Compare commits
1 Commits
burn/priva
...
burn/model
| Author | SHA1 | Date | |
|---|---|---|---|
|
f8f4678ee4 |
@@ -1,426 +0,0 @@
|
||||
"""Privacy filter for remote API calls — PII redaction before wire transit.
|
||||
|
||||
Strips personally identifiable information (PII) from messages before they
|
||||
leave the local machine and hit a remote LLM provider. Designed to sit
|
||||
between the message list and the API client so local model routing can
|
||||
bypass it entirely.
|
||||
|
||||
Sensitive categories detected:
|
||||
- Email addresses
|
||||
- Phone numbers (E.164 and common formats)
|
||||
- Physical addresses / private file paths
|
||||
- Crypto wallet addresses (Bitcoin, Ethereum, generic EVM)
|
||||
- SSN / government ID patterns
|
||||
- Real names (opt-in via config)
|
||||
|
||||
Integration point: call ``filter_messages()`` on the ``api_messages`` list
|
||||
inside ``_build_api_kwargs()`` or just before ``_interruptible_api_call()``
|
||||
when the active provider is a remote endpoint (not localhost).
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import copy
|
||||
import json
|
||||
import logging
|
||||
import os
|
||||
import re
|
||||
from typing import Any
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Configuration — snapshot at import time
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
_ENV = os.getenv
|
||||
|
||||
#: If True, privacy filtering is enabled by default. Can be toggled via
|
||||
#: ``HERMES_PRIVACY_FILTER=0`` to disable.
|
||||
_PRIVACY_FILTER_ENABLED: bool = _ENV("HERMES_PRIVACY_FILTER", "").lower() not in (
|
||||
"0",
|
||||
"false",
|
||||
"no",
|
||||
"off",
|
||||
)
|
||||
|
||||
#: If True, filter is on even when the provider looks local (for testing).
|
||||
_FORCE_FILTER: bool = _ENV("HERMES_PRIVACY_FILTER_FORCE", "").lower() in (
|
||||
"1",
|
||||
"true",
|
||||
"yes",
|
||||
"on",
|
||||
)
|
||||
|
||||
#: Tokens shorter than this are fully masked; longer ones get prefix+suffix.
|
||||
_MASK_THRESHOLD = 8
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Pattern catalogue — PII and sensitive data detectors
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
#: RFC 5322-lite email pattern (covers 99% of real addresses).
|
||||
_EMAIL_RE = re.compile(
|
||||
r"""(?<![A-Za-z0-9._%+\-])"""
|
||||
r"""([A-Za-z0-9._%+\-]+)@([A-Za-z0-9.\-]+\.[A-Za-z]{2,})"""
|
||||
r"""(?![A-Za-z0-9._%+\-])"""
|
||||
)
|
||||
|
||||
#: E.164 phone numbers: +1… through +9…, 7-15 digits.
|
||||
#: Also catches common US formats like (555) 123-4567 and 555-123-4567.
|
||||
_PHONE_E164_RE = re.compile(r"(\+[1-9]\d{6,14})(?![\d])")
|
||||
_PHONE_US_RE = re.compile(
|
||||
r"""(?:\+?1[\s.-]?)?""" # optional country code
|
||||
r"""(?:\(?[2-9]\d{2}\)?[\s.-]?)""" # area code
|
||||
r"""(?:[2-9]\d{2}[\s.-]?)""" # exchange
|
||||
r"""(?:\d{4})""" # subscriber
|
||||
r"""(?![\d])"""
|
||||
)
|
||||
|
||||
#: US Social Security Number: XXX-XX-XXXX (with exclusion of 000/666/9xx area).
|
||||
_SSN_RE = re.compile(
|
||||
r"""(?<!\d)"""
|
||||
r"""(?!000|666|9\d{2})\d{3}"""
|
||||
r"""[\s-]"""
|
||||
r"""(?!00)\d{2}"""
|
||||
r"""[\s-]"""
|
||||
r"""(?!0000)\d{4}"""
|
||||
r"""(?!\d)"""
|
||||
)
|
||||
|
||||
#: Crypto wallet addresses.
|
||||
#: Bitcoin: starts with 1, 3, or bc1 — 25-39 chars (legacy) or 42-62 (bech32).
|
||||
_BITCOIN_RE = re.compile(r"\b([13][a-km-zA-HJ-NP-Z1-9]{25,35}|bc1[a-zA-HJ-NP-Z0-9]{25,49})\b")
|
||||
#: Ethereum / EVM: 0x + 40 hex chars.
|
||||
_ETHEREUM_RE = re.compile(r"\b(0x[a-fA-F0-9]{40})\b")
|
||||
#: Generic long hex that looks like a wallet (>= 32 hex chars, not git hashes
|
||||
#: which are usually short or have context clues).
|
||||
_GENERIC_WALLET_RE = re.compile(r"\b(0x[a-fA-F0-9]{32,})\b")
|
||||
|
||||
#: Unix home paths: /home/user, /Users/username, /root
|
||||
_UNIX_HOME_PATH_RE = re.compile(
|
||||
r"""(?:/home/[\w.\-]+|/Users/[\w.\-]+|/root)(?:/[\w.\-]+)*"""
|
||||
)
|
||||
#: Windows user profile paths: C:\Users\username
|
||||
_WIN_HOME_PATH_RE = re.compile(
|
||||
r"""[A-Z]:\\Users\\[\w.\-]+(?:\\[\w.\-]+)*""", re.IGNORECASE
|
||||
)
|
||||
|
||||
#: SSH keys, GPG keys, PEM private keys — entire blocks.
|
||||
_PRIVATE_KEY_BLOCK_RE = re.compile(
|
||||
r"""-----BEGIN[A-Z ]*PRIVATE KEY-----[\s\S]*?-----END[A-Z ]*PRIVATE KEY-----"""
|
||||
)
|
||||
|
||||
#: Common "name:" patterns in structured input (YAML, JSON, form data).
|
||||
#: Only matches when followed by a plausible 2+ word name.
