mirror/LocalAI
1
0
Fork 0
mirror of https://github.com/mudler/LocalAI.git synced 2026-06-18 21:58:58 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
3fa7b2955ce5510bcb2c794fcce06bfbf6fd46ea
LocalAI/core/services/cloudproxy/proxy.go
Richard Palethorpe 3fa7b2955c feat(pii): NER tier engine — privacy-filter.cpp backend + NER-centric PII filter (#10360) 
Squashed feat/pii-ner-tier-engine rebased onto master (was 45 commits; see
backup/pii-ner-tier-engine-prerebase). Net change:

- privacy-filter.cpp: standalone GGML engine for the openai-privacy-filter
  PII/NER token classifier, wired as a LocalAI gRPC backend (CPU/CUDA/Vulkan).
  TokenClassify moves off the patched llama.cpp path onto this backend.
- PII filter reworked to be NER-centric (encoder/NER detection tier scanning
  whole conversations as one document), with a recreated bounded restricted-
  regex secret-matching pattern detector tier alongside it (per-model
  pii_detection.builtins / .patterns + core/services/routing/piipattern).
- Detection labelled by source (ner vs pattern); backend trace / confidence /
  debug observability; analyze/redact exposed as a synchronous API.
- Instance-wide default detector policy + per-usecase default-on; request
  filtering extended to completions, embeddings, edits & Ollama.
- React UI: NER-centric PII editor, detector-models table, pattern/builtins
  editor, middleware default-policy UI.
- Gallery: privacy-filter-multilingual token-classify model + NER install
  filter; token_classify known_usecase; batch sized to context for NER models.
  privacy-filter backend registered in the backend gallery (cpu/vulkan/cuda-13
  meta + image entries with a capabilities map) matching its CI matrix jobs,
  and an /import-model auto-detect importer (PrivacyFilterImporter, narrow
  privacy-filter GGUF detection) replacing the prior pref-only registration.

Reconciled against master's independent evolution:

- Dropped master's PIIPatternOverrides feature (global-pattern runtime
  overrides + /api/pii/patterns API + runtime_settings.json persistence). The
  per-model NER + pattern-detector design supersedes it; it was built on the
  global redactor pattern set this branch replaced.
- Reverted the llama.cpp Score carry-patch (0006-server-task-type-score):
  removed the patch and restored master's grpc-server.cpp Score RPC (direct
  llama_decode, slot-loop bypass) and LLAMA_VERSION pin, plus master's
  model_config validation forbidding score + chat/completion/embeddings on
  llama-cpp. token_classify is unaffected (it runs on the privacy-filter
  backend, not llama-cpp).

Assisted-by: Claude:claude-opus-4-8 [Claude Code]

Signed-off-by: Richard Palethorpe <io@richiejp.com>
2026-06-18 11:45:22 +01:00

89 lines
2.5 KiB
Go
Raw Blame History

// Package cloudproxy stitches the cloud-proxy gRPC backend to the
// HTTP edge: model rewrite and body shaping. The outbound HTTP request
// itself lives inside the cloud-proxy backend binary
// (backend/go/cloud-proxy), not here — this package is the core-side
// glue. PII redaction runs request-side (the NER middleware + MITM
// input path); response/output is forwarded unmodified.
package cloudproxy
import (
"encoding/json"
"fmt"
"io"
"net/http"
"github.com/labstack/echo/v4"
"github.com/mudler/xlog"
)
func rewriteModel(body []byte, upstreamModel string) ([]byte, error) {
if upstreamModel == "" {
return body, nil
}
var m map[string]any
if err := json.Unmarshal(body, &m); err != nil {
return nil, fmt.Errorf("cloudproxy: parse request body: %w", err)
}
m["model"] = upstreamModel
return json.Marshal(m)
}
func streaming(body []byte) bool {
var probe struct {
Stream bool `json:"stream"`
}
if err := json.Unmarshal(body, &probe); err != nil {
return false
}
return probe.Stream
}
// passthroughError emits the upstream's error response unchanged.
func passthroughError(c echo.Context, statusCode int, contentType string, body io.Reader) error {
const maxErrBody = 1 << 20
buf, _ := io.ReadAll(io.LimitReader(body, maxErrBody))
if contentType != "" {
c.Response().Header().Set("Content-Type", contentType)
}
c.Response().WriteHeader(statusCode)
_, _ = c.Response().Writer.Write(buf)
return nil
}
func forwardBuffered(c echo.Context, statusCode int, contentType string, body io.Reader) error {
if contentType != "" {
c.Response().Header().Set("Content-Type", contentType)
}
c.Response().WriteHeader(statusCode)
_, err := io.Copy(c.Response().Writer, body)
return err
}
// forwardStream relays the upstream SSE response to the client,
// flushing per read so events arrive in real time. Response/output PII
// redaction is out of scope for now, so the stream is forwarded
// unmodified.
func forwardStream(c echo.Context, body io.Reader) error {
c.Response().Header().Set("Content-Type", "text/event-stream")
c.Response().Header().Set("Cache-Control", "no-cache")
c.Response().Header().Set("Connection", "keep-alive")
c.Response().WriteHeader(http.StatusOK)
buf := make([]byte, 32*1024)
for {
n, rErr := body.Read(buf)
if n > 0 {
if _, wErr := c.Response().Writer.Write(buf[:n]); wErr != nil {
return nil
}
c.Response().Flush()
}
if rErr != nil {
if rErr != io.EOF {
xlog.Debug("cloudproxy: stream read error", "error", rErr)
}
return nil
}
}
}
Reference in New Issue View Git Blame Copy Permalink