mirror/LocalAI
1
0
Fork 0
mirror of https://github.com/mudler/LocalAI.git synced 2026-06-19 14:19:16 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
f68edfc85ffc4492b493a9851d8ab896da1da14e
LocalAI/tests/e2e/cloud_proxy_helpers_test.go
Richard Palethorpe 3fa7b2955c feat(pii): NER tier engine — privacy-filter.cpp backend + NER-centric PII filter (#10360) 
Squashed feat/pii-ner-tier-engine rebased onto master (was 45 commits; see
backup/pii-ner-tier-engine-prerebase). Net change:

- privacy-filter.cpp: standalone GGML engine for the openai-privacy-filter
  PII/NER token classifier, wired as a LocalAI gRPC backend (CPU/CUDA/Vulkan).
  TokenClassify moves off the patched llama.cpp path onto this backend.
- PII filter reworked to be NER-centric (encoder/NER detection tier scanning
  whole conversations as one document), with a recreated bounded restricted-
  regex secret-matching pattern detector tier alongside it (per-model
  pii_detection.builtins / .patterns + core/services/routing/piipattern).
- Detection labelled by source (ner vs pattern); backend trace / confidence /
  debug observability; analyze/redact exposed as a synchronous API.
- Instance-wide default detector policy + per-usecase default-on; request
  filtering extended to completions, embeddings, edits & Ollama.
- React UI: NER-centric PII editor, detector-models table, pattern/builtins
  editor, middleware default-policy UI.
- Gallery: privacy-filter-multilingual token-classify model + NER install
  filter; token_classify known_usecase; batch sized to context for NER models.
  privacy-filter backend registered in the backend gallery (cpu/vulkan/cuda-13
  meta + image entries with a capabilities map) matching its CI matrix jobs,
  and an /import-model auto-detect importer (PrivacyFilterImporter, narrow
  privacy-filter GGUF detection) replacing the prior pref-only registration.

Reconciled against master's independent evolution:

- Dropped master's PIIPatternOverrides feature (global-pattern runtime
  overrides + /api/pii/patterns API + runtime_settings.json persistence). The
  per-model NER + pattern-detector design supersedes it; it was built on the
  global redactor pattern set this branch replaced.
- Reverted the llama.cpp Score carry-patch (0006-server-task-type-score):
  removed the patch and restored master's grpc-server.cpp Score RPC (direct
  llama_decode, slot-loop bypass) and LLAMA_VERSION pin, plus master's
  model_config validation forbidding score + chat/completion/embeddings on
  llama-cpp. token_classify is unaffected (it runs on the privacy-filter
  backend, not llama-cpp).

Assisted-by: Claude:claude-opus-4-8 [Claude Code]