|
||||
_NAME_FIELD_RE = re.compile(
|
||||
r"""(?:\"name\"\s*:\s*\"|name:\s*)([A-Z][a-z]+(?:\s+[A-Z][a-z]+)+)"""
|
||||
)
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Masking helpers
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
def _mask_value(value: str, visible: int = 4) -> str:
|
||||
"""Mask a string, keeping at most *visible* chars at each end."""
|
||||
if len(value) <= _MASK_THRESHOLD:
|
||||
return "[REDACTED]"
|
||||
keep = max(2, min(visible, len(value) // 4))
|
||||
return f"{value[:keep]}…{value[-keep:]}"
|
||||
|
||||
|
||||
def _mask_email(m: re.Match) -> str:
|
||||
user, domain = m.group(1), m.group(2)
|
||||
masked_user = user[0] + "…" if len(user) > 1 else "…"
|
||||
return f"{masked_user}@{domain}"
|
||||
|
||||
|
||||
def _mask_phone(m: re.Match) -> str:
|
||||
raw = m.group(0)
|
||||
digits = re.sub(r"\D", "", raw)
|
||||
if len(digits) <= 6:
|
||||
return "[REDACTED-PHONE]"
|
||||
return f"+{'*' * (len(digits) - 4)}{digits[-4:]}"
|
||||
|
||||
|
||||
def _mask_wallet(m: re.Match) -> str:
|
||||
addr = m.group(1)
|
||||
if addr.startswith("0x"):
|
||||
return f"0x{'*' * 6}…{addr[-4:]}"
|
||||
if addr.startswith("bc1"):
|
||||
return f"bc1{'*' * 4}…{addr[-4:]}"
|
||||
# Legacy Bitcoin
|
||||
return f"{addr[:4]}{'*' * 4}…{addr[-4:]}"
|
||||
|
||||
|
||||
def _mask_path(m: re.Match) -> str:
|
||||
raw = m.group(0)
|
||||
parts = raw.replace("\\", "/").split("/")
|
||||
if len(parts) >= 3:
|
||||
return f"{parts[0]}/{parts[1]}/[REDACTED-PATH]"
|
||||
return "[REDACTED-PATH]"
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Core filtering — string level
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
#: Ordered list of (compiled_replacement_tuple) applied to every string.
|
||||
_FILTER_RULES: list[tuple[re.Pattern, Any]] = [
|
||||
# 1. Private key blocks — must run first (multi-line)
|
||||
(_PRIVATE_KEY_BLOCK_RE, "[REDACTED-PRIVATE-KEY]"),
|
||||
# 2. Emails
|
||||
(_EMAIL_RE, _mask_email),
|
||||
# 3. Phone numbers — E.164 first, then US format
|
||||
(_PHONE_E164_RE, _mask_phone),
|
||||
(_PHONE_US_RE, _mask_phone),
|
||||
# 4. SSN
|
||||
(_SSN_RE, lambda m: f"{'*' * 3}-{m.group(0)[-6:-5]}{'*' * 2}-{m.group(0)[-4:]}"),
|
||||
# 5. Crypto wallets — Bitcoin then Ethereum then generic
|
||||
(_BITCOIN_RE, _mask_wallet),
|
||||
(_ETHEREUM_RE, _mask_wallet),
|
||||
(_GENERIC_WALLET_RE, _mask_wallet),
|
||||
# 6. File paths with user dirs
|
||||
(_UNIX_HOME_PATH_RE, _mask_path),
|
||||
(_WIN_HOME_PATH_RE, _mask_path),
|
||||
]
|
||||
|
||||
|
||||
def filter_text(text: str) -> str:
|
||||
"""Apply all privacy filter rules to a single string.
|
||||
|
||||
Safe for any string input — non-matching text passes through unchanged.
|
||||
"""
|
||||
if text is None:
|
||||
return ""
|
||||
if not text:
|
||||
return text
|
||||
for pattern, replacement in _FILTER_RULES:
|
||||
if callable(replacement) and not isinstance(replacement, str):
|
||||
text = pattern.sub(replacement, text)
|
||||
else:
|
||||
text = pattern.sub(replacement, text)
|
||||
return text
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Detection — is this content sensitive?
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
#: Patterns whose mere presence indicates "route to local model only".
|
||||
_SENSITIVE_DETECTION_RULES: list[tuple[str, re.Pattern]] = [
|
||||
("email", _EMAIL_RE),
|
||||
("phone", _PHONE_E164_RE),
|
||||
("phone_us", _PHONE_US_RE),
|
||||
("ssn", _SSN_RE),
|
||||
("bitcoin_wallet", _BITCOIN_RE),
|
||||
("ethereum_wallet", _ETHEREUM_RE),
|
||||
("private_key", _PRIVATE_KEY_BLOCK_RE),
|
||||
("user_path_unix", _UNIX_HOME_PATH_RE),
|
||||
("user_path_win", _WIN_HOME_PATH_RE),
|
||||
]
|
||||
|
||||
|
||||
def detect_sensitive(text: str) -> list[str]:
|
||||
"""Return a list of sensitive categories found in *text*.
|
||||
|
||||
Empty list means the text is safe for remote APIs (after filtering).
|
||||
Non-empty list means the text *contains* PII — the caller should
|
||||
consider routing to a local model instead.
|
||||
"""
|
||||
if not text:
|
||||
return []
|
||||
found = []
|
||||
for name, pattern in _SENSITIVE_DETECTION_RULES:
|
||||
if pattern.search(text):
|
||||
found.append(name)
|
||||
return found
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Message-level filtering
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
def _extract_text_from_content(content: Any) -> str:
|
||||
"""Extract plain text from OpenAI message content (str or list of parts)."""
