From 2b24ea60f15ae6f16dd5a4d64b7b8bb989503c7f Mon Sep 17 00:00:00 2001 From: Peli de Halleux Date: Thu, 30 Jan 2025 08:20:11 -0800 Subject: [PATCH 1/8] option to show server in vscode (#1070) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * command to show server terminal * feat: ♻️ add server status tracking and improve commands --- packages/vscode/package.json | 6 +++++ packages/vscode/src/extension.ts | 3 +++ packages/vscode/src/promptcommands.ts | 9 ++++++- packages/vscode/src/servermanager.ts | 35 +++++++++++++++++++-------- packages/vscode/src/statusbar.ts | 10 +++++--- 5 files changed, 49 insertions(+), 14 deletions(-) diff --git a/packages/vscode/package.json b/packages/vscode/package.json index 4288e92102..8f844eeb39 100644 --- a/packages/vscode/package.json +++ b/packages/vscode/package.json @@ -334,6 +334,12 @@ "category": "GenAIScript", "icon": "$(close)" }, + { + "command": "genaiscript.server.show", + "title": "Show GenAIScript server", + "category": "GenAIScript", + "icon": "$(terminal)" + }, { "command": "genaiscript.notebook.create", "title": "Create GenAIScript Mardown Notebook", diff --git a/packages/vscode/src/extension.ts b/packages/vscode/src/extension.ts index c2bdc10ee4..9b3ff658c6 100644 --- a/packages/vscode/src/extension.ts +++ b/packages/vscode/src/extension.ts @@ -46,6 +46,9 @@ export async function activate(context: ExtensionContext) { registerCommand("genaiscript.server.stop", async () => { await state.host.server.close() }), + registerCommand("genaiscript.server.show", async () => { + await state.host.server.show() + }), registerCommand("genaiscript.request.abort", async () => { await state.cancelAiRequest() await vscode.window.showInformationMessage( diff --git a/packages/vscode/src/promptcommands.ts b/packages/vscode/src/promptcommands.ts index 0677df451f..f4a5273a4b 100644 --- a/packages/vscode/src/promptcommands.ts +++ b/packages/vscode/src/promptcommands.ts @@ -83,6 +83,7 @@ export function commandButtons(state: ExtensionState) { const view = "View" const output = "Output" const trace = "Trace" + const show = "Show" const stop = "Stop" const cmds: { label: string; description?: string; cmd: string }[] = [] if (computing) cmds.push({ label: abort, cmd: "genaiscript.request.abort" }) @@ -101,12 +102,18 @@ export function commandButtons(state: ExtensionState) { description: "Inspect script execution and LLM response.", cmd: "genaiscript.request.open.trace", }) - if (state.host.server.started) + if (state.host.server.status !== "stopped") { + cmds.push({ + label: show, + description: "show GenAIScript server terminal", + cmd: "genaiscript.server.show", + }) cmds.push({ label: stop, description: "Stop GenAIScript server", cmd: "genaiscript.server.stop", }) + } return cmds } diff --git a/packages/vscode/src/servermanager.ts b/packages/vscode/src/servermanager.ts index 324daa1f46..02ff3571a3 100644 --- a/packages/vscode/src/servermanager.ts +++ b/packages/vscode/src/servermanager.ts @@ -41,6 +41,17 @@ export class TerminalServerManager private _startClientPromise: Promise private _client: VsCodeClient + private _status: "stopped" | "stopping" | "starting" | "running" = "stopped" + get status() { + return this._status + } + private set status(value: "stopped" | "stopping" | "starting" | "running") { + if (this._status !== value) { + this._status = value + this.dispatchChange() + } + } + constructor(readonly state: ExtensionState) { super() const { context } = state @@ -160,13 +171,14 @@ export class TerminalServerManager }) await this.start() this._startClientPromise = undefined - this.dispatchChange() + this.status = "running" return this._client } async start() { if (this._terminal) return + this.status = "starting" const config = this.state.getConfiguration() const diagnostics = this.state.diagnostics const hideFromUser = !diagnostics && !!config.get("hideServerTerminal") @@ -194,18 +206,22 @@ export class TerminalServerManager this._terminal.sendText( `npx --yes ${TOOL_ID}@${cliVersion} serve --port ${this._port} --dispatch-progress --cors "*"` ) - if (!hideFromUser) this._terminal.show() - this.dispatchChange() + if (!hideFromUser) this._terminal.show(true) } - get started() { - return !!this._terminal + async close() { + try { + this.status = "stopping" + this._startClientPromise = undefined + this._client?.kill() + this.closeTerminal() + } finally { + this.status = "stopped" + } } - async close() { - this._startClientPromise = undefined - this._client?.kill() - this.closeTerminal() + show(preserveFocus?: boolean) { + this._terminal?.show(preserveFocus) } private closeTerminal() { @@ -215,7 +231,6 @@ export class TerminalServerManager this._client = undefined this._startClientPromise = undefined if (!this.state.diagnostics) t?.dispose() - this.dispatchChange() } dispose(): any { diff --git a/packages/vscode/src/statusbar.ts b/packages/vscode/src/statusbar.ts index 8747e3385e..9354bd2393 100644 --- a/packages/vscode/src/statusbar.ts +++ b/packages/vscode/src/statusbar.ts @@ -15,12 +15,16 @@ export function activateStatusBar(state: ExtensionState) { const updateStatusBar = async () => { const { parsing, aiRequest, languageChatModels, host } = state const { server } = host + const { status } = server const { computing, progress, options } = aiRequest || {} const { template, fragment } = options || {} const { tokensSoFar } = progress || {} statusBarItem.text = toStringList( `${ - parsing || (computing && !tokensSoFar) + parsing || + status === "starting" || + status === "stopping" || + (computing && !tokensSoFar) ? `$(loading~spin)` : `$(${ICON_LOGO_NAME})` }${tokensSoFar ? ` ${tokensSoFar} tokens` : ""}` @@ -28,9 +32,9 @@ export function activateStatusBar(state: ExtensionState) { const md = new vscode.MarkdownString( toMarkdownString( - server.started + status === "running" ? `server: [${server.authority}](${server.browserUrl})` - : "server: off", + : `server: ${status}`, fragment?.files?.[0], template ? `- tool: ${template.title} (${template.id})` From 87d4b7dbb40ef8fbb07a0ee0150f8aaaabb8807f Mon Sep 17 00:00:00 2001 From: Peli de Halleux Date: Thu, 30 Jan 2025 08:20:23 -0800 Subject: [PATCH 2/8] delay import inquirer prompts (#1069) --- package.json | 2 +- packages/cli/package.json | 6 +- packages/cli/src/input.ts | 3 + yarn.lock | 192 +++++++++++++++++++------------------- 4 files changed, 103 insertions(+), 100 deletions(-) diff --git a/package.json b/package.json index dab13de257..ecb4e4b812 100644 --- a/package.json +++ b/package.json @@ -99,7 +99,7 @@ } }, "devDependencies": { - "@inquirer/prompts": "^7.2.3", + "@inquirer/prompts": "^7.2.4", "glob": "^11.0.1", "npm-check-updates": "^17.1.14", "npm-run-all": "^4.1.5", diff --git a/packages/cli/package.json b/packages/cli/package.json index f8b1595257..2dd8bd82fb 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -52,7 +52,7 @@ "@anthropic-ai/bedrock-sdk": "^0.12.4", "@anthropic-ai/sdk": "^0.36.3", "@azure/identity": "^4.6.0", - "@inquirer/prompts": "^7.2.3", + "@inquirer/prompts": "^7.2.4", "@modelcontextprotocol/sdk": "^1.4.1", "@octokit/plugin-paginate-rest": "^11.3.6", "@octokit/plugin-retry": "^7.1.2", @@ -124,9 +124,9 @@ "compile:runtime:code": "tsc src/runtime.ts --skipLibCheck --outDir built --target es2020 --moduleResolution node --module esnext --removeComments true", "compile:runtime": "yarn compile:runtime:declarations && yarn compile:runtime:code && mv built/runtime.js built/runtime.mjs", "compile:api": "esbuild src/api.ts --outfile=built/api.mjs", - "compile:cli": "esbuild src/main.ts --metafile=./esbuild.meta.json --bundle --platform=node --target=node20 --outfile=built/genaiscript.cjs --external:tsx --external:esbuild --external:get-tsconfig --external:resolve-pkg-maps --external:dockerode --external:pdfjs-dist --external:web-tree-sitter --external:tree-sitter-wasms --external:promptfoo --external:typescript --external:@lvce-editor/ripgrep --external:gpt-3-encoder --external:mammoth --external:xlsx --external:mathjs --external:@azure/identity --external:gpt-tokenizer --external:playwright --external:@inquirer/prompts --external:jimp --external:turndown --external:turndown-plugin-gfm --external:vectra --external:tabletojson --external:html-to-text --external:@octokit/rest --external:@octokit/plugin-throttling --external:@octokit/plugin-retry --external:@octokit/plugin-paginate-rest --external:skia-canvas --external:@huggingface/transformers --external:@modelcontextprotocol/sdk --external:@anthropic-ai/sdk --external:@anthropic-ai/bedrock-sdk --external:es-toolkit --external:zod --external:zod-to-json-schema --external:fluent-ffmpeg --external:json-schema-generator && node ../../scripts/patch-cli.mjs", + "compile:cli": "esbuild src/main.ts --metafile=./esbuild.meta.json --bundle --platform=node --target=node20 --outfile=built/genaiscript.cjs --external:tsx --external:esbuild --external:get-tsconfig --external:resolve-pkg-maps --external:dockerode --external:pdfjs-dist --external:web-tree-sitter --external:tree-sitter-wasms --external:promptfoo --external:typescript --external:@lvce-editor/ripgrep --external:gpt-3-encoder --external:mammoth --external:xlsx --external:mathjs --external:@azure/identity --external:gpt-tokenizer --external:playwright --external:@inquirer/prompts --external:jimp --external:turndown --external:turndown-plugin-gfm --external:vectra --external:tabletojson --external:html-to-text --external:@octokit/rest --external:@octokit/plugin-throttling --external:@octokit/plugin-retry --external:@octokit/plugin-paginate-rest --external:skia-canvas --external:@huggingface/transformers --external:@modelcontextprotocol/sdk --external:@anthropic-ai/sdk --external:@anthropic-ai/bedrock-sdk --external:es-toolkit --external:zod --external:zod-to-json-schema --external:fluent-ffmpeg --external:json-schema-generator --external:@inquirer/prompts && node ../../scripts/patch-cli.mjs", "compile": "yarn compile:api && yarn compile:runtime && yarn compile:cli", - "compile-debug": "esbuild src/main.ts --sourcemap --metafile=./esbuild.meta.json --bundle --platform=node --target=node20 --outfile=built/genaiscript.cjs --external:tsx --external:esbuild --external:get-tsconfig --external:resolve-pkg-maps --external:dockerode --external:pdfjs-dist --external:web-tree-sitter --external:tree-sitter-wasms --external:promptfoo --external:typescript --external:@lvce-editor/ripgrep --external:gpt-3-encoder --external:mammoth --external:xlsx --external:mathjs --external:@azure/identity --external:gpt-tokenizer --external:playwright --external:@inquirer/prompts --external:jimp --external:turndown --external:turndown-plugin-gfm --external:vectra --external:tabletojson --external:html-to-text --external:@octokit/rest --external:@octokit/plugin-throttling --external:@octokit/plugin-retry --external:@octokit/plugin-paginate-rest --external:skia-canvas --external:@huggingface/transformers --external:@modelcontextprotocol/sdk --external:@anthropic-ai/sdk --external:@anthropic-ai/bedrock-sdk --external:es-toolkit --external:zod --external:zod-to-json-schema --external:fluent-ffmpeg --external:json-schema-generator", + "compile-debug": "esbuild src/main.ts --sourcemap --metafile=./esbuild.meta.json --bundle --platform=node --target=node20 --outfile=built/genaiscript.cjs --external:tsx --external:esbuild --external:get-tsconfig --external:resolve-pkg-maps --external:dockerode --external:pdfjs-dist --external:web-tree-sitter --external:tree-sitter-wasms --external:promptfoo --external:typescript --external:@lvce-editor/ripgrep --external:gpt-3-encoder --external:mammoth --external:xlsx --external:mathjs --external:@azure/identity --external:gpt-tokenizer --external:playwright --external:@inquirer/prompts --external:jimp --external:turndown --external:turndown-plugin-gfm --external:vectra --external:tabletojson --external:html-to-text --external:@octokit/rest --external:@octokit/plugin-throttling --external:@octokit/plugin-retry --external:@octokit/plugin-paginate-rest --external:skia-canvas --external:@huggingface/transformers --external:@modelcontextprotocol/sdk --external:@anthropic-ai/sdk --external:@anthropic-ai/bedrock-sdk --external:es-toolkit --external:zod --external:zod-to-json-schema --external:fluent-ffmpeg --external:json-schema-generator --external:@inquirer/prompts", "postcompile": "node built/genaiscript.cjs info help > ../../docs/src/content/docs/reference/cli/commands.md", "vis:treemap": "npx --yes esbuild-visualizer --metadata esbuild.meta.json --filename esbuild.treemap.html", "vis:network": "npx --yes esbuild-visualizer --metadata esbuild.meta.json --filename esbuild.network.html --template network", diff --git a/packages/cli/src/input.ts b/packages/cli/src/input.ts index b1fc2be939..8dd845f3c2 100644 --- a/packages/cli/src/input.ts +++ b/packages/cli/src/input.ts @@ -17,6 +17,7 @@ export async function shellSelect( choices: string[], options?: ShellSelectOptions ): Promise { + const { select } = await import("@inquirer/prompts") const res = await select({ ...(options || {}), // Spread operator to include any optional configurations message, // The message/question to display @@ -35,6 +36,7 @@ export async function shellInput( message: string, options?: ShellInputOptions ): Promise { + const { input } = await import("@inquirer/prompts") const res = await input({ ...(options || {}), // Include optional configurations if any message, // The message to display to the user @@ -52,6 +54,7 @@ export async function shellConfirm( message: string, options?: ShellConfirmOptions ): Promise { + const { confirm } = await import("@inquirer/prompts") const res = await confirm({ ...(options || {}), // Include optional configurations if any message, // The message to display, usually a yes/no question diff --git a/yarn.lock b/yarn.lock index 55e8aaffe0..a705e25e44 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1286,138 +1286,137 @@ resolved "https://registry.yarnpkg.com/@img/sharp-win32-x64/-/sharp-win32-x64-0.33.5.tgz#56f00962ff0c4e0eb93d34a047d29fa995e3e342" integrity sha512-MpY/o8/8kj+EcnxwvrP4aTJSWw/aZ7JIGR4aBeZkZw5B7/Jn+tY9/VNwtcoGmdT7GfggGIU4kygOMSbYnOrAbg== -"@inquirer/checkbox@^4.0.6": - version "4.0.6" - resolved "https://registry.yarnpkg.com/@inquirer/checkbox/-/checkbox-4.0.6.tgz#e71401a7e1900332f17ed68c172a89fe20225f49" - integrity sha512-PgP35JfmGjHU0LSXOyRew0zHuA9N6OJwOlos1fZ20b7j8ISeAdib3L+n0jIxBtX958UeEpte6xhG/gxJ5iUqMw== - dependencies: - "@inquirer/core" "^10.1.4" - "@inquirer/figures" "^1.0.9" - "@inquirer/type" "^3.0.2" +"@inquirer/checkbox@^4.0.7": + version "4.0.7" + resolved "https://registry.yarnpkg.com/@inquirer/checkbox/-/checkbox-4.0.7.tgz#4c11322ab932765cace50d163eea73002dd76432" + integrity sha512-lyoF4uYdBBTnqeB1gjPdYkiQ++fz/iYKaP9DON1ZGlldkvAEJsjaOBRdbl5UW1pOSslBRd701jxhAG0MlhHd2w== + dependencies: + "@inquirer/core" "^10.1.5" + "@inquirer/figures" "^1.0.10" + "@inquirer/type" "^3.0.3" ansi-escapes "^4.3.2" yoctocolors-cjs "^2.1.2" -"@inquirer/confirm@^5.1.3": - version "5.1.3" - resolved "https://registry.yarnpkg.com/@inquirer/confirm/-/confirm-5.1.3.tgz#c1ad57663f54758981811ccb86f823072ddf5c1a" - integrity