mirror of
https://github.com/mudler/LocalAI.git
synced 2026-06-13 03:09:03 -04:00
085fc53bbc
* fix(router): score classifier production-readiness Conversation trimming runs through the classifier model's chat template and trims by exact token count, sized to the model's n_batch which is now scaled to context so long probes can't crash the backend. Missing chat_message templates are a hard error at router build time. Router- facing factories (Embedder/Scorer/Reranker/TokenCounter) re-resolve ModelConfig per call so a model installed post-startup doesn't bind a stub Backend="" config and silently fall into the loader's auto- iterate path. New 'vector_store' backend trace recorded inside localVectorStore on every Search/Insert — including the backend-load-failure path that previously vanished into an xlog.Warn — with outcome tagging (hit/miss/empty_store/backend_load_error/find_error/insert_error/ok). Companion cleanup drops misleading similarity:0 and input_tokens_count:0 from non-hit and text-mode traces. Gallery local-store-development aliases to 'local-store' so the master image satisfies pkg/model.LocalStoreBackend lookups from the embedding cache. Misc: llama-cpp TokenizeString reads the correct 'prompt' JSON key (the original bug); ModelTokenize nil-guard; non-fatal mitm proxy startup; PII 'route_local' renamed to 'allow' with docs/UI in sync; model-editor footer no longer eats the edit area on small screens; several config-editor template/dropdown/section fixes. Tests: e2e router specs (casual/code-hint + long-conversation trim), vector_store trace specs, lazy-factory specs, gallery dev-alias resolution, Playwright trace badge + scroll regression. Assisted-by: Claude:claude-opus-4-7 [Claude Code] Signed-off-by: Richard Palethorpe <io@richiejp.com> * feat(backend): auto-size batch to context for embedding and rerank models Embedding and rerank models pool over the whole input in a single physical batch (n_ubatch). With batch left at the 512 default, the backend rejects longer inputs with "input is too large to process", silently capping a large-context embedder (e.g. 8k/32k) at 512 tokens. Size n_batch to the context for these single-pass usecases, mirroring the existing FLAG_SCORE behaviour; an explicit batch: still wins. Extracts EffectiveContextSize/EffectiveBatchSize from grpcModelOpts so the effective decode window has one home for other callers to reuse. Adds an e2e-aio regression test that embeds a >512-token input. The AIO embedding model is switched to nomic-embed-text-v1.5 (2048 context) because the previous granite model was capped at 512 tokens and could not exercise the larger batch. Assisted-by: claude-code:claude-opus-4-8 [Claude Code] Signed-off-by: Richard Palethorpe <io@richiejp.com> * fix(gallery): raise arch-router scoring output cap via parallel:64 Scoring decodes the whole prompt+candidate in a single llama_decode and reads one logit row per candidate token. The vendored llama.cpp server caps causal output rows at n_parallel, so the default of 1 aborts with GGML_ASSERT(n_outputs_max <= cparams.n_outputs_max) on multi-token route labels. Set options: [parallel:64] on both arch-router quant entries to lift the cap; kv_unified (the grpc-server default) keeps the full context per sequence, so this does not split the KV cache. Assisted-by: claude-code:claude-opus-4-8 [Claude Code] Signed-off-by: Richard Palethorpe <io@richiejp.com> --------- Signed-off-by: Richard Palethorpe <io@richiejp.com>
170 lines
5.1 KiB
Go
170 lines
5.1 KiB
Go
package application
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"path/filepath"
|
|
"sort"
|
|
|
|
"github.com/mudler/LocalAI/core/config"
|
|
"github.com/mudler/LocalAI/core/services/cloudproxy/mitm"
|
|
"github.com/mudler/xlog"
|
|
)
|
|
|
|
// startMITMIfConfigured brings up the cloudproxy MITM listener when an
|
|
// address is configured, treating any startup failure as non-fatal.
|
|
//
|
|
// The listener is opt-in middleware whose address is persisted in runtime
|
|
// settings (/api/settings → runtime_settings.json) and replayed on every
|
|
// boot. A bad value — e.g. a host the process can't bind, like a LAN IP
|
|
// inside a container — must NOT abort the whole server: doing so crash-loops
|
|
// with no way out, because the Settings UI used to correct the address can't
|
|
// load if startup never completes. So on failure we log loudly and carry on;
|
|
// the admin fixes the address via /api/settings, which calls RestartMITM.
|
|
func startMITMIfConfigured(app *Application, options *config.ApplicationConfig) {
|
|
if options.MITMListen == "" {
|
|
return
|
|
}
|
|
if err := startMITMProxy(app, options); err != nil {
|
|
xlog.Error("mitm: cloudproxy listener failed to start — continuing without it",
|
|
"listen", options.MITMListen,
|
|
"error", err,
|
|
"hint", "fix the address via Settings (e.g. \":8082\" to bind all interfaces) and the listener will restart",
|
|
)
|
|
}
|
|
}
|
|
|
|
func startMITMProxy(app *Application, options *config.ApplicationConfig) error {
|
|
app.mitmMutex.Lock()
|
|
defer app.mitmMutex.Unlock()
|
|
return startMITMLocked(app, options)
|
|
}
|
|
|
|
func startMITMLocked(app *Application, options *config.ApplicationConfig) error {
|
|
// Validate the host↔model-config 1-to-1 invariant before binding
|
|
// the listener. Two configs claiming the same host means the
|
|
// dispatcher would have ambiguous PII settings; refuse to start
|
|
// rather than silently picking one. The conflict map is published
|
|
// for /api/middleware/status to surface in the UI.