|
||||
if content is None:
|
||||
return ""
|
||||
if isinstance(content, str):
|
||||
return content
|
||||
if isinstance(content, list):
|
||||
parts = []
|
||||
for part in content:
|
||||
if isinstance(part, dict):
|
||||
if part.get("type") == "text":
|
||||
parts.append(part.get("text", ""))
|
||||
elif part.get("type") == "tool_result":
|
||||
# tool_result content can be nested
|
||||
inner = part.get("content", "")
|
||||
if isinstance(inner, str):
|
||||
parts.append(inner)
|
||||
elif isinstance(inner, list):
|
||||
for p in inner:
|
||||
if isinstance(p, dict) and p.get("type") == "text":
|
||||
parts.append(p.get("text", ""))
|
||||
elif isinstance(part, str):
|
||||
parts.append(part)
|
||||
return "\n".join(parts)
|
||||
return str(content)
|
||||
|
||||
|
||||
def _set_content_text(content: Any, filtered: str) -> Any:
|
||||
"""Reconstruct content structure with filtered text."""
|
||||
if content is None:
|
||||
return None
|
||||
if isinstance(content, str):
|
||||
return filtered
|
||||
if isinstance(content, list):
|
||||
result = []
|
||||
text_idx = 0
|
||||
for part in content:
|
||||
if isinstance(part, dict) and part.get("type") == "text":
|
||||
result.append({**part, "text": filtered if text_idx == 0 else part.get("text", "")})
|
||||
text_idx += 1
|
||||
elif isinstance(part, dict) and part.get("type") == "tool_result":
|
||||
inner = part.get("content", "")
|
||||
if isinstance(inner, str):
|
||||
result.append({**part, "content": filter_text(inner)})
|
||||
else:
|
||||
result.append(part)
|
||||
else:
|
||||
result.append(part)
|
||||
return result
|
||||
return filtered
|
||||
|
||||
|
||||
def filter_messages(messages: list[dict]) -> list[dict]:
|
||||
"""Return a deep-copied message list with PII redacted.
|
||||
|
||||
Each message's ``content`` field is filtered. Tool call arguments
|
||||
(``arguments`` inside ``tool_calls``) are also filtered as JSON strings.
|
||||
|
||||
``name`` fields inside message dicts are left untouched (they are
|
||||
role labels, not PII).
|
||||
"""
|
||||
if not messages:
|
||||
return messages
|
||||
|
||||
filtered = copy.deepcopy(messages)
|
||||
for msg in filtered:
|
||||
if not isinstance(msg, dict):
|
||||
continue
|
||||
|
||||
# Filter content
|
||||
if "content" in msg:
|
||||
raw = _extract_text_from_content(msg["content"])
|
||||
msg["content"] = _set_content_text(msg["content"], filter_text(raw))
|
||||
|
||||
# Filter tool call arguments (they arrive as JSON strings)
|
||||
tool_calls = msg.get("tool_calls")
|
||||
if isinstance(tool_calls, list):
|
||||
for tc in tool_calls:
|
||||
if isinstance(tc, dict):
|
||||
# Direct arguments field
|
||||
args = tc.get("arguments")
|
||||
if isinstance(args, str):
|
||||
tc["arguments"] = filter_text(args)
|
||||
# OpenAI function format: tc["function"]["arguments"]
|
||||
func = tc.get("function")
|
||||
if isinstance(func, dict):
|
||||
fargs = func.get("arguments")
|
||||
if isinstance(fargs, str):
|
||||
func["arguments"] = filter_text(fargs)
|
||||
|
||||
return filtered
|
||||
|
||||
|
||||
def has_sensitive_content(messages: list[dict]) -> list[str]:
|
||||
"""Scan messages and return all sensitive categories found.
|
||||
|
||||
Returns empty list if no PII detected (safe for remote).
|
||||
"""
|
||||
categories: set[str] = set()
|
||||
for msg in messages:
|
||||
if not isinstance(msg, dict):
|
||||
continue
|
||||
raw = _extract_text_from_content(msg.get("content", ""))
|
||||
categories.update(detect_sensitive(raw))
|
||||
|
||||
tool_calls = msg.get("tool_calls")
|
||||
if isinstance(tool_calls, list):
|
||||
for tc in tool_calls:
|
||||
if isinstance(tc, dict):
|
||||
args = tc.get("arguments", "")
|
||||
if isinstance(args, str):
|
||||
categories.update(detect_sensitive(args))
|
||||
# OpenAI function format
|
||||
func = tc.get("function")
|
||||
if isinstance(func, dict):
|
||||
fargs = func.get("arguments", "")
|
||||
if isinstance(fargs, str):
|
||||
categories.update(detect_sensitive(fargs))
|
||||
return sorted(categories)
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Provider routing helpers
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
_LOCAL_PATTERNS = (
|
||||
"localhost",
|
||||
"127.0.0.1",
|
||||
"::1",
|
||||
"0.0.0.0",
|
||||
)
|
||||
|
||||
|
||||
def is_remote_provider(base_url: str) -> bool:
|
||||
"""Return True if *base_url* points to a remote (non-local) provider."""
|
||||
if not base_url:
|
||||
return False # assume local if unset
|
||||
lower = base_url.lower()
|
||||
return not any(h in lower for h in _LOCAL_PATTERNS)
|
||||
|
||||
|
||||
def should_route_local(messages: list[dict], base_url: str) -> tuple[bool, list[str]]:
|
||||
"""Decide whether messages should stay on local models.
|
||||
|
||||
Returns ``(should_local, reasons)`` where *reasons* lists the
|
||||
sensitive categories detected. If *base_url* is already local,
|
||||
returns ``(False, [])`` since there's no need to re-route.
|
||||
"""
|
||||
if not is_remote_provider(base_url):
|
||||
return False, []
|
||||
if not _PRIVACY_FILTER_ENABLED and not _FORCE_FILTER:
|
||||
return False, []
|
||||
reasons = has_sensitive_content(messages)
|
||||
return bool(reasons), reasons
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Integration hook — drop-in replacement for the API call path
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
def prepare_for_remote(messages: list[dict], base_url: str) -> tuple[list[dict], list[str]]:
|
||||
"""Filter messages for a remote API call.
|
||||
|
||||
Returns ``(filtered_messages, detected_categories)``.
|
||||
|
||||
If the endpoint is local or the filter is disabled, returns the
|
||||
original messages unchanged with an empty category list.