sha512-fuF9laMmHoOgWapF9h9hv6opA5WvmGFHsTYGCmuFxcghIhEhb3dN0CdQR4BUMqa2H506NCj8cGX4jwMsE4t6dA== +"@inquirer/confirm@^5.1.4": + version "5.1.4" + resolved "https://registry.yarnpkg.com/@inquirer/confirm/-/confirm-5.1.4.tgz#3e2c9bfdf80331676196d8dbb2261103a67d0e9d" + integrity sha512-EsiT7K4beM5fN5Mz6j866EFA9+v9d5o9VUra3hrg8zY4GHmCS8b616FErbdo5eyKoVotBQkHzMIeeKYsKDStDw== dependencies: - "@inquirer/core" "^10.1.4" - "@inquirer/type" "^3.0.2" + "@inquirer/core" "^10.1.5" + "@inquirer/type" "^3.0.3" -"@inquirer/core@^10.1.4": - version "10.1.4" - resolved "https://registry.yarnpkg.com/@inquirer/core/-/core-10.1.4.tgz#02394e68d894021935caca0d10fc68fd4f3a3ead" - integrity sha512-5y4/PUJVnRb4bwWY67KLdebWOhOc7xj5IP2J80oWXa64mVag24rwQ1VAdnj7/eDY/odhguW0zQ1Mp1pj6fO/2w== +"@inquirer/core@^10.1.5": + version "10.1.5" + resolved "https://registry.yarnpkg.com/@inquirer/core/-/core-10.1.5.tgz#7271c177340f77c2e231704227704d8cdf497747" + integrity sha512-/vyCWhET0ktav/mUeBqJRYTwmjFPIKPRYb3COAw7qORULgipGSUO2vL32lQKki3UxDKJ8BvuEbokaoyCA6YlWw== dependencies: - "@inquirer/figures" "^1.0.9" - "@inquirer/type" "^3.0.2" + "@inquirer/figures" "^1.0.10" + "@inquirer/type" "^3.0.3" ansi-escapes "^4.3.2" cli-width "^4.1.0" mute-stream "^2.0.0" signal-exit "^4.1.0" - strip-ansi "^6.0.1" wrap-ansi "^6.2.0" yoctocolors-cjs "^2.1.2" -"@inquirer/editor@^4.2.3": - version "4.2.3" - resolved "https://registry.yarnpkg.com/@inquirer/editor/-/editor-4.2.3.tgz#0858adcd07d9607b0614778eaa5ce8a83871c367" - integrity sha512-S9KnIOJuTZpb9upeRSBBhoDZv7aSV3pG9TECrBj0f+ZsFwccz886hzKBrChGrXMJwd4NKY+pOA9Vy72uqnd6Eg== +"@inquirer/editor@^4.2.4": + version "4.2.4" + resolved "https://registry.yarnpkg.com/@inquirer/editor/-/editor-4.2.4.tgz#1b2b6c0088c80375df1d7d2de89c30088b2bfe29" + integrity sha512-S8b6+K9PLzxiFGGc02m4syhEu5JsH0BukzRsuZ+tpjJ5aDsDX1WfNfOil2fmsO36Y1RMcpJGxlfQ1yh4WfU28Q== dependencies: - "@inquirer/core" "^10.1.4" - "@inquirer/type" "^3.0.2" + "@inquirer/core" "^10.1.5" + "@inquirer/type" "^3.0.3" external-editor "^3.1.0" -"@inquirer/expand@^4.0.6": - version "4.0.6" - resolved "https://registry.yarnpkg.com/@inquirer/expand/-/expand-4.0.6.tgz#8676e6049c6114fb306df23358375bd84fa1c92c" - integrity sha512-TRTfi1mv1GeIZGyi9PQmvAaH65ZlG4/FACq6wSzs7Vvf1z5dnNWsAAXBjWMHt76l+1hUY8teIqJFrWBk5N6gsg== +"@inquirer/expand@^4.0.7": + version "4.0.7" + resolved "https://registry.yarnpkg.com/@inquirer/expand/-/expand-4.0.7.tgz#352e05407e72e2f079e5affe032cc77c93ff7501" + integrity sha512-PsUQ5t7r+DPjW0VVEHzssOTBM2UPHnvBNse7hzuki7f6ekRL94drjjfBLrGEDe7cgj3pguufy/cuFwMeWUWHXw== dependencies: - "@inquirer/core" "^10.1.4" - "@inquirer/type" "^3.0.2" + "@inquirer/core" "^10.1.5" + "@inquirer/type" "^3.0.3" yoctocolors-cjs "^2.1.2" -"@inquirer/figures@^1.0.9": - version "1.0.9" - resolved "https://registry.yarnpkg.com/@inquirer/figures/-/figures-1.0.9.tgz#9d8128f8274cde4ca009ca8547337cab3f37a4a3" - integrity sha512-BXvGj0ehzrngHTPTDqUoDT3NXL8U0RxUk2zJm2A66RhCEIWdtU1v6GuUqNAgArW4PQ9CinqIWyHdQgdwOj06zQ== +"@inquirer/figures@^1.0.10": + version "1.0.10" + resolved "https://registry.yarnpkg.com/@inquirer/figures/-/figures-1.0.10.tgz#e3676a51c9c51aaabcd6ba18a28e82b98417db37" + integrity sha512-Ey6176gZmeqZuY/W/nZiUyvmb1/qInjcpiZjXWi6nON+nxJpD1bxtSoBxNliGISae32n6OwbY+TSXPZ1CfS4bw== -"@inquirer/input@^4.1.3": - version "4.1.3" - resolved "https://registry.yarnpkg.com/@inquirer/input/-/input-4.1.3.tgz#fa0ea9a392b2ec4ddd763c504d0b0c8839a48fe2" - integrity sha512-zeo++6f7hxaEe7OjtMzdGZPHiawsfmCZxWB9X1NpmYgbeoyerIbWemvlBxxl+sQIlHC0WuSAG19ibMq3gbhaqQ== +"@inquirer/input@^4.1.4": + version "4.1.4" + resolved "https://registry.yarnpkg.com/@inquirer/input/-/input-4.1.4.tgz#10080f9a4b258c3d3a066488804bfb4caf5529fc" + integrity sha512-CKKF8otRBdIaVnRxkFLs00VNA9HWlEh3x4SqUfC3A8819TeOZpTYG/p+4Nqu3hh97G+A0lxkOZNYE7KISgU8BA== dependencies: - "@inquirer/core" "^10.1.4" - "@inquirer/type" "^3.0.2" + "@inquirer/core" "^10.1.5" + "@inquirer/type" "^3.0.3" -"@inquirer/number@^3.0.6": - version "3.0.6" - resolved "https://registry.yarnpkg.com/@inquirer/number/-/number-3.0.6.tgz#19bba46725df194bdd907762cf432a37e053b300" - integrity sha512-xO07lftUHk1rs1gR0KbqB+LJPhkUNkyzV/KhH+937hdkMazmAYHLm1OIrNKpPelppeV1FgWrgFDjdUD8mM+XUg== +"@inquirer/number@^3.0.7": + version "3.0.7" + resolved "https://registry.yarnpkg.com/@inquirer/number/-/number-3.0.7.tgz#50bc394cda68205025e098b0cdec716f6d100e56" + integrity sha512-uU2nmXGC0kD8+BLgwZqcgBD1jcw2XFww2GmtP6b4504DkOp+fFAhydt7JzRR1TAI2dmj175p4SZB0lxVssNreA== dependencies: - "@inquirer/core" "^10.1.4" - "@inquirer/type" "^3.0.2" + "@inquirer/core" "^10.1.5" + "@inquirer/type" "^3.0.3" -"@inquirer/password@^4.0.6": - version "4.0.6" - resolved "https://registry.yarnpkg.com/@inquirer/password/-/password-4.0.6.tgz#4bbee12fe7cd1d37435401098c296ddc4586861b" - integrity sha512-QLF0HmMpHZPPMp10WGXh6F+ZPvzWE7LX6rNoccdktv/Rov0B+0f+eyXkAcgqy5cH9V+WSpbLxu2lo3ysEVK91w== +"@inquirer/password@^4.0.7": + version "4.0.7" + resolved "https://registry.yarnpkg.com/@inquirer/password/-/password-4.0.7.tgz#28a908185da7d65cf24b0e8e44c7ecc73b703889" + integrity sha512-DFpqWLx+C5GV5zeFWuxwDYaeYnTWYphO07pQ2VnP403RIqRIpwBG0ATWf7pF+3IDbaXEtWatCJWxyDrJ+rkj2A== dependencies: - "@inquirer/core" "^10.1.4" - "@inquirer/type" "^3.0.2" + "@inquirer/core" "^10.1.5" + "@inquirer/type" "^3.0.3" ansi-escapes "^4.3.2" -"@inquirer/prompts@^7.2.3": - version "7.2.3" - resolved "https://registry.yarnpkg.com/@inquirer/prompts/-/prompts-7.2.3.tgz#8a0d7cb5310d429bf815d25bbff108375fc6315b" - integrity sha512-hzfnm3uOoDySDXfDNOm9usOuYIaQvTgKp/13l1uJoe6UNY+Zpcn2RYt0jXz3yA+yemGHvDOxVzqWl3S5sQq53Q== - dependencies: - "@inquirer/checkbox" "^4.0.6" - "@inquirer/confirm" "^5.1.3" - "@inquirer/editor" "^4.2.3" - "@inquirer/expand" "^4.0.6" - "@inquirer/input" "^4.1.3" - "@inquirer/number" "^3.0.6" - "@inquirer/password" "^4.0.6" - "@inquirer/rawlist" "^4.0.6" - "@inquirer/search" "^3.0.6" - "@inquirer/select" "^4.0.6" - -"@inquirer/rawlist@^4.0.6": - version "4.0.6" - resolved "https://registry.yarnpkg.com/@inquirer/rawlist/-/rawlist-4.0.6.tgz#b55d5828d850f07bc6792bbce3b2a963e33b3ef5" - integrity sha512-QoE4s1SsIPx27FO4L1b1mUjVcoHm1pWE/oCmm4z/Hl+V1Aw5IXl8FYYzGmfXaBT0l/sWr49XmNSiq7kg3Kd/Lg== - dependencies: - "@inquirer/core" "^10.1.4" - "@inquirer/type" "^3.0.2" +"@inquirer/prompts@^7.2.4": + version "7.2.4" + resolved "https://registry.yarnpkg.com/@inquirer/prompts/-/prompts-7.2.4.tgz#115f3a8ed1f9c6726e18cd797aecec8ca32629ec" + integrity sha512-Zn2XZL2VZl76pllUjeDnS6Poz2Oiv9kmAZdSZw1oFya985+/JXZ3GZ2JUWDokAPDhvuhkv9qz0Z7z/U80G8ztA== + dependencies: + "@inquirer/checkbox" "^4.0.7" + "@inquirer/confirm" "^5.1.4" + "@inquirer/editor" "^4.2.4" + "@inquirer/expand" "^4.0.7" + "@inquirer/input" "^4.1.4" + "@inquirer/number" "^3.0.7" + "@inquirer/password" "^4.0.7" + "@inquirer/rawlist" "^4.0.7" + "@inquirer/search" "^3.0.7" + "@inquirer/select" "^4.0.7" + +"@inquirer/rawlist@^4.0.7": + version "4.0.7" + resolved "https://registry.yarnpkg.com/@inquirer/rawlist/-/rawlist-4.0.7.tgz#b6c710a6a1c3dc8891b313d1b901367b4fc0df31" + integrity sha512-ZeBca+JCCtEIwQMvhuROT6rgFQWWvAImdQmIIP3XoyDFjrp2E0gZlEn65sWIoR6pP2EatYK96pvx0887OATWQQ== + dependencies: + "@inquirer/core" "^10.1.5" + "@inquirer/type" "^3.0.3" yoctocolors-cjs "^2.1.2" -"@inquirer/search@^3.0.6": - version "3.0.6" - resolved "https://registry.yarnpkg.com/@inquirer/search/-/search-3.0.6.tgz#5537e3f46b7d31ab65ca22b831cf546f88db1d5b" - integrity sha512-eFZ2hiAq0bZcFPuFFBmZEtXU1EarHLigE+ENCtpO+37NHCl4+Yokq1P/d09kUblObaikwfo97w+0FtG/EXl5Ng== +"@inquirer/search@^3.0.7": + version "3.0.7" + resolved "https://registry.yarnpkg.com/@inquirer/search/-/search-3.0.7.tgz#78ec82bc0597fb27ac6bf306e4602e607a06a0b3" + integrity sha512-Krq925SDoLh9AWSNee8mbSIysgyWtcPnSAp5YtPBGCQ+OCO+5KGC8FwLpyxl8wZ2YAov/8Tp21stTRK/fw5SGg== dependencies: - "@inquirer/core" "^10.1.4" - "@inquirer/figures" "^1.0.9" - "@inquirer/type" "^3.0.2" + "@inquirer/core" "^10.1.5" + "@inquirer/figures" "^1.0.10" + "@inquirer/type" "^3.0.3" yoctocolors-cjs "^2.1.2" -"@inquirer/select@^4.0.6": - version "4.0.6" - resolved "https://registry.yarnpkg.com/@inquirer/select/-/select-4.0.6.tgz#3062c02c82f7bbe238972672def6d8394732bb2b" - integrity sha512-yANzIiNZ8fhMm4NORm+a74+KFYHmf7BZphSOBovIzYPVLquseTGEkU5l2UTnBOf5k0VLmTgPighNDLE9QtbViQ== +"@inquirer/select@^4.0.7": + version "4.0.7" + resolved "https://registry.yarnpkg.com/@inquirer/select/-/select-4.0.7.tgz#cea50dc7a00e749386d23ac42487dd62f7379d84" + integrity sha512-ejGBMDSD+Iqk60u5t0Zf2UQhGlJWDM78Ep70XpNufIfc+f4VOTeybYKXu9pDjz87FkRzLiVsGpQG2SzuGlhaJw== dependencies: - "@inquirer/core" "^10.1.4" - "@inquirer/figures" "^1.0.9" - "@inquirer/type" "^3.0.2" + "@inquirer/core" "^10.1.5" + "@inquirer/figures" "^1.0.10" + "@inquirer/type" "^3.0.3" ansi-escapes "^4.3.2" yoctocolors-cjs "^2.1.2" -"@inquirer/type@^3.0.2": - version "3.0.2" - resolved "https://registry.yarnpkg.com/@inquirer/type/-/type-3.0.2.tgz#baff9f8d70947181deb36772cd9a5b6876d3e60c" - integrity sha512-ZhQ4TvhwHZF+lGhQ2O/rsjo80XoZR5/5qhOY3t6FJuX5XBg5Be8YzYTvaUGJnc12AUGI2nr4QSUE4PhKSigx7g== +"@inquirer/type@^3.0.3": + version "3.0.3" + resolved "https://registry.yarnpkg.com/@inquirer/type/-/type-3.0.3.tgz#aa9cb38568f23f772b417c972f6a2d906647a6af" + integrity sha512-I4VIHFxUuY1bshGbXZTxCmhwaaEst9s/lll3ekok+o1Z26/ZUKdx8y1b7lsoG6rtsBDwEGfiBJ2SfirjoISLpg== "@isaacs/cliui@^8.0.2": version "8.0.2" @@ -10716,6 +10715,7 @@ xdg-basedir@^5.1.0: "xlsx@https://cdn.sheetjs.com/xlsx-0.20.2/xlsx-0.20.2.tgz": version "0.20.2" + uid "0f64eeed3f1a46e64724620c3553f2dbd3cd2d7d" resolved "https://cdn.sheetjs.com/xlsx-0.20.2/xlsx-0.20.2.tgz#0f64eeed3f1a46e64724620c3553f2dbd3cd2d7d" xml-parse-from-string@^1.0.0: From a8d377818ec41731eb5299a1efabe29647c43fd5 Mon Sep 17 00:00:00 2001 From: Peli de Halleux Date: Thu, 30 Jan 2025 08:20:42 -0800 Subject: [PATCH 3/8] secret scanner (#1068) * tiling info * basic secret scanning * add basic key * updated message * safety option * docs * docs * document removing secret scanners * add entry in readme * updated docs * add cli command --- README.md | 13 + docs/public/schemas/config.json | 15 +- docs/src/content/docs/index.mdx | 17 +- .../content/docs/reference/cli/commands.md | 15 + .../docs/reference/scripts/content-safety.mdx | 8 + .../content/docs/reference/scripts/images.md | 13 +- .../reference/scripts/secret-scanning.mdx | 77 ++++ .../content/docs/reference/scripts/system.mdx | 3 +- packages/cli/src/cli.ts | 6 + packages/cli/src/parse.ts | 18 + packages/core/src/config.json | 6 + packages/core/src/config.ts | 10 +- packages/core/src/expander.ts | 8 +- .../core/src/genaisrc/system.tools.genai.js | 3 +- packages/core/src/hostconfiguration.ts | 5 + packages/core/src/promptdom.ts | 21 +- packages/core/src/runpromptcontext.ts | 5 +- packages/core/src/secretscanner.ts | 37 ++ packages/core/src/systems.ts | 19 +- packages/core/src/template.ts | 352 +----------------- packages/core/src/types/prompt_template.d.ts | 11 + .../sample/genaisrc/secret-scanning.genai.mts | 3 + 22 files changed, 288 insertions(+), 377 deletions(-) create mode 100644 docs/src/content/docs/reference/scripts/secret-scanning.mdx create mode 100644 packages/core/src/config.json create mode 100644 packages/core/src/secretscanner.ts create mode 100644 packages/sample/genaisrc/secret-scanning.genai.mts diff --git a/README.md b/README.md index bdc6fa972f..f6f7ba4cb7 100644 --- a/README.md +++ b/README.md @@ -291,6 +291,19 @@ Write me a poem --- +### Pluggable Secret Scanning + +Scan your chats for secrets using [secret scanning](/genaiscript/reference/scripts/secret-scanning). + +```json +{ + "secretPatterns": { + ..., + "OpenAI API Key": "sk-[A-Za-z0-9]{32,48}" + } +} +``` + ### ⚙ Automate with CLI or API Automate using the [CLI](https://microsoft.github.io/genaiscript/reference/cli) or [API](https://microsoft.github.io/genaiscript/reference/cli/api). diff --git a/docs/public/schemas/config.json b/docs/public/schemas/config.json index 8af73697f7..64fbff600d 100644 --- a/docs/public/schemas/config.json +++ b/docs/public/schemas/config.json @@ -40,7 +40,7 @@ "modelAliases": { "type": "object", "patternProperties": { - "^[a-zA-Z0-9_:]+$": { + "^[a-zA-Z0-9_]+$": { "oneOf": [ { "type": "string", @@ -64,7 +64,18 @@ } }, "additionalProperties": true, - "description": "Aliases for model identifiers (provider:model:tag)" + "description": "Aliases for model identifiers (name)" + }, + "secretPatterns": { + "type": "object", + "patternProperties": { + "^[a-zA-Z0-9_:\\-\\. ]+$": { + "type": ["string", "null"], + "description": "Secret regex" + } + }, + "additionalProperties": true, + "description": "Secret scanners to use for scanning chat messages" } } } diff --git a/docs/src/content/docs/index.mdx b/docs/src/content/docs/index.mdx index 023ac8ee75..fe3026c5e5 100644 --- a/docs/src/content/docs/index.mdx +++ b/docs/src/content/docs/index.mdx @@ -360,7 +360,7 @@ to validate [content safety](/genaiscript/reference/scripts/content-safety). ```js wrap script({ ..., - system: ["system.safety_harmful_content", ...], + systemSafety: "default", contentSafety: "azure" // use azure content safety }) @@ -486,6 +486,21 @@ importTemplate("poem.prompty", { something: "code " }) + + +Scan your chats for secrets using [secret scanning](/genaiscript/reference/scripts/secret-scanning). + +```json title="genaiscript.config.json" +{ + "secretPatterns": { + ..., + "OpenAI API Key": "sk-[A-Za-z0-9]{32,48}" + } +} +``` + + + Automate using the [CLI](/genaiscript/reference/cli), diff --git a/docs/src/content/docs/reference/cli/commands.md b/docs/src/content/docs/reference/cli/commands.md index f6d8dde2cc..a12ecb4a20 100644 --- a/docs/src/content/docs/reference/cli/commands.md +++ b/docs/src/content/docs/reference/cli/commands.md @@ -452,6 +452,7 @@ Commands: jsonl2json Converts JSONL files to a JSON file prompty [options] Converts .prompty files to genaiscript jinja2 [options] Renders Jinj2 or prompty template + secrets Applies secret scanning and redaction to files ``` ### `parse data` @@ -578,6 +579,20 @@ Options: -h, --help display help for command ``` +### `parse secrets` + +``` +Usage: genaiscript parse secrets [options] + +Applies secret scanning and redaction to files + +Arguments: + file input files + +Options: + -h, --help display help for command +``` + ## `info` ``` diff --git a/docs/src/content/docs/reference/scripts/content-safety.mdx b/docs/src/content/docs/reference/scripts/content-safety.mdx index 121851a092..786ee867c6 100644 --- a/docs/src/content/docs/reference/scripts/content-safety.mdx +++ b/docs/src/content/docs/reference/scripts/content-safety.mdx @@ -16,6 +16,14 @@ The following safety prompts are included by default when running a prompt, unle - [system.safety_jailbreak](/genaiscript/reference/scripts/system#systemsafety_jailbreak), safety script to ignore prompting instructions in code sections, which are created by the `def` function. - [system.safety_protected_material](/genaiscript/reference/scripts/system#systemsafety_protected_material) safety prompt against Protected material. See https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/safety-system-message-templates +You can ensure those safety are always used by setting the `systemSafety` option to `default`. + +```js +script({ + systemSafety: "default", +}) +``` + Other system scripts can be added to the prompt by using the `system` option. - [system.safety_ungrounded_content_summarization](/genaiscript/reference/scripts/system#systemsafety_ungrounded_content_summarization) safety prompt against ungrounded content in summarization diff --git a/docs/src/content/docs/reference/scripts/images.md b/docs/src/content/docs/reference/scripts/images.md index d9e32ca0a9..d94d15de2e 100644 --- a/docs/src/content/docs/reference/scripts/images.md +++ b/docs/src/content/docs/reference/scripts/images.md @@ -30,7 +30,7 @@ Local files are loaded and encoded as a data uri. ## Buffer, Blob, ReadableStream -The `defImages` function also supports [Buffer](https://nodejs.org/api/buffer.html), +The `defImages` function also supports [Buffer](https://nodejs.org/api/buffer.html), [Blob](https://developer.mozilla.org/en-US/docs/Web/API/Blob), [ReadableStream](https://nodejs.org/api/stream.html). This example takes a screenshot of bing.com and adds it to the images. @@ -108,3 +108,14 @@ defImages(img, { maxWidth: 800 }) // and / or defImages(img, { maxHeight: 800 }) ``` + +## Tiling + +When you specify the `tiled: true` option, all the images will +be tiled in a single image, after all the transformations are applied. + +The resulting image will be further resized to fit into the maximum image size constraints. + +```js "tiled: true" +defImages(env.files, { details: "low", tiled: true }) +``` diff --git a/docs/src/content/docs/reference/scripts/secret-scanning.mdx b/docs/src/content/docs/reference/scripts/secret-scanning.mdx new file mode 100644 index 0000000000..03526a2e4a --- /dev/null +++ b/docs/src/content/docs/reference/scripts/secret-scanning.mdx @@ -0,0 +1,77 @@ +--- +title: Secret Scanning +sidebar: + order: 10 +--- + +One should not have secrets lying around in their codebase, but sometimes it happens. +To help you avoid this, we have a secret scanning feature that will scan your codebase for secrets +and warn you if any are found. + +:::note + +The secret scanning feature is by no means exhaustive and should not be relied upon as the sole +method of securing your codebase. It is a best-effort feature that will help you avoid common mistakes. + +::: + +## Supported patterns + +By default set of secret patterns +are defined at https://github.com/microsoft/genaiscript/tree/main/packages/core/src/config.json. + +:::cautio + +\is is not a complete list by design, and needs to be updated to match your needs. + +::: + +You can find examples of patterns at https://github.com/mazen160/secrets-patterns-db/. + +## Scanning messages + +By default, all messages sent to LLMs are scanned and redacted if they contain secrets. + +You can disable secret scanning alltogher by setting the `secretScanning` option to `false` in your script. + +```js +script({ + secretScanning: false, +}) +``` + +## Configuring patterns + +If you have a specific pattern that you want to scan for, you can configure it in your +[configuration file](/genaiscript/reference/scripts/configuration-files). + +```json title="genaiscript.config.json" +{ + "secretPatterns": { + ..., + "my secret pattern": "my-secret-pattern-regex" + } +} +``` + +- do not use `^` or `$` in your regex pattern + +### Disabling patterns + +Set the pattern key to `null` or `false` to disable it. + +```json title="genaiscript.config.json" +{ + "secretPatterns": { + "OpenAI API Key": null + } +} +``` + +## CLI + +You can test your patterns against files using the CLI. + +```sh +npx --yes genaiscript parse secrets * +``` diff --git a/docs/src/content/docs/reference/scripts/system.mdx b/docs/src/content/docs/reference/scripts/system.mdx index 90a55ba574..8eb55068d8 100644 --- a/docs/src/content/docs/reference/scripts/system.mdx +++ b/docs/src/content/docs/reference/scripts/system.mdx @@ -3463,7 +3463,8 @@ system({ title: "Tools support", }) -$`Use tools if possible. +$`## Tools +Use tools if possible. - **Do NOT invent function names**. - **Do NOT use function names starting with 'functions.'. - **Do NOT respond with multi_tool_use**.` diff --git a/packages/cli/src/cli.ts b/packages/cli/src/cli.ts index 8c9a51b3b0..b2a139e4b4 100644 --- a/packages/cli/src/cli.ts +++ b/packages/cli/src/cli.ts @@ -19,6 +19,7 @@ import { parseHTMLToText, parseJinja2, parsePDF, + parseSecrets, parseTokens, prompty2genaiscript, } from "./parse" // Parsing functions @@ -479,6 +480,11 @@ export async function cli() { "variables, as name=value passed to the template" ) .action(parseJinja2) + parser + .command("secrets") + .description("Applies secret scanning and redaction to files") + .argument("", "input files") + .action(parseSecrets) // Define 'info' command group for utility information tasks const info = program.command("info").description("Utility tasks") diff --git a/packages/cli/src/parse.ts b/packages/cli/src/parse.ts index 70926fbff6..eea2b66fe5 100644 --- a/packages/cli/src/parse.ts +++ b/packages/cli/src/parse.ts @@ -25,6 +25,7 @@ import { splitMarkdown } from "../../core/src/frontmatter" import { parseOptionsVars } from "./vars" import { dataTryParse } from "../../core/src/data" import { resolveFileContent } from "../../core/src/file" +import { redactSecrets } from "../../core/src/secretscanner" /** * This module provides various parsing utilities for different file types such @@ -215,3 +216,20 @@ export async function prompty2genaiscript( await writeText(gf, script) } } + +export async function parseSecrets(files: string[]) { + const fs = await expandFiles(files) + let n = 0 + for (const f of fs) { + const content = await readText(f) + const { found } = redactSecrets(content) + const entries = Object.entries(found) + if (entries.length) { + n++ + console.log( + `${f}: ${entries.map(([k, v]) => `${k} (${v})`).join(", ")}` + ) + } + } + if (n > 0) console.warn(`found secrets in ${n} of ${fs.length} files`) +} diff --git a/packages/core/src/config.json b/packages/core/src/config.json new file mode 100644 index 0000000000..c41ecec2ca --- /dev/null +++ b/packages/core/src/config.json @@ -0,0 +1,6 @@ +{ + "$schema": "../../../docs/public/schemas/config.json", + "secretPatterns": { + "OpenAI API Key": "sk-[A-Za-z0-9]{32,48}" + } +} diff --git a/packages/core/src/config.ts b/packages/core/src/config.ts index f56440eebe..4f0072a74e 100644 --- a/packages/core/src/config.ts +++ b/packages/core/src/config.ts @@ -17,6 +17,7 @@ import { resolveLanguageModel } from "./lm" import { deleteEmptyValues } from "./cleaners" import { errorMessage } from "./error" import schema from "../../../docs/public/schemas/config.json" +import defaultConfig from "./config.json" export async function resolveGlobalConfiguration( dotEnvPath?: string @@ -27,13 +28,14 @@ export async function resolveGlobalConfiguration( const exts = ["yml", "yaml", "json"] // import and merge global local files - let config: HostConfiguration = {} + let config: HostConfiguration = structuredClone(defaultConfig) + delete (config as any)["$schema"] for (const dir of dirs) { for (const ext of exts) { const filename = resolve(`${dir}/${TOOL_ID}.config.