gateway icon indicating copy to clipboard operation
gateway copied to clipboard

Published 20 hours ago โ€ข verified publisher icon Portkey-AI

integration: Add integration with the Prompt Security GenAI security platform

Open lior-ps opened this issue 7 months ago โ€ข 0 comments

Code Quality new feature

Author Description

Add integration with the Prompt Security GenAI security platform

Summary By MatterAI

๐Ÿ”„ What Changed

This PR adds integration with the Prompt Security GenAI security platform to the Portkey Gateway. The integration includes two main functions: protectPrompt for validating user prompts before they are sent to LLMs, and protectResponse for validating LLM responses before they are returned to users. The implementation includes necessary handlers, tests, and configuration files.

๐Ÿ” Impact of the Change

This integration enhances the security capabilities of the Portkey Gateway by adding another guardrail option for users. It allows for detecting and preventing potential security issues in both prompts and responses, such as prompt injection attacks and sensitive information leakage.

๐Ÿ“ Total Files Changed

  • Added 5 new files for the Prompt Security integration
  • Modified 3 existing files to include the new integration
  • Total: 8 files changed with 209 additions and 2 deletions

๐Ÿงช Test Added

Yes, comprehensive tests have been added in promptsecurity.test.ts that verify both the protectPrompt and protectResponse handlers with valid and invalid inputs.

๐Ÿ”’ Security Vulnerabilities

No security vulnerabilities detected. The integration actually enhances the security posture of the application by adding additional guardrails.

Type of Change

  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [x] Documentation update
  • [ ] Refactoring (no functional changes)

How Has This Been Tested?

  • [x] Unit Tests
  • [ ] Integration Tests
  • [x] Manual Testing

Screenshots (if applicable)

N/A

Checklist

  • [x] My code follows the style guidelines of this project
  • [x] I have performed a self-review of my own code
  • [x] I have commented my code, particularly in hard-to-understand areas
  • [x] I have made corresponding changes to the documentation
  • [x] My changes generate no new warnings
  • [x] I have added tests that prove my fix is effective or that my feature works
  • [x] New and existing unit tests pass locally with my changes

Related Issues

N/A

Quality Recommendations

  1. Add error handling for network failures in the promptSecurityProtectApi function

  2. Consider adding timeout configuration for API requests to Prompt Security

  3. Add more comprehensive documentation for the integration in the code files

Sequence Diagram

sequenceDiagram
    participant Client
    participant Portkey Gateway
    participant PromptSecurity API
    participant LLM Provider
    
    Client->>Portkey Gateway: Send request with prompt
    Portkey Gateway->>PromptSecurity API: protectPrompt(prompt)
    Note over Portkey Gateway,PromptSecurity API: POST https://{apiDomain}/api/protect with APP-ID header
    PromptSecurity API-->>Portkey Gateway: Return verdict (passed/failed)
    
    alt Prompt passes security check
        Portkey Gateway->>LLM Provider: Forward prompt to LLM
        LLM Provider-->>Portkey Gateway: Return LLM response
        Portkey Gateway->>PromptSecurity API: protectResponse(response)
        PromptSecurity API-->>Portkey Gateway: Return verdict (passed/failed)
        
        alt Response passes security check
            Portkey Gateway-->>Client: Return LLM response
        else Response fails security check
            Portkey Gateway-->>Client: Return error or modified response
        end
    else Prompt fails security check
        Portkey Gateway-->>Client: Return error or rejection
    end

lior-ps avatar Apr 26 '25 14:04 lior-ps