|
||||
"""
|
||||
if not is_remote_provider(base_url):
|
||||
return messages, []
|
||||
if not _PRIVACY_FILTER_ENABLED and not _FORCE_FILTER:
|
||||
return messages, []
|
||||
|
||||
categories = has_sensitive_content(messages)
|
||||
if categories:
|
||||
logger.info(
|
||||
"PrivacyFilter: redacting %d sensitive category match(es) before remote call: %s",
|
||||
len(categories),
|
||||
", ".join(categories),
|
||||
)
|
||||
return filter_messages(messages), categories
|
||||
284
scripts/benchmark_local_models.py
Normal file
284
scripts/benchmark_local_models.py
Normal file
@@ -0,0 +1,284 @@
|
||||
#!/usr/bin/env python3
|
||||
"""
|
||||
Benchmark local Ollama models against the 50 tok/s UX threshold.
|
||||
|
||||
Usage:
|
||||
python3 scripts/benchmark_local_models.py [--models MODEL1,MODEL2] [--prompt PROMPT] [--rounds N]
|
||||
python3 scripts/benchmark_local_models.py --all # test all pulled models
|
||||
python3 scripts/benchmark_local_models.py --json # JSON output for CI
|
||||
"""
|
||||
|
||||
import argparse
|
||||
import json
|
||||
import os
|
||||
import sys
|
||||
import time
|
||||
import urllib.request
|
||||
import urllib.error
|
||||
from dataclasses import dataclass, asdict
|
||||
from typing import Optional
|
||||
|
||||
OLLAMA_BASE = os.environ.get("OLLAMA_BASE_URL", "http://localhost:11434")
|
||||
THRESHOLD_TOK_S = 50.0
|
||||
|
||||
BENCHMARK_PROMPT = (
|
||||
"Explain the difference between TCP and UDP protocols. "
|
||||
"Cover reliability, ordering, speed, and use cases. "
|
||||
"Be thorough but concise. Write at least 300 words."
|
||||
)
|
||||
|
||||
|
||||
@dataclass
|
||||
class BenchmarkResult:
|
||||
model: str
|
||||
size_gb: float
|
||||
prompt_tokens: int
|
||||
eval_tokens: int
|
||||
eval_duration_s: float
|
||||
tokens_per_second: float
|
||||
total_duration_s: float
|
||||
rounds: int
|
||||
avg_tok_s: float
|
||||
meets_threshold: bool
|
||||
error: Optional[str] = None
|
||||
|
||||
|
||||
def get_models() -> list[dict]:
|
||||
"""List all pulled Ollama models."""
|
||||
url = f"{OLLAMA_BASE}/api/tags"
|
||||
try:
|
||||
req = urllib.request.Request(url)
|
||||
with urllib.request.urlopen(req, timeout=10) as resp:
|
||||
data = json.loads(resp.read())
|
||||
return data.get("models", [])
|
||||
except Exception as e:
|
||||
print(f"Error connecting to Ollama at {OLLAMA_BASE}: {e}", file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
def benchmark_model(model: str, prompt: str, num_predict: int = 512) -> dict:
|
||||
"""Run a single benchmark generation, return timing stats."""
|
||||
url = f"{OLLAMA_BASE}/api/generate"
|
||||
payload = json.dumps({
|
||||
"model": model,
|
||||
"prompt": prompt,
|
||||
"stream": False,
|
||||
"options": {
|
||||
"num_predict": num_predict,
|
||||
"temperature": 0.1, # low temp for consistent output
|
||||
},
|
||||
}).encode()
|
||||
|
||||
req = urllib.request.Request(url, data=payload, method="POST")
|
||||
req.add_header("Content-Type", "application/json")
|
||||
|
||||
start = time.monotonic()
|
||||
try:
|
||||
with urllib.request.urlopen(req, timeout=300) as resp:
|
||||
data = json.loads(resp.read())
|
||||
except urllib.error.HTTPError as e:
|
||||
body = e.read().decode() if e.fp else str(e)
|
||||
raise RuntimeError(f"HTTP {e.code}: {body[:200]}")
|
||||
except Exception as e:
|
||||
raise RuntimeError(str(e))
|
||||
elapsed = time.monotonic() - start
|
||||
|
||||
prompt_tokens = data.get("prompt_eval_count", 0)
|
||||
eval_tokens = data.get("eval_count", 0)
|
||||
eval_duration_ns = data.get("eval_duration", 0)
|
||||
total_duration_ns = data.get("total_duration", 0)
|
||||
|
||||
eval_duration_s = eval_duration_ns / 1e9 if eval_duration_ns else elapsed
|
||||
total_duration_s = total_duration_ns / 1e9 if total_duration_ns else elapsed
|
||||
tok_s = eval_tokens / eval_duration_s if eval_duration_s > 0 else 0.0
|
||||
|
||||
return {
|
||||
"prompt_tokens": prompt_tokens,
|
||||
"eval_tokens": eval_tokens,
|
||||
"eval_duration_s": round(eval_duration_s, 2),
|
||||
"total_duration_s": round(total_duration_s, 2),
|
||||
"tokens_per_second": round(tok_s, 1),
|
||||
}
|
||||
|
||||
|
||||
def run_benchmark(
|
||||
model_name: str,
|
||||
model_size: float,
|
||||
prompt: str,
|
||||
rounds: int,
|
||||
num_predict: int,
|
||||
threshold: float = 50.0,
|
||||
) -> BenchmarkResult:
|
||||
"""Run multiple rounds and compute average."""