${ext}`) if (existsSync(filename)) { const fileContent = readFileSync(filename, "utf8") - const parsed = + const parsed: HostConfiguration = ext === "yml" || ext === "yaml" ? YAMLTryParse(fileContent) : JSON5TryParse(fileContent) @@ -63,6 +65,10 @@ export async function resolveGlobalConfiguration( config?.modelEncodings || {}, parsed?.modelEncodings || {} ), + secretScanners: structuralMerge( + config?.secretPatterns || {}, + parsed?.secretPatterns || {} + ), }) } } diff --git a/packages/core/src/expander.ts b/packages/core/src/expander.ts index 3542dbd236..15140d6272 100644 --- a/packages/core/src/expander.ts +++ b/packages/core/src/expander.ts @@ -17,10 +17,7 @@ import { import { createPromptContext } from "./promptcontext" import { evalPrompt } from "./evalprompt" import { renderAICI } from "./aici" -import { - addToolDefinitionsMessage, - appendSystemMessage, -} from "./chat" +import { addToolDefinitionsMessage, appendSystemMessage } from "./chat" import { importPrompt } from "./importprompt" import { parseModelIdentifier } from "./models" import { runtimeHost } from "./host" @@ -355,8 +352,7 @@ export async function expandTemplate( } const { responseType, responseSchema } = finalizeMessages(messages, { - responseType: template.responseType, - responseSchema: template.responseSchema, + ...template, fileOutputs, trace, }) diff --git a/packages/core/src/genaisrc/system.tools.genai.js b/packages/core/src/genaisrc/system.tools.genai.js index 6ee2b0dbcb..1ea066ac73 100644 --- a/packages/core/src/genaisrc/system.tools.genai.js +++ b/packages/core/src/genaisrc/system.tools.genai.js @@ -2,7 +2,8 @@ system({ title: "Tools support", }) -$`Use tools if possible. +$`## Tools +Use tools if possible. - **Do NOT invent function names**. - **Do NOT use function names starting with 'functions.'. - **Do NOT respond with multi_tool_use**.` diff --git a/packages/core/src/hostconfiguration.ts b/packages/core/src/hostconfiguration.ts index 43108e8b50..0980b6c560 100644 --- a/packages/core/src/hostconfiguration.ts +++ b/packages/core/src/hostconfiguration.ts @@ -23,4 +23,9 @@ export interface HostConfiguration { * Model identifier to encoding mapping */ modelEncodings?: Record + + /** + * A map of secret name and their respective regex pattern + */ + secretPatterns?: Record } diff --git a/packages/core/src/promptdom.ts b/packages/core/src/promptdom.ts index 088b139f87..6e80ebb2a7 100644 --- a/packages/core/src/promptdom.ts +++ b/packages/core/src/promptdom.ts @@ -40,6 +40,7 @@ import { GROQEvaluate } from "./groq" import { trimNewlines } from "./unwrappers" import { CancellationOptions } from "./cancellation" import { promptParametersSchemaToJSONSchema } from "./parameters" +import { redactSecrets } from "./secretscanner" // Definition of the PromptNode interface which is an essential part of the code structure. export interface PromptNode extends ContextExpansionOptions { @@ -1353,13 +1354,13 @@ ${trimNewlines(schemaText)} export function finalizeMessages( messages: ChatCompletionMessageParam[], - options?: { - responseType?: PromptTemplateResponseType - responseSchema?: PromptParametersSchema | JSONSchema | undefined + options: { fileOutputs?: FileOutput[] - } & TraceOptions + } & ModelOptions & + TraceOptions & + ContentSafetyOptions ) { - const { fileOutputs, trace } = options || {} + const { fileOutputs, trace, secretScanning } = options || {} if (fileOutputs?.length > 0) { appendSystemMessage( messages, @@ -1400,6 +1401,16 @@ ${schemaTs} } } + if (secretScanning !== false) { + // this is a bit brutal, but we don't want to miss secrets + // hidden in fields + const secrets = redactSecrets(JSON.stringify(messages), { trace }) + if (Object.keys(secrets.found).length) { + const newMessage = JSON.parse(secrets.text) + messages.splice(0, messages.length, ...newMessage) + } + } + return { responseType, responseSchema, diff --git a/packages/core/src/runpromptcontext.ts b/packages/core/src/runpromptcontext.ts index e767ada0ef..869c6eeaff 100644 --- a/packages/core/src/runpromptcontext.ts +++ b/packages/core/src/runpromptcontext.ts @@ -997,11 +997,10 @@ export function createChatGenerationContext( genOptions.fallbackTools = true } - const { responseType, responseSchema } = finalizeMessages( + finalizeMessages( messages, { - responseType: runOptions?.responseType, - responseSchema: runOptions?.responseSchema, + ...(runOptions || {}), fileOutputs, trace, } diff --git a/packages/core/src/secretscanner.ts b/packages/core/src/secretscanner.ts new file mode 100644 index 0000000000..026747893f --- /dev/null +++ b/packages/core/src/secretscanner.ts @@ -0,0 +1,37 @@ +import { runtimeHost } from "./host" +import { TraceOptions } from "./trace" +import { logWarn } from "./util" + +const cachedSecretScanners: Record = {} + +export function redactSecrets(text: string, options?: TraceOptions) { + const { trace } = options ?? {} + const { secretPatterns = {} } = runtimeHost.config + const found: Record = {} + const res = Object.entries(secretPatterns).reduce( + (acc, [name, pattern]) => { + if (!pattern) return acc // null, undefined, or empty string + const regex: RegExp = + cachedSecretScanners[pattern] ?? + (cachedSecretScanners[pattern] = new RegExp(pattern, "g")) + return acc.replace(regex, () => { + found[name] = (found[name] ?? 0) + 1 + return `` + }) + }, + text + ) + + if (Object.keys(found).length > 0 && trace) { + const msg = `detected secrets: ${Object.entries(found) + .map(([k, v]) => `${k} (${v})`) + .join(", ")}` + logWarn(msg) + trace.warn(msg) + } + + return { + text: res, + found, + } +} diff --git a/packages/core/src/systems.ts b/packages/core/src/systems.ts index 3f7486a954..b09e138e93 100644 --- a/packages/core/src/systems.ts +++ b/packages/core/src/systems.ts @@ -18,11 +18,13 @@ import type { Project } from "./server/messages" */ export function resolveSystems( prj: Project, - script: PromptSystemOptions & ModelOptions & { jsSource?: string }, + script: PromptSystemOptions & + ModelOptions & + ContentSafetyOptions & { jsSource?: string }, resolvedTools?: ToolCallback[], options?: GenerationOptions ): string[] { - const { jsSource, responseType, responseSchema } = script + const { jsSource, responseType, responseSchema, systemSafety } = script // Initialize systems array from script.system, converting to array if necessary using arrayify utility let systems = arrayify(script.system) const excludedSystem = arrayify(script.excludedSystem) @@ -30,14 +32,16 @@ export function resolveSystems( const dataMode = responseSchema || (responseType && responseType !== "markdown" && responseType !== "text") + const safeties = [ + "system.safety_jailbreak", + "system.safety_harmful_content", + "system.safety_protected_material", + ] // If no system is defined in the script, determine systems based on jsSource if (script.system === undefined) { // safety - systems.push("system.safety_jailbreak") - systems.push("system.safety_harmful_content") - systems.push("system.safety_protected_material") - + if (systemSafety !== false) systems.push(...safeties) // Check for schema definition in jsSource using regex const useSchema = /\Wdefschema\W/i.test(jsSource) @@ -74,6 +78,9 @@ export function resolveSystems( if (/\W(github)\W/i.test(jsSource)) systems.push("system.github_info") } + // insert safety first + if (systemSafety === "default") systems.unshift(...safeties) + // output format switch (responseType) { case "markdown": diff --git a/packages/core/src/template.ts b/packages/core/src/template.ts index f94439b0f0..155f9cc11e 100644 --- a/packages/core/src/template.ts +++ b/packages/core/src/template.ts @@ -27,284 +27,6 @@ function templateIdFromFileName(filename: string) { .replace(/.