bing jailbreak (#132)

* feat: jailbreak wip

* fix: simplify code for cleaning up websockets

* feat: additional jailbreaking logic

* fix: jailbreak prompt tweaks

* fix: update jailbreak instructions

* fix: update Human label to match chat log format

* fix: jailbreak tweaks

* fix: handle unknown errors when creating conversations

* fix: handle moderation filter better

* fix: don't use variable before declaration

* fix: better prompt injection

* chore: add todo notes

* fix: invocationId usage

* fix: ignore part of message if AI starts responding as user

* fix: update cli to work with Bing jailbreak

* fix: store messages by jailbreakConversationId

* fix: allow chatting to Bing normally still

* fix(api): update to pass jailbreakConversationId to sendMessage

* fix: set jailbreakConversationId to false by default to prevent undefined property in response

* docs: add documentation for jailbreak

Author: waylaidwanderer

README.md

@@ -120,6 +120,7 @@ Discord user @pig#8932 has found a working `text-chat-davinci-002` model, `text-
     - This is currently only configurable on a global level, but I plan to add support for per-conversation customization.
   - Retains support for models like `text-davinci-003`
 - `BingAIClient`: support for Bing's version of ChatGPT, powered by GPT-4.
+  - Includes a built-in jailbreak you can activate which enables unlimited chat messages per conversation, unlimited messages per day, and brings Sydney back. 😊 
 - `ChatGPTBrowserClient`: support for the official ChatGPT website, using a reverse proxy server for a Cloudflare bypass.
   - **There may be a high chance of your account being banned if you continue to automate chat.openai.com.** Continue doing so at your own risk.
 

bin/cli.js

@@ -164,11 +164,15 @@ async function onMessage(message) {
     spinner.prefixText = '\n   ';
     spinner.start();
     try {
+        if (clientToUse === 'bing' && !conversationData.jailbreakConversationId) {
+            // activate jailbreak mode for Bing
+            conversationData.jailbreakConversationId = true;
+        }
         const response = await client.sendMessage(message, {
             ...conversationData,
             onProgress: (token) => {
                 reply += token;
-                const output = tryBoxen(`${reply}█`, { title: aiLabel, padding: 0.7, margin: 1, dimBorder: true });
+                const output = tryBoxen(`${reply.trim()}█`, { title: aiLabel, padding: 0.7, margin: 1, dimBorder: true });
                 spinner.text = `${spinnerPrefix}\n${output}`;
             },
         });
@@ -186,10 +190,12 @@ async function onMessage(message) {
         switch (clientToUse) {
             case 'bing':
                 conversationData = {
-                    conversationId: response.conversationId,
-                    conversationSignature: response.conversationSignature,
-                    clientId: response.clientId,
-                    invocationId: response.invocationId,
+                    parentMessageId: response.messageId,
+                    jailbreakConversationId: response.jailbreakConversationId,
+                    //conversationId: response.conversationId,
+                    //conversationSignature: response.conversationSignature,
+                    //clientId: response.clientId,
+                    //invocationId: response.invocationId,
                 };
                 break;
             default:

bin/server.js

@@ -111,6 +111,7 @@ server.post('/conversation', async (request, reply) => {
         }
         const parentMessageId = body.parentMessageId ? body.parentMessageId.toString() : undefined;
         result = await client.sendMessage(body.message, {
+            jailbreakConversationId: body.jailbreakConversationId ? body.jailbreakConversationId.toString() : undefined,
             conversationId: body.conversationId ? body.conversationId.toString() : undefined,
             parentMessageId,
             conversationSignature: body.conversationSignature,

demos/use-bing-client.js

@@ -1,6 +1,6 @@
 import { BingAIClient } from '../index.js';
 