|
|
ownership := app.backendLoader.MITMHostOwners()
|
|
if len(ownership.Conflicts) > 0 {
|
|
conflicts := ownership.Conflicts
|
|
app.mitmHostConflicts.Store(&conflicts)
|
|
hosts := make([]string, 0, len(conflicts))
|
|
for h := range conflicts {
|
|
hosts = append(hosts, h)
|
|
}
|
|
sort.Strings(hosts)
|
|
xlog.Error("mitm: refusing to start — duplicate host claims across model configs",
|
|
"hosts", hosts,
|
|
"conflicts", conflicts,
|
|
)
|
|
return errors.New("mitm: configuration error: duplicate host claims (see /api/middleware/status)")
|
|
}
|
|
app.mitmHostConflicts.Store(nil)
|
|
|
|
caDir := options.MITMCADir
|
|
if caDir == "" {
|
|
base := options.DataPath
|
|
if base == "" {
|
|
base = "."
|
|
}
|
|
caDir = filepath.Join(base, "mitm-ca")
|
|
}
|
|
|
|
if app.mitmCA.Load() == nil {
|
|
ca, err := mitm.LoadOrCreateCA(caDir)
|
|
if err != nil {
|
|
return fmt.Errorf("ca: %w", err)
|
|
}
|
|
app.mitmCA.Store(ca)
|
|
}
|
|
|
|
// Allowlist is exactly the set of hosts claimed by model configs.
|
|
// No global list — admins add hosts by creating an MITM model
|
|
// config (template available in the Add Model UI). When no config
|
|
// claims any host, the listener still starts but every CONNECT
|
|
// tunnels through unmodified.
|
|
effectiveHosts := make([]string, 0, len(ownership.Owners))
|
|
for h := range ownership.Owners {
|
|
effectiveHosts = append(effectiveHosts, h)
|
|
}
|
|
sort.Strings(effectiveHosts)
|
|
|
|
// Per-host PII gate inherits from the owning model's pii.enabled.
|
|
// A non-cloud-proxy backend with no explicit pii.enabled resolves
|
|
// to false → host is intercepted but the regex pass is skipped
|
|
// (audit events still record).
|
|
var piiDisabled []string
|
|
for host, modelName := range ownership.Owners {
|
|
cfg, exists := app.backendLoader.GetModelConfig(modelName)
|
|
if !exists {
|
|
continue
|
|
}
|
|
if !cfg.PIIIsEnabled() {
|
|
piiDisabled = append(piiDisabled, host)
|
|
}
|
|
}
|
|
|
|
handler := mitm.NewPIIHandler(mitm.PIIHandlerOptions{
|
|
Redactor: app.piiRedactor,
|
|
EventStore: app.piiEvents,
|
|
HostsWithPIIDisabled: piiDisabled,
|
|
})
|
|
|
|
srv, err := mitm.NewServer(mitm.Config{
|
|
Addr: options.MITMListen,
|
|
CA: app.mitmCA.Load(),
|
|
InterceptHosts: effectiveHosts,
|
|
Handler: handler,
|
|
EventStore: app.piiEvents,
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("server: %w", err)
|
|
}
|
|
if err := srv.Start(); err != nil {
|
|
return fmt.Errorf("listen: %w", err)
|
|
}
|
|
app.mitmServer.Store(srv)
|
|
|
|
xlog.Info("mitm: cloudproxy listener started",
|
|
"addr", srv.Addr(),
|
|
"ca_dir", caDir,
|
|
"intercept_hosts", effectiveHosts,
|
|
"model_owned_hosts", len(ownership.Owners),
|
|
"pii_disabled_hosts", len(piiDisabled),
|
|
)
|
|
return nil
|
|
}
|
|
|
|
// StopMITM is idempotent.
|
|
func (a *Application) StopMITM() error {
|
|
a.mitmMutex.Lock()
|
|
defer a.mitmMutex.Unlock()
|
|
stopMITMLocked(a)
|
|
return nil
|
|
}
|
|
|
|
// RestartMITM reuses the existing CA so trusted clients keep
|
|
// working across listener flips.
|
|
func (a *Application) RestartMITM() error {
|
|
a.mitmMutex.Lock()
|
|
defer a.mitmMutex.Unlock()
|
|
stopMITMLocked(a)
|
|
if a.applicationConfig.MITMListen == "" {
|
|
xlog.Info("mitm: cloudproxy listener stays disabled (no listen address)")
|
|
return nil
|
|
}
|
|
return startMITMLocked(a, a.applicationConfig)
|
|
}
|
|
|
|
func stopMITMLocked(a *Application) {
|
|
srv := a.mitmServer.Load()
|
|
if srv == nil {
|
|
return
|
|
}
|
|
srv.Stop()
|
|
a.mitmServer.Store(nil)
|
|
xlog.Info("mitm: cloudproxy listener stopped")
|
|
}
|