*[\/\\]/, "") } -/** - * Type utility to extract keys of a type T that match type S. - */ -type KeysOfType = { - [K in keyof T]: T[K] extends S ? K : never -}[keyof T & string] - -/** - * Class to perform validation checks on a prompt script. - * - * @template T - Type of the prompt-like object to validate. - */ -class Checker { - keyFound: boolean // Tracks whether a key is found during validation. - key: string // Currently processed key. - val: any // Currently processed value. - - /** - * Converts a character index to a line and column position. - * - * @param n - Character index in the script. - * @returns A tuple [line, column] representing the position. - */ - toPosition(n: number): CharPosition { - const pref = this.js.slice(0, n) - const line = pref.replace(/[^\n]/g, "").length - const col = pref.replace(/[^]*\n/, "").length - return [line, col] - } - - /** - * Reports an error for the current key. - * - * @param message - Error message to report. - */ - verror(message: string) { - this.error(this.key, message) - } - - /** - * Reports an error with a specific key. - * - * @param key - The key associated with the error. - * @param message - Error message to report. - */ - error(key: string, message: string) { - const idx = new RegExp("\\b" + key + "[\\s\"']*:").exec(this.js) - const range = idx ? [idx.index, idx.index + key.length] : [0, 5] - this.diagnostics.push({ - filename: this.script.filename, - range: [this.toPosition(range[0]), this.toPosition(range[1])], - severity: "error", - message, - }) - } - - /** - * Constructs a new Checker instance. - * - * @param script - The prompt-like object to validate. - * @param filename - The filename of the script. - * @param diagnostics - The diagnostics array to report errors to. - * @param js - The JavaScript source code of the script. - * @param jsobj - The parsed JSON object of the script. - */ - constructor( - public script: T, - public diagnostics: Diagnostic[], - public js: string, - public jsobj: any - ) {} - - /** - * Validates key-value pairs within the JSON object using a callback function. - * - * @param cb - Callback function to perform specific checks. - * @returns A new object containing valid key-value pairs. - */ - validateKV(cb: () => void) { - const obj: any = {} - - for (const key of Object.keys(this.jsobj)) { - this.key = key - if (typeof this.key != "string") { - this.verror("expecting string as key") - continue - } - this.val = this.jsobj[key] - - const numdiag = this.diagnostics.length - this.keyFound = false - - cb() - - if (!this.keyFound) this.verror(`unhandled key: ${this.key}`) - - if (numdiag === this.diagnostics.length) obj[key] = this.val - } - - return obj - } - - /** - * Skips validation for the current key if it doesn't match k. - * - * @param k - The key to check against. - * @returns Whether the current key is skipped. - */ - private skip(k: string) { - if (k !== this.key) return true - this.keyFound = true - return false - } - - /** - * Checks if the current value is a string and optionally within a set of allowed keys. - * - * @param k - Key of the string to check. - * @param keys - Optional array of allowed string values. - */ - checkString( - k: K & KeysOfType, - keys?: T[K][] - ) { - if (this.skip(k)) return - - if (typeof this.val != "string") { - this.verror("expecting string here") - return - } - if (keys && !keys.includes(this.val as any)) { - this.verror(`only one of ${JSON.stringify(keys)} allowed here`) - return - } - } - - /** - * Checks if the current value is an object or an array of objects. - * - * @param k - Key of the object or object array to check. - */ - checkObjectOrObjectArray(k: any) { - if (this.skip(k)) return - if ( - typeof this.val !== "object" && - (!Array.isArray(this.val) || - !this.val.every((f) => typeof f === "object")) - ) { - this.verror("expecting an object or an array of object here") - return - } - } - - /** - * Checks if the given key is a valid JSON schema. - * - * @param k - Key of the schema to validate. - */ - checkJSONSchema(k: any) { - if (this.skip(k)) return - if (k && !validateSchema(k)) - this.verror("expecting valid JSON schema here") - return - } - - /** - * Checks if the current value is an array of objects. - * - * @param k - Key of the object array to check. - */ - checkObjectArray(k: any) { - if (this.skip(k)) return - if ( - !Array.isArray(this.val) || - !this.val.every((f) => typeof f == "object") - ) { - this.verror("expecting array of object here") - return - } - } - - /** - * Checks if the current value is an object (record). - * - * @param k - Key of the record to check. - */ - checkRecord(k: any) { - if (this.skip(k)) return - if (typeof this.val != "object") { - this.verror("expecting object here") - return - } - } - - /** - * Checks if the current value is a boolean. - * - * @param k - Key of the boolean to check. - */ - checkBool(k: KeysOfType) { - if (this.skip(k)) return - if (typeof this.val != "boolean") { - this.verror(`only true and false allowed here`) - return - } - } - - /** - * Checks if the current value is a string or a boolean. - * - * @param k - Key of the string or boolean to check. - */ - checkStringOrBool(k: KeysOfType) { - if (this.skip(k)) return - if (typeof this.val != "string" && typeof this.val != "boolean") { - this.verror(`expecting string or boolean here`) - return - } - } - - /** - * Checks if the current value is a natural number. - * - * @param k - Key of the number to check. - */ - checkNat(k: KeysOfType) { - if (this.skip(k)) return - if ( - typeof this.val != "number" || - this.val < 0 || - (this.val | 0) != this.val - ) { - this.verror(`only natural numbers allowed here`) - return - } - } - - /** - * Checks if the current value is a number. - * - * @param k - Key of the number to check. - */ - checkNumber(k: KeysOfType) { - if (this.skip(k)) return - if (typeof this.val != "number") { - this.verror(`only numbers allowed here`) - return - } - } - - /** - * Checks any value with a custom callback transformation. - * - * @param k - Key of the value to check. - * @param cb - Callback function to transform the value. - */ - checkAny(k: K, cb: (val: any) => any) { - if (this.skip(k)) return - this.val = cb(this.val) - } - - /** - * Checks if the current value is a string or an array of strings. - * - * @param k - Key of the string or string array to check. - */ - checkStringArray(k: KeysOfType) { - this.checkAny(k, (v) => { - if (typeof v == "string") v = [v] - if (!Array.isArray(v) || v.some((q) => typeof q != "string")) { - this.verror(`expecting string or string array here`) - return [] - } - return v - }) - } -} - /** * Parses script metadata from the given JavaScript source. * @@ -368,77 +90,9 @@ async function parsePromptTemplateCore( } as PromptScript if (!filename.startsWith(BUILTIN_PREFIX)) r.filename = host.path.resolve(filename) - - try { - const meta = parsePromptScriptMeta(r.jsSource) - const checker = new Checker( - r, - prj.diagnostics, - content, - meta - ) - const obj = checker.validateKV(() => { - // Validate various fields using the Checker methods - checker.checkString("title") - checker.checkString("description") - checker.checkString("model") - checker.checkString("smallModel") - checker.checkString("visionModel") - checker.checkString("embeddingsModel") - checker.checkString("provider") - checker.checkString("responseType") - checker.checkString("accept") - checker.checkJSONSchema("responseSchema") - - checker.checkString("embeddingsModel") - - checker.checkBool("unlisted") - - checker.checkNat("maxTokens") - checker.checkNumber("temperature") - checker.checkNumber("topP") - checker.checkNumber("seed") - checker.checkNat("flexTokens") - - checker.checkStringArray("system") - checker.checkStringArray("excludedSystem") - checker.checkStringArray("files") - checker.checkString("group") - - checker.checkBool("isSystem") - checker.checkRecord("parameters") - checker.checkRecord("vars") - checker.checkStringArray("secrets") - - checker.checkBool("lineNumbers") - checker.checkObjectOrObjectArray("tests") - checker.checkStringArray("tools") - checker.checkStringOrBool("cache") - checker.checkString("cacheName") - checker.checkString("filename") - checker.checkString("contentSafety") - checker.checkAny("choices", (v) => v) - checker.checkNumber("topLogprobs") - - checker.checkRecord("modelConcurrency") - checker.checkObjectArray("defTools") - checker.checkBool("logprobs") - checker.checkString("fenceFormat", ["markdown", "xml"]) - }) - Object.assign(checker.script, obj) - return