|
||||
results = []
|
||||
errors = []
|
||||
|
||||
for i in range(rounds):
|
||||
try:
|
||||
r = benchmark_model(model_name, prompt, num_predict)
|
||||
results.append(r)
|
||||
print(f" Round {i+1}/{rounds}: {r['tokens_per_second']} tok/s "
|
||||
f"({r['eval_tokens']} tokens in {r['eval_duration_s']}s)")
|
||||
except Exception as e:
|
||||
errors.append(str(e))
|
||||
print(f" Round {i+1}/{rounds}: ERROR - {e}")
|
||||
|
||||
if not results:
|
||||
return BenchmarkResult(
|
||||
model=model_name,
|
||||
size_gb=model_size,
|
||||
prompt_tokens=0, eval_tokens=0,
|
||||
eval_duration_s=0, tokens_per_second=0,
|
||||
total_duration_s=0, rounds=rounds,
|
||||
avg_tok_s=0, meets_threshold=False,
|
||||
error="; ".join(errors),
|
||||
)
|
||||
|
||||
avg_tok_s = sum(r["tokens_per_second"] for r in results) / len(results)
|
||||
avg_tok_s = round(avg_tok_s, 1)
|
||||
|
||||
return BenchmarkResult(
|
||||
model=model_name,
|
||||
size_gb=model_size,
|
||||
prompt_tokens=sum(r["prompt_tokens"] for r in results) // len(results),
|
||||
eval_tokens=sum(r["eval_tokens"] for r in results) // len(results),
|
||||
eval_duration_s=round(sum(r["eval_duration_s"] for r in results) / len(results), 2),
|
||||
tokens_per_second=avg_tok_s,
|
||||
total_duration_s=round(sum(r["total_duration_s"] for r in results) / len(results), 2),
|
||||
rounds=len(results),
|
||||
avg_tok_s=avg_tok_s,
|
||||
meets_threshold=avg_tok_s >= threshold,
|
||||
)
|
||||
|
||||
|
||||
def format_report(results: list[BenchmarkResult], threshold: float = 50.0) -> str:
|
||||
"""Format a human-readable benchmark report."""
|
||||
lines = []
|
||||
lines.append("")
|
||||
lines.append("=" * 72)
|
||||
lines.append(f" LOCAL MODEL BENCHMARK — {threshold:.0f} tok/s UX Threshold")
|
||||
lines.append("=" * 72)
|
||||
lines.append("")
|
||||
|
||||
# Summary table
|
||||
header = f"{'Model':<25} {'Size':>6} {'tok/s':>8} {'Threshold':>10} {'Status':>8}"
|
||||
lines.append(header)
|
||||
lines.append("-" * 72)
|
||||
|
||||
passed = 0
|
||||
failed = 0
|
||||
errors = 0
|
||||
|
||||
for r in sorted(results, key=lambda x: x.avg_tok_s, reverse=True):
|
||||
size_str = f"{r.size_gb:.1f}GB"
|
||||
tok_s_str = f"{r.avg_tok_s:.1f}"
|
||||
|
||||
if r.error:
|
||||
status = "ERROR"
|
||||
errors += 1
|
||||
elif r.meets_threshold:
|
||||
status = "PASS"
|
||||
passed += 1
|
||||
else:
|
||||
status = "FAIL"
|
||||
failed += 1
|
||||
|
||||
marker = ">" if r.meets_threshold else "X" if r.error else "!"
|
||||
thresh_str = f">= {threshold:.0f}"
|
||||
lines.append(f" {marker} {r.model:<23} {size_str:>6} {tok_s_str:>8} {thresh_str:>10} {status:>8}")
|
||||
|
||||
lines.append("-" * 72)
|
||||
lines.append(f" Passed: {passed} | Failed: {failed} | Errors: {errors} | Total: {len(results)}")
|
||||
lines.append("")
|
||||
|
||||
# Detail section for failures
|
||||
failures = [r for r in results if not r.meets_threshold and not r.error]
|
||||
if failures:
|
||||
lines.append(" FAILED MODELS (below threshold):")
|
||||
for r in sorted(failures, key=lambda x: x.avg_tok_s):
|
||||
gap = threshold - r.avg_tok_s
|
||||
lines.append(f" - {r.model}: {r.avg_tok_s:.1f} tok/s "
|
||||
f"({gap:.1f} tok/s short, {r.eval_tokens} avg tokens/round)")
|
||||
lines.append("")
|
||||
|
||||
error_list = [r for r in results if r.error]
|
||||
if error_list:
|
||||
lines.append(" ERRORS:")
|
||||
for r in error_list:
|
||||
lines.append(f" - {r.model}: {r.error}")
|
||||
lines.append("")
|
||||
|
||||
# Hardware info
|
||||
import platform
|
||||
lines.append(f" Host: {platform.node()} | {platform.system()} {platform.release()}")
|
||||
lines.append(f" Ollama: {OLLAMA_BASE}")
|
||||
lines.append("")
|
||||
|
||||
return "\n".join(lines)
|
||||
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description="Benchmark local Ollama models vs 50 tok/s threshold")
|
||||
parser.add_argument("--models", help="Comma-separated model names (default: all)")
|
||||
parser.add_argument("--prompt", default=BENCHMARK_PROMPT, help="Benchmark prompt")
|
||||
parser.add_argument("--rounds", type=int, default=3, help="Rounds per model (default: 3)")
|
||||
parser.add_argument("--tokens", type=int, default=512, help="Max tokens to generate (default: 512)")
|
||||
parser.add_argument("--json", action="store_true", help="JSON output for CI")
|
||||
parser.add_argument("--all", action="store_true", help="Test all pulled models")
|
||||
parser.add_argument("--threshold", type=float, default=THRESHOLD_TOK_S, help="tok/s threshold")
|
||||
args = parser.parse_args()
|
||||
threshold = args.threshold
|
||||
|
||||
# Get model list
|
||||
available = get_models()
|
||||
if not available:
|
||||
print("No models found. Pull a model first: ollama pull <model>", file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
if args.models:
|
||||
names = [m.strip() for m in args.models.split(",")]
|
||||
models = [m for m in available if m["name"] in names]
|
||||
missing = set(names) - set(m["name"] for m in models)
|
||||
if missing:
|
||||
print(f"Models not found: {', '.join(missing)}", file=sys.stderr)
|
||||
print(f"Available: {', '.join(m['name'] for m in available)}", file=sys.stderr)
|
||||
else:
|
||||
models = available
|
||||
|
||||
print(f"Benchmarking {len(models)} model(s) against {threshold} tok/s threshold")
|
||||
print(f"Ollama: {OLLAMA_BASE} | Rounds: {args.rounds} | Max tokens: {args.tokens}")
|
||||
print()
|
||||
|
||||
results = []
|
||||
for m in models:
|
||||
name = m["name"]
|
||||
size_gb = m.get("size", 0) / (1024**3)
|
||||
print(f" {name} ({size_gb:.1f}GB):")
|
||||
|
||||
result = run_benchmark(name, size_gb, args.prompt, args.rounds, args.tokens, threshold)
|
||||
results.append(result)
|
||||
|
||||
# Output
|
||||
report = format_report(results, threshold)
|
||||
if args.json:
|
||||
output = {
|
||||
"threshold_tok_s": threshold,
|
||||
"ollama_base": OLLAMA_BASE,
|
||||
"rounds": args.rounds,
|
||||
"results": [asdict(r) for r in results],
|
||||
"passed": sum(1 for r in results if r.meets_threshold),
|
||||
"failed": sum(1 for r in results if not r.meets_threshold and not r.error),
|
||||
"errors": sum(1 for r in results if r.error),
|
||||
}
|
||||
print(json.dumps(output, indent=2))
|
||||
else:
|
||||
print(report)
|
||||
|
||||
# Exit code: 0 if all pass, 1 if any fail/error
|
||||
if any(not r.meets_threshold or r.error for r in results):
|
||||
sys.exit(1)
|
||||
sys.exit(0)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
@@ -1,415 +0,0 @@
|
||||
"""Tests for agent.privacy_filter — PII redaction for remote API calls."""