Signed-off-by: Richard Palethorpe <io@richiejp.com>
2026-06-18 11:45:22 +01:00

195 lines
7.0 KiB
Go
Raw Blame History

package e2e_test
import (
"encoding/json"
"io"
"net/http"
"net/http/httptest"
"strings"
"sync"
"sync/atomic"
)
// upstreamRecorder captures whatever request the cloud-proxy backend
// forwarded to the fake upstream. Tests assert against the captured
// fields to prove the body / headers / model rewrite landed correctly.
type upstreamRecorder struct {
mu sync.Mutex
Method string
Path string
Header http.Header
Body []byte
RequestHits int32
}
func (r *upstreamRecorder) Hits() int {
return int(atomic.LoadInt32(&r.RequestHits))
}
func (r *upstreamRecorder) snapshot() (method, path string, hdr http.Header, body []byte) {
r.mu.Lock()
defer r.mu.Unlock()
// Clone header so the test can read after the next request lands.
cloned := http.Header{}
for k, v := range r.Header {
cloned[k] = append([]string{}, v...)
}
return r.Method, r.Path, cloned, append([]byte(nil), r.Body...)
}
// fakeOpenAIUpstreamServer stands up an httptest server that mimics
// OpenAI Chat Completions. The script chooses what to return per
// request — tests with different cases swap script via SetScript.
type fakeOpenAIUpstreamServer struct {
srv *httptest.Server
recorder upstreamRecorder
mu sync.Mutex
script func(req []byte) (status int, body string, contentType string)
}
func newFakeOpenAIUpstream() *fakeOpenAIUpstreamServer {
f := &fakeOpenAIUpstreamServer{}
f.SetScript(func([]byte) (int, string, string) {
// Default: a trivial non-streaming text reply, no tool calls.
return 200, `{"id":"chatcmpl-x","choices":[{"index":0,"message":{"role":"assistant","content":"hello from fake openai"},"finish_reason":"stop"}],"usage":{"prompt_tokens":3,"completion_tokens":5,"total_tokens":8}}`, "application/json"
})
f.srv = httptest.NewServer(http.HandlerFunc(f.serve))
return f
}
func (f *fakeOpenAIUpstreamServer) serve(w http.ResponseWriter, r *http.Request) {
atomic.AddInt32(&f.recorder.RequestHits, 1)
body, _ := io.ReadAll(r.Body)
f.recorder.mu.Lock()
f.recorder.Method = r.Method
f.recorder.Path = r.URL.Path
f.recorder.Header = r.Header.Clone()
f.recorder.Body = body
f.recorder.mu.Unlock()
f.mu.Lock()
script := f.script
f.mu.Unlock()
status, replyBody, contentType := script(body)
w.Header().Set("Content-Type", contentType)
w.WriteHeader(status)
_, _ = io.WriteString(w, replyBody)
}
func (f *fakeOpenAIUpstreamServer) URL() string { return f.srv.URL }
func (f *fakeOpenAIUpstreamServer) Close() { f.srv.Close() }
func (f *fakeOpenAIUpstreamServer) SetScript(script func(req []byte) (status int, body string, contentType string)) {
f.mu.Lock()
defer f.mu.Unlock()
f.script = script
}
// Snapshot returns the most-recently captured request data.
func (f *fakeOpenAIUpstreamServer) Snapshot() (method, path string, hdr http.Header, body []byte) {
return f.recorder.snapshot()
}
// DecodedBody returns the captured body parsed as a generic OpenAI
// request. Helper for tests that want to assert specific fields
// (e.g. model rewrite, stream flag) without re-parsing inline.
func (f *fakeOpenAIUpstreamServer) DecodedBody() map[string]any {
_, _, _, body := f.Snapshot()
var m map[string]any
_ = json.Unmarshal(body, &m)
return m
}
// fakeAnthropicUpstreamServer is the Anthropic counterpart.
type fakeAnthropicUpstreamServer struct {
srv *httptest.Server
recorder upstreamRecorder
mu sync.Mutex
script func(req []byte) (status int, body string, contentType string)
}
func newFakeAnthropicUpstream() *fakeAnthropicUpstreamServer {
f := &fakeAnthropicUpstreamServer{}
f.SetScript(func([]byte) (int, string, string) {
return 200, `{"id":"msg_x","type":"message","role":"assistant","content":[{"type":"text","text":"hello from fake anthropic"}],"model":"claude-fake","usage":{"input_tokens":3,"output_tokens":5}}`, "application/json"
})
f.srv = httptest.NewServer(http.HandlerFunc(f.serve))
return f
}
func (f *fakeAnthropicUpstreamServer) serve(w http.ResponseWriter, r *http.Request) {
atomic.AddInt32(&f.recorder.RequestHits, 1)
body, _ := io.ReadAll(r.Body)
f.recorder.mu.Lock()
f.recorder.Method = r.Method
f.recorder.Path = r.URL.Path
f.recorder.Header = r.Header.Clone()
f.recorder.Body = body
f.recorder.mu.Unlock()
f.mu.Lock()
script := f.script
f.mu.Unlock()
status, replyBody, contentType := script(body)
w.Header().Set("Content-Type", contentType)
w.WriteHeader(status)
_, _ = io.WriteString(w, replyBody)
}
func (f *fakeAnthropicUpstreamServer) URL() string { return f.srv.URL }
func (f *fakeAnthropicUpstreamServer) Close() { f.srv.Close() }
func (f *fakeAnthropicUpstreamServer) SetScript(script func(req []byte) (status int, body string, contentType string)) {
f.mu.Lock()
defer f.mu.Unlock()
f.script = script
}
func (f *fakeAnthropicUpstreamServer) Snapshot() (method, path string, hdr http.Header, body []byte) {
return f.recorder.snapshot()
}
func (f *fakeAnthropicUpstreamServer) DecodedBody() map[string]any {
_, _, _, body := f.Snapshot()
var m map[string]any
_ = json.Unmarshal(body, &m)
return m
}
// streamingOpenAIToolCallScript returns an SSE response that announces
// a single tool call broken across delta fragments. The wire shape
// matches what OpenAI actually emits; used to verify cloud-proxy
// translate-mode preserves tool calls through HTTP.
func streamingOpenAIToolCallScript() (status int, body string, contentType string) {
frames := []string{
`{"choices":[{"index":0,"delta":{"role":"assistant","tool_calls":[{"index":0,"id":"call_e2e","type":"function","function":{"name":"get_weather"}}]}}]}`,
`{"choices":[{"index":0,"delta":{"tool_calls":[{"index":0,"function":{"arguments":"{\"location\":\"SF\"}"}}]}}]}`,
`{"choices":[{"index":0,"delta":{},"finish_reason":"tool_calls"}]}`,
}
var b strings.Builder
for _, f := range frames {
b.WriteString("data: ")
b.WriteString(f)
b.WriteString("\n\n")
}
b.WriteString("data: [DONE]\n\n")
return 200, b.String(), "text/event-stream"
}
// nonStreamingOpenAIToolCallScript returns a non-streaming tool-call
// response with id/name/arguments fully populated.
func nonStreamingOpenAIToolCallScript() (status int, body string, contentType string) {
return 200, `{"id":"chatcmpl-y","choices":[{"index":0,"message":{"role":"assistant","content":"","tool_calls":[{"id":"call_lookup","type":"function","function":{"name":"lookup","arguments":"{\"q\":\"clouds\"}"}}]},"finish_reason":"tool_calls"}],"usage":{"prompt_tokens":12,"completion_tokens":7,"total_tokens":19}}`, "application/json"
}
// leakedAnthropicKey is a synthetic Anthropic API key (sk-ant-… shape) used by
// the translate-mode PII test: the client sends it inside a user message and
// the request-side pattern detector (anthropic_api_key builtin, which matches
// sk-ant-[A-Za-z0-9_-]{20,}) must catch it and block the request before the
// cloud-proxy forwards anything upstream. An email is deliberately not used —
// the pattern tier rejects open-ended shapes (that's the NER tier's job, and
// the NER model can't run in this hermetic suite).
const leakedAnthropicKey = "sk-ant-api03-ABCDEFGHIJKLMNOPQRSTUVWXYZ012345"
Reference in New Issue View Git Blame Copy Permalink