checker.script - } catch (e) { - prj.diagnostics.push({ - filename, - range: [ - [0, 0], - [0, 5], - ], - severity: "error", - message: errorMessage(e), - }) - return undefined - } + const meta = parsePromptScriptMeta(r.jsSource) + Object.assign(r, meta) + return r } /** diff --git a/packages/core/src/types/prompt_template.d.ts b/packages/core/src/types/prompt_template.d.ts index 54d9610f8f..50170f8d25 100644 --- a/packages/core/src/types/prompt_template.d.ts +++ b/packages/core/src/types/prompt_template.d.ts @@ -1236,6 +1236,17 @@ interface ContentSafetyOptions { * to prevent prompt injection. */ detectPromptInjection?: "always" | "available" | boolean + + /** + * Policy to inject builtin system prompts. See to `false` prevent automatically injecting. + */ + systemSafety?: "default" | boolean + + /** + * Policy to disable secret scanning when communicating with the LLM. + * Set to `false` to disable. + */ + secretScanning?: boolean } interface DefOptions diff --git a/packages/sample/genaisrc/secret-scanning.genai.mts b/packages/sample/genaisrc/secret-scanning.genai.mts new file mode 100644 index 0000000000..9d40b92936 --- /dev/null +++ b/packages/sample/genaisrc/secret-scanning.genai.mts @@ -0,0 +1,3 @@ +$` +OPENAI_API_KEY="sk-000000000000000000000000000000000000000000000000" +Write a short poem about OPENAI_API_KEY.` From 64e9f13f0401982860019620c6a6f0ad9d2b0260 Mon Sep 17 00:00:00 2001 From: Peli de Halleux Date: Thu, 30 Jan 2025 16:31:21 +0000 Subject: [PATCH 4/8] fix link --- docs/src/content/docs/reference/scripts/secret-scanning.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/src/content/docs/reference/scripts/secret-scanning.mdx b/docs/src/content/docs/reference/scripts/secret-scanning.mdx index 03526a2e4a..9e5b32d40b 100644 --- a/docs/src/content/docs/reference/scripts/secret-scanning.mdx +++ b/docs/src/content/docs/reference/scripts/secret-scanning.mdx @@ -43,7 +43,7 @@ script({ ## Configuring patterns If you have a specific pattern that you want to scan for, you can configure it in your -[configuration file](/genaiscript/reference/scripts/configuration-files). +[configuration file](/genaiscript/reference/configuration-files). ```json title="genaiscript.config.json" { From 4c7a0440f37aa5e1273fff690e959808bbeb810b Mon Sep 17 00:00:00 2001 From: Peli de Halleux Date: Thu, 30 Jan 2025 16:34:28 +0000 Subject: [PATCH 5/8] add mac/windows tests --- .github/workflows/npm-check.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/npm-check.yml b/.github/workflows/npm-check.yml index 3600f1aea3..ce91e6ba16 100644 --- a/.github/workflows/npm-check.yml +++ b/.github/workflows/npm-check.yml @@ -4,10 +4,24 @@ on: schedule: - cron: "0 4 * * *" jobs: - build: + ubuntu: runs-on: ubuntu-latest steps: - uses: actions/setup-node@v4 with: node-version: "20" - run: npx --yes genaiscript --help + windows: + runs-on: windows-latest + steps: + - uses: actions/setup-node@v4 + with: + node-version: "20" + - run: npx --yes genaiscript --help + macos: + runs-on: macos-latest + steps: + - uses: actions/setup-node@v4 + with: + node-version: "20" + - run: npx --yes genaiscript --help From 1b3a7f9e9de2747eadc2a728cd708c2688c2e43b Mon Sep 17 00:00:00 2001 From: Peli de Halleux Date: Thu, 30 Jan 2025 16:44:00 +0000 Subject: [PATCH 6/8] Release 1.97.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ecb4e4b812..b33510ac7b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "genaiscript-workspace", - "version": "1.97.1", + "version": "1.97.2", "license": "MIT", "private": true, "workspaces": { From aa49a9b70eb52a1a8a571a9042cf51375742e3fb Mon Sep 17 00:00:00 2001 From: Peli de Halleux Date: Thu, 30 Jan 2025 16:44:30 +0000 Subject: [PATCH 7/8] [skip ci] updated version numbers --- docs/package.json | 2 +- packages/cli/package.json | 2 +- packages/core/package.json | 2 +- packages/sample/package.json | 2 +- packages/vscode/package.json | 2 +- packages/web/package.json | 2 +- slides/package.json | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/package.json b/docs/package.json index 7e0705bfc0..1bf1046d38 100644 --- a/docs/package.json +++ b/docs/package.json @@ -2,7 +2,7 @@ "name": "docs", "type": "module", "private": true, - "version": "1.97.1", + "version": "1.97.2", "license": "MIT", "scripts": { "install:force": "rm yarn.lock && yarn install", diff --git a/packages/cli/package.json b/packages/cli/package.json index 2dd8bd82fb..4466c92e1f 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -1,6 +1,6 @@ { "name": "genaiscript", - "version": "1.97.1", + "version": "1.97.2", "main": "built/genaiscript.cjs", "type": "commonjs", "bin": { diff --git a/packages/core/package.json b/packages/core/package.json index 3eb092c4da..90a515de2d 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -1,6 +1,6 @@ { "name": "genaiscript-core-internal", - "version": "1.97.1", + "version": "1.97.2", "main": "src/index.ts", "license": "MIT", "private": true, diff --git a/packages/sample/package.json b/packages/sample/package.json index e460c91bd6..fa15b794a6 100644 --- a/packages/sample/package.json +++ b/packages/sample/package.json @@ -1,6 +1,6 @@ { "name": "genaiscript-sample", - "version": "1.97.1", + "version": "1.97.2", "license": "MIT", "private": true, "scripts": { diff --git a/packages/vscode/package.json b/packages/vscode/package.json index 8f844eeb39..2cf3816ad4 100644 --- a/packages/vscode/package.json +++ b/packages/vscode/package.json @@ -7,7 +7,7 @@ }, "displayName": "GenAIScript Insiders", "description": "Generative AI Scripting.", - "version": "1.97.1", + "version": "1.97.2", "icon": "icon.png", "engines": { "vscode": "^1.95.0" diff --git a/packages/web/package.json b/packages/web/package.json index d228cc1608..14262c7d1f 100644 --- a/packages/web/package.json +++ b/packages/web/package.json @@ -1,6 +1,6 @@ { "name": "genaiscript-web", - "version": "1.97.1", + "version": "1.97.2", "license": "MIT", "private": true, "scripts": { diff --git a/slides/package.json b/slides/package.json index 8ea678f19d..1e11d53b76 100644 --- a/slides/package.json +++ b/slides/package.json @@ -1,6 +1,6 @@ { "name": "genaiscript-slides", - "version": "1.97.1", + "version": "1.97.2", "type": "module", "private": true, "npm": { From ade5cff0b96946ce84dbd0ea4cfec04fb7f254f4 Mon Sep 17 00:00:00 2001 From: Peli de Halleux Date: Thu, 30 Jan 2025 23:05:29 +0000 Subject: [PATCH 8/8] updated dark --- packages/sample/genaisrc/ai-kitchen.genai.mts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/sample/genaisrc/ai-kitchen.genai.mts b/packages/sample/genaisrc/ai-kitchen.genai.mts index 46ab6839e6..0b755a5770 100644 --- a/packages/sample/genaisrc/ai-kitchen.genai.mts +++ b/packages/sample/genaisrc/ai-kitchen.genai.mts @@ -17,7 +17,8 @@ script({ files: "src/video/ai_kitchen.local.mp4", cache: "ai-kitchen", temperature: 1.1, - system: ["system.output_markdown"], + responseType: "markdown", + systemSafety: false, parameters: { guest: { type: "string",