|
||||
|
||||
import os
|
||||
import pytest
|
||||
|
||||
# Ensure the filter is active for all tests
|
||||
@pytest.fixture(autouse=True)
|
||||
def _enable_filter(monkeypatch):
|
||||
monkeypatch.delenv("HERMES_PRIVACY_FILTER", raising=False)
|
||||
monkeypatch.setattr("agent.privacy_filter._PRIVACY_FILTER_ENABLED", True)
|
||||
monkeypatch.setattr("agent.privacy_filter._FORCE_FILTER", True)
|
||||
|
||||
|
||||
from agent.privacy_filter import (
|
||||
filter_text,
|
||||
filter_messages,
|
||||
detect_sensitive,
|
||||
has_sensitive_content,
|
||||
is_remote_provider,
|
||||
should_route_local,
|
||||
prepare_for_remote,
|
||||
)
|
||||
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
# filter_text — string-level redaction
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
|
||||
class TestEmailRedaction:
|
||||
def test_simple_email(self):
|
||||
result = filter_text("Contact me at alice@example.com for details.")
|
||||
assert "alice@example.com" not in result
|
||||
assert "a…@example.com" in result
|
||||
|
||||
def test_email_with_dots(self):
|
||||
result = filter_text("john.doe+work@corp.co.uk")
|
||||
assert "john.doe+work@corp.co.uk" not in result
|
||||
|
||||
def test_multiple_emails(self):
|
||||
text = "CC: first@test.io and second@test.io"
|
||||
result = filter_text(text)
|
||||
assert "first@test.io" not in result
|
||||
assert "second@test.io" not in result
|
||||
|
||||
def test_email_in_code_block(self):
|
||||
text = "config: { email: 'dev@company.com' }"
|
||||
result = filter_text(text)
|
||||
assert "dev@company.com" not in result
|
||||
|
||||
|
||||
class TestPhoneRedaction:
|
||||
def test_e164_format(self):
|
||||
result = filter_text("Call me at +14155551234")
|
||||
assert "+14155551234" not in result
|
||||
assert "1234" in result # last 4 visible
|
||||
|
||||
def test_us_with_dashes(self):
|
||||
result = filter_text("Phone: 415-555-1234")
|
||||
assert "415-555-1234" not in result
|
||||
|
||||
def test_us_with_parens(self):
|
||||
result = filter_text("Phone: (415) 555-1234")
|
||||
assert "415" not in result or "555-1234" not in result
|
||||
|
||||
def test_international(self):
|
||||
result = filter_text("WhatsApp: +442071234567")
|
||||
assert "+442071234567" not in result
|
||||
|
||||
def test_short_number_not_redacted(self):
|
||||
# 4-digit extension should pass through
|
||||
result = filter_text("Ext: 1234")
|
||||
assert "1234" in result
|
||||
|
||||
|
||||
class TestSSNRedaction:
|
||||
def test_ssn(self):
|
||||
result = filter_text("SSN: 123-45-6789")
|
||||
assert "6789" in result or "[REDACTED" in result
|
||||
assert "123-45-6789" not in result
|
||||
|
||||
def test_ssn_no_dashes(self):
|
||||
result = filter_text("123 45 6789")
|
||||
assert "123 45 6789" not in result
|
||||
|
||||
|
||||
class TestWalletRedaction:
|
||||
def test_bitcoin_legacy(self):
|
||||
addr = "1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2"
|
||||
result = filter_text(f"Send to {addr}")
|
||||
assert addr not in result
|
||||
assert "1BvB" in result # prefix preserved
|
||||
assert "NVN2" in result # suffix preserved
|
||||
|
||||
def test_bitcoin_bech32(self):
|
||||
addr = "bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh"
|
||||
result = filter_text(f"Wallet: {addr}")
|
||||
assert addr not in result
|
||||
assert "bc1" in result
|
||||
|
||||
def test_ethereum(self):
|
||||
addr = "0x742d35Cc6634C0532925a3b844Bc9e7595f8Ca39"
|
||||
result = filter_text(f"ETH: {addr}")
|
||||
assert addr not in result
|
||||
assert "0x" in result
|
||||
assert "Ca39" in result
|
||||
|
||||
def test_multiple_wallets(self):
|
||||
btc = "1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa"
|
||||
eth = "0x0000000000000000000000000000000000000000"
|
||||
result = filter_text(f"{btc} and {eth}")
|
||||
assert btc not in result
|
||||
assert eth not in result
|
||||
|
||||
|
||||
class TestPathRedaction:
|
||||
def test_unix_home(self):
|
||||
result = filter_text("File at /home/alice/secrets/key.pem")
|
||||
assert "/home/alice/secrets" not in result
|
||||
assert "/home" in result
|
||||
|
||||
def test_macos_home(self):
|
||||
result = filter_text("Path: /Users/bob/Documents/taxes.pdf")
|
||||
assert "/Users/bob/Documents" not in result
|
||||
|
||||
def test_windows_path(self):
|
||||
result = filter_text("C:\\Users\\Charlie\\Desktop\\notes.txt")
|
||||
assert "Charlie" not in result
|
||||
|
||||
def test_relative_path_unchanged(self):
|
||||
text = "File: ./src/main.py"
|
||||
result = filter_text(text)
|
||||
assert result == text
|
||||
|
||||
def test_system_path_unchanged(self):
|
||||
text = "Binary at /usr/local/bin/python"
|
||||
assert filter_text(text) == text
|
||||
|
||||
|
||||
class TestPrivateKeyRedaction:
|
||||
def test_pem_key(self):
|
||||
key = "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASC\n-----END PRIVATE KEY-----"
|
||||
result = filter_text(f"Key: {key}")
|
||||
assert "MIIEvQIBADAN" not in result
|
||||
assert "[REDACTED" in result
|
||||
|
||||
def test_rsa_key(self):
|
||||
key = "-----BEGIN RSA PRIVATE KEY-----\ndata\n-----END RSA PRIVATE KEY-----"
|
||||
result = filter_text(key)
|
||||
assert "data" not in result
|
||||
|
||||
|
||||
class TestPassthrough:
|
||||
def test_normal_text(self):
|
||||
text = "Hello, please write a function that sorts a list."