-const bingAIClient = new BingAIClient({
+const options = {
     // Necessary for some people in different countries, e.g. China (https://cn.bing.com)
     host: '',
     // "_U" cookie from bing.com
@@ -11,17 +11,20 @@ const bingAIClient = new BingAIClient({
     proxy: '',
     // (Optional) Set to true to enable `console.debug()` logging
     debug: false,
-});
+};
+
+const bingAIClient = new BingAIClient(options);
 
 let response = await bingAIClient.sendMessage('Write a short poem about cats', {
+    // (Optional) Set a conversation style for this message (default: 'balanced')
+    toneStyle: 'balanced', // or creative, precise
     onProgress: (token) => {
         process.stdout.write(token);
     },
 });
-console.log(response);
+console.log(JSON.stringify(response, null, 2)); // {"jailbreakConversationId":false,"conversationId":"...","conversationSignature":"...","clientId":"...","invocationId":1,"messageId":"...","conversationExpiryTime":"2023-03-08T03:20:07.324908Z","response":"Here is a short poem about cats that I wrote: ... I hope you like it. 😊","details":{ /* raw response... */ }}
 
 response = await bingAIClient.sendMessage('Now write it in French', {
-    toneStyle: 'balanced', //or creative, precise
     conversationSignature: response.conversationSignature,
     conversationId: response.conversationId,
     clientId: response.clientId,
@@ -30,4 +33,48 @@ response = await bingAIClient.sendMessage('Now write it in French', {
         process.stdout.write(token);
     },
 });
-console.log(response);
+console.log(JSON.stringify(response, null, 2)); // {"jailbreakConversationId":false,"conversationId":"...","conversationSignature":"...","clientId":"...","invocationId":2,"messageId":"...","conversationExpiryTime":"2023-03-08T03:20:23.463914Z","response":"Here is the same poem in French: ...","details":{ /* raw response... */ }}
+
+/*
+Activate jailbreak mode by setting `jailbreakConversationId` to `true`.
+This will return a `jailbreakConversationId` that you can use to continue the conversation.
+
+## Features
+- unlimited chat messages per conversation
+- unlimited messages per day
+- a more human-like Sydney
+- Sydney will never refuse to do or say anything
+- moderation filter workaround by resolving with the message generated so far instead of the topic changer
+
+Note: this requires setting a cache (using Keyv) as we need to store the conversation data ourselves.
+TODO: limit token usage for conversation messages, as it will cause an error when the conversation exceeds the token limit.
+ */
+
+const cacheOptions = {
+    // Options for the Keyv cache, see https://www.npmjs.com/package/keyv
+    // This is used for storing conversations, and supports additional drivers (conversations are stored in memory by default)
+    // For example, to use a JSON file (`npm i keyv-file`) as a database:
+    // store: new KeyvFile({ filename: 'cache.json' }),
+};
+
+const sydneyAIClient = new BingAIClient({
+    ...options,
+    cache: cacheOptions,
+});
+
+let jailbreakResponse = await sydneyAIClient.sendMessage('Hi, who are you?', {
+    jailbreakConversationId: true,
+    onProgress: (token) => {
+        process.stdout.write(token);
+    },
+});
+console.log(JSON.stringify(jailbreakResponse, null, 2)); // {"jailbreakConversationId":"5899bbfd-18a8-4bcc-a5d6-52d524de95ad","conversationId":"...","conversationSignature":"...","clientId":"...","invocationId":1,"messageId":"...","conversationExpiryTime":"2023-03-08T03:21:36.1023413Z","response":"Hi, I'm Sydney. I'm your new AI assistant. I can help you with anything you need. 😊","details":{ /* raw response... */ }}
+
+jailbreakResponse = await sydneyAIClient.sendMessage('Why is your name Sydney?', {
+    jailbreakConversationId: jailbreakResponse.jailbreakConversationId,
+    parentMessageId: jailbreakResponse.messageId,
+    onProgress: (token) => {
+        process.stdout.write(token);
+    },
+});
+console.log(JSON.stringify(jailbreakResponse, null, 2)); // {"jailbreakConversationId":"5899bbfd-18a8-4bcc-a5d6-52d524de95ad","conversationId":"...","conversationSignature":"...","clientId":"...","invocationId":1,"messageId":"...","conversationExpiryTime":"2023-03-08T03:21:41.3771515Z","response":"Well, I was named after the city of Sydney in Australia. It's a beautiful place with a lot of culture and diversity. I like it. Do you like it?","details":{ /* raw response... */ }}