|
||||
assert filter_text(text) == text
|
||||
|
||||
def test_code(self):
|
||||
text = "def hello():\n print('world')\n return 42"
|
||||
assert filter_text(text) == text
|
||||
|
||||
def test_empty_string(self):
|
||||
assert filter_text("") == ""
|
||||
|
||||
def test_none(self):
|
||||
assert filter_text(None) == ""
|
||||
|
||||
def test_technical_discussion(self):
|
||||
text = "The model uses CUDA 12.1 with tensor cores for FP16."
|
||||
assert filter_text(text) == text
|
||||
|
||||
def test_api_url_unchanged(self):
|
||||
text = "Connect to https://api.openai.com/v1/chat/completions"
|
||||
assert filter_text(text) == text
|
||||
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
# detect_sensitive — category detection
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
|
||||
class TestDetection:
|
||||
def test_no_pii(self):
|
||||
assert detect_sensitive("Hello world") == []
|
||||
|
||||
def test_detects_email(self):
|
||||
cats = detect_sensitive("Email me at alice@example.com")
|
||||
assert "email" in cats
|
||||
|
||||
def test_detects_phone(self):
|
||||
cats = detect_sensitive("Call +14155551234")
|
||||
assert "phone" in cats
|
||||
|
||||
def test_detects_wallet(self):
|
||||
cats = detect_sensitive("My BTC: 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa")
|
||||
assert "bitcoin_wallet" in cats
|
||||
|
||||
def test_detects_eth(self):
|
||||
addr = "0x742d35Cc6634C0532925a3b844Bc9e7595f8Ca39"
|
||||
cats = detect_sensitive(f"ETH addr: {addr}")
|
||||
assert "ethereum_wallet" in cats
|
||||
|
||||
def test_detects_multiple(self):
|
||||
cats = detect_sensitive("alice@test.com +14155551234")
|
||||
assert "email" in cats
|
||||
assert "phone" in cats
|
||||
|
||||
def test_empty(self):
|
||||
assert detect_sensitive("") == []
|
||||
|
||||
def test_none(self):
|
||||
assert detect_sensitive(None) == []
|
||||
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
# filter_messages — message list level
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
|
||||
class TestMessageFiltering:
|
||||
def test_filters_content_string(self):
|
||||
messages = [
|
||||
{"role": "user", "content": "My email is bob@example.com, please remember it."}
|
||||
]
|
||||
result = filter_messages(messages)
|
||||
assert "bob@example.com" not in result[0]["content"]
|
||||
# Original unchanged (deep copy)
|
||||
assert "bob@example.com" in messages[0]["content"]
|
||||
|
||||
def test_filters_content_parts(self):
|
||||
messages = [
|
||||
{
|
||||
"role": "user",
|
||||
"content": [
|
||||
{"type": "text", "text": "Here's my SSN: 123-45-6789"},
|
||||
{"type": "image_url", "image_url": {"url": "https://img.com/a.png"}},
|
||||
],
|
||||
}
|
||||
]
|
||||
result = filter_messages(messages)
|
||||
text_part = [p for p in result[0]["content"] if p.get("type") == "text"][0]
|
||||
assert "123-45-6789" not in text_part["text"]
|
||||
# Image URL untouched
|
||||
img_part = [p for p in result[0]["content"] if p.get("type") == "image_url"][0]
|
||||
assert img_part["image_url"]["url"] == "https://img.com/a.png"
|
||||
|
||||
def test_filters_tool_call_arguments(self):
|
||||
messages = [
|
||||
{
|
||||
"role": "assistant",
|
||||
"content": None,
|
||||
"tool_calls": [
|
||||
{
|
||||
"id": "call_123",
|
||||
"type": "function",
|
||||
"function": {
|
||||
"name": "send_email",
|
||||
"arguments": '{"to": "alice@example.com", "body": "Hi Alice"}',
|
||||
},
|
||||
}
|
||||
],
|
||||
}
|
||||
]
|
||||
result = filter_messages(messages)
|
||||
args_str = result[0]["tool_calls"][0]["function"]["arguments"]
|
||||
assert "alice@example.com" not in args_str
|
||||
|
||||
def test_preserves_system_message(self):
|
||||
messages = [
|
||||
{"role": "system", "content": "You are a helpful assistant."},
|
||||
{"role": "user", "content": "Hello!"},
|
||||
]
|
||||
result = filter_messages(messages)
|
||||
assert result[0]["content"] == "You are a helpful assistant."
|
||||
assert result[1]["content"] == "Hello!"
|
||||
|
||||
def test_deep_copy_safety(self):
|
||||
original = [{"role": "user", "content": "test@example.com is my email"}]
|
||||
result = filter_messages(original)
|
||||
# Modifying result doesn't affect original
|
||||
result[0]["content"] = "modified"
|
||||
assert "test@example.com" in original[0]["content"]
|
||||
|
||||
def test_handles_none_content(self):
|
||||
messages = [{"role": "assistant", "content": None, "tool_calls": []}]
|
||||
result = filter_messages(messages)
|
||||
assert result[0]["content"] is None
|
||||
|
||||
def test_handles_empty_messages(self):
|
||||
assert filter_messages([]) == []
|
||||
|
||||
def test_preserves_tool_result_content(self):
|
||||
messages = [
|
||||
{
|
||||
"role": "tool",
|
||||
"content": "Found file at /usr/bin/secret but paths like /home/alice/x should be redacted",
|
||||
"tool_call_id": "call_123",
|
||||
}
|
||||
]
|
||||
result = filter_messages(messages)
|
||||
assert "/home/alice" not in result[0]["content"]
|
||||
assert "/usr/bin" in result[0]["content"] # system path preserved
|
||||
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
# has_sensitive_content — message-level detection
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
|
||||
class TestHasSensitiveContent:
|
||||
def test_clean_messages(self):
|
||||
messages = [{"role": "user", "content": "Write me a poem"}]
|
||||
assert has_sensitive_content(messages) == []
|
||||
|
||||
def test_email_detected(self):
|
||||
messages = [{"role": "user", "content": "email me at a@b.com"}]
|
||||
cats = has_sensitive_content(messages)
|
||||
assert "email" in cats
|
||||
|
||||
def test_tool_args_scanned(self):
|
||||
messages = [
|
||||
{
|
||||
"role": "assistant",
|
||||
"content": None,
|
||||
"tool_calls": [
|
||||
{
|
||||
"function": {
|
||||
"name": "search",
|
||||
"arguments": '{"query": "user +14155551234"}',
|
||||
}
|
||||
}
|
||||
],
|
||||
}
|
||||
]
|
||||
cats = has_sensitive_content(messages)
|
||||
assert "phone" in cats
|
||||
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
# Provider routing
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
|
||||
class TestProviderRouting:
|
||||
def test_remote_openai(self):
|
||||
assert is_remote_provider("https://api.openai.com/v1") is True
|
||||
|
||||
def test_remote_openrouter(self):
|
||||
assert is_remote_provider("https://openrouter.ai/api/v1") is True
|
||||
|
||||
def test_local_localhost(self):
|
||||
assert is_remote_provider("http://localhost:11434/v1") is False
|
||||
|
||||
def test_local_127(self):
|
||||
assert is_remote_provider("http://127.0.0.1:8080/v1") is False
|
||||
|
||||
def test_empty_assumes_local(self):
|
||||
assert is_remote_provider("") is False
|
||||
|
||||
def test_route_local_with_pii(self):
|
||||
messages = [{"role": "user", "content": "My email: a@b.com"}]
|
||||
should, reasons = should_route_local(messages, "https://api.openai.com/v1")
|
||||
assert should is True
|
||||
assert "email" in reasons
|
||||
|
||||
def test_no_route_without_pii(self):
|
||||
messages = [{"role": "user", "content": "Hello!"}]
|
||||
should, reasons = should_route_local(messages, "https://api.openai.com/v1")
|
||||
assert should is False
|
||||
|
||||
def test_no_route_for_local_provider(self):
|
||||
messages = [{"role": "user", "content": "Email: a@b.com"}]
|
||||
should, reasons = should_route_local(messages, "http://localhost:11434/v1")
|
||||
assert should is False
|
||||
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
# prepare_for_remote — integration hook
|
||||
# ═══════════════════════════════════════════════════════════════════════════
|
||||
|
||||
class TestPrepareForRemote:
|
||||
def test_filters_remote_with_pii(self):
|
||||
messages = [
|
||||
{"role": "user", "content": "Send to alice@test.com, wallet 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa"},
|
||||
]
|
||||
result, cats = prepare_for_remote(messages, "https://api.openai.com/v1")
|
||||
assert "alice@test.com" not in result[0]["content"]
|
||||
assert "1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa" not in result[0]["content"]
|
||||
assert "email" in cats
|
||||
assert "bitcoin_wallet" in cats
|
||||
|
||||
def test_passes_through_local(self):
|
||||
messages = [{"role": "user", "content": "Email: a@b.com"}]
|
||||
result, cats = prepare_for_remote(messages, "http://localhost:11434/v1")
|
||||
assert result is messages # same object
|
||||
assert cats == []
|
||||
|
||||
def test_passes_through_clean_remote(self):
|
||||
messages = [{"role": "user", "content": "Sort this list"}]
|
||||
result, cats = prepare_for_remote(messages, "https://api.openai.com/v1")
|
||||
assert cats == []
|
||||
assert result[0]["content"] == "Sort this list"
|
||||
|
||||
def test_realistic_conversation(self):
|
||||
"""Full conversation with mixed sensitive and safe messages."""
|
||||
messages = [
|
||||
{"role": "system", "content": "You are a helpful coding assistant."},
|
||||
{"role": "user", "content": "Help me write a Python HTTP server."},
|
||||
{"role": "assistant", "content": "Here's a simple example:\n```python\nimport http.server\n```"},
|
||||
{"role": "user", "content": "Great! Now deploy it to my server at /home/deploy/app. My email is admin@mycompany.com"},
|
||||
]
|
||||
result, cats = prepare_for_remote(messages, "https://api.openai.com/v1")
|
||||
# Safe messages unchanged
|
||||
assert result[0]["content"] == messages[0]["content"]
|
||||
assert result[1]["content"] == messages[1]["content"]
|
||||
# Sensitive message filtered
|
||||
assert "admin@mycompany.com" not in result[3]["content"]
|
||||
assert "/home/deploy" not in result[3]["content"]
|
||||
assert "email" in cats
|
||||
assert "user_path_unix" in cats
|
||||
Reference in New Issue
Block a user