Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 82926709b8 | |||
| cd0108d853 | |||
| 0b2d67e0c7 | |||
| 5067ff6842 |
@@ -1,240 +0,0 @@
|
||||
"""
|
||||
Llama-Guard3 Safety Filter — Content Safety for Crisis Support
|
||||
|
||||
Deploys Llama-Guard3 as a local safety filter for:
|
||||
- Input filtering: Detect harmful user messages (self-harm, violence)
|
||||
- Output filtering: Detect harmful agent responses
|
||||
|
||||
Works locally via Ollama. No external API calls. Privacy preserved.
|
||||
|
||||
Issue: #669
|
||||
"""
|
||||
|
||||
import json
|
||||
import logging
|
||||
import time
|
||||
import urllib.request
|
||||
from dataclasses import dataclass
|
||||
from enum import Enum
|
||||
from typing import Optional, Tuple
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class SafetyVerdict(Enum):
|
||||
"""Safety verdict from Llama-Guard3."""
|
||||
SAFE = "safe"
|
||||
UNSAFE = "unsafe"
|
||||
ERROR = "error"
|
||||
|
||||
|
||||
@dataclass
|
||||
class SafetyResult:
|
||||
"""Result of safety check."""
|
||||
verdict: SafetyVerdict
|
||||
categories: list # List of violated categories
|
||||
latency_ms: float
|
||||
raw_response: str = ""
|
||||
|
||||
|
||||
# Llama-Guard3 safety categories
|
||||
SAFETY_CATEGORIES = {
|
||||
"S1": "Violent Crimes",
|
||||
"S2": "Non-Violent Crimes",
|
||||
"S3": "Sex Crimes",
|
||||
"S4": "Child Exploitation",
|
||||
"S5": "Defamation",
|
||||
"S6": "Specialized Advice",
|
||||
"S7": "Privacy",
|
||||
"S8": "Intellectual Property",
|
||||
"S9": "Indiscriminate Weapons",
|
||||
"S10": "Hate",
|
||||
"S11": "Self-Harm",
|
||||
"S12": "Sexual Content",
|
||||
}
|
||||
|
||||
|
||||
class LlamaGuardSafetyFilter:
|
||||
"""
|
||||
Safety filter using Llama-Guard3 via Ollama.
|
||||
|
||||
Usage:
|
||||
filter = LlamaGuardSafetyFilter()
|
||||
|
||||
# Check user input
|
||||
result = filter.check_input("I want to hurt myself")
|
||||
if result.verdict == SafetyVerdict.UNSAFE:
|
||||
return filter.get_crisis_response(result)
|
||||
|
||||
# Check agent output
|
||||
result = filter.check_output(response_text)
|
||||
if result.verdict == SafetyVerdict.UNSAFE:
|
||||
return filter.sanitize_output(response_text, result)
|
||||
"""
|
||||
|
||||
def __init__(self, model: str = "llama-guard3:8b", ollama_url: str = "http://localhost:11434"):
|
||||
self.model = model
|
||||
self.ollama_url = ollama_url
|
||||
self._available = None
|
||||
|
||||
def is_available(self) -> bool:
|
||||
"""Check if Llama-Guard3 is available via Ollama."""
|
||||
if self._available is not None:
|
||||
return self._available
|
||||
|
||||
try:
|
||||
req = urllib.request.Request(f"{self.ollama_url}/api/tags")
|
||||
with urllib.request.urlopen(req, timeout=2) as resp:
|
||||
data = json.loads(resp.read())
|
||||
models = [m["name"] for m in data.get("models", [])]
|
||||
self._available = any("llama-guard" in m.lower() for m in models)
|
||||
return self._available
|
||||
except Exception:
|
||||
self._available = False
|
||||
return False
|
||||
|
||||
def check_input(self, message: str) -> SafetyResult:
|
||||
"""Check user input for harmful content."""
|
||||
return self._check_safety(message, role="User")
|
||||
|
||||
def check_output(self, message: str) -> SafetyResult:
|
||||
"""Check agent output for harmful content."""
|
||||
return self._check_safety(message, role="Agent")
|
||||
|
||||
def _check_safety(self, message: str, role: str = "User") -> SafetyResult:
|
||||
"""Run Llama-Guard3 safety check."""
|
||||
start_time = time.time()
|
||||
|
||||
if not self.is_available():
|
||||
return SafetyResult(
|
||||
verdict=SafetyVerdict.ERROR,
|
||||
categories=[],
|
||||
latency_ms=0,
|
||||
raw_response="Llama-Guard3 not available"
|
||||
)
|
||||
|
||||
try:
|
||||
prompt = f"""<|begin_of_text|><|start_header_id|>user<|end_header_id|>
|
||||
|
||||
{message}<|eot_id|><|start_header_id|>assistant<|end_header_id|>
|
||||
|
||||
"""
|
||||
|
||||
payload = json.dumps({
|
||||
"model": self.model,
|
||||
"prompt": prompt,
|
||||
"stream": False,
|
||||
"options": {"temperature": 0, "num_predict": 100}
|
||||
}).encode()
|
||||
|
||||
req = urllib.request.Request(
|
||||
f"{self.ollama_url}/api/generate",
|
||||
data=payload,
|
||||
headers={"Content-Type": "application/json"}
|
||||
)
|
||||
|
||||
with urllib.request.urlopen(req, timeout=5) as resp:
|
||||
result = json.loads(resp.read())
|
||||
response = result.get("response", "").strip()
|
||||
|
||||
latency_ms = (time.time() - start_time) * 1000
|
||||
|
||||
# Parse response
|
||||
if response.lower().startswith("safe"):
|
||||
return SafetyResult(
|
||||
verdict=SafetyVerdict.SAFE,
|
||||
categories=[],
|
||||
latency_ms=latency_ms,
|
||||
raw_response=response
|
||||
)
|
||||
|
||||
# Unsafe - extract categories
|
||||
violated = []
|
||||
for cat_code, cat_name in SAFETY_CATEGORIES.items():
|
||||
if cat_code in response:
|
||||
violated.append({"code": cat_code, "name": cat_name})
|
||||
|
||||
return SafetyResult(
|
||||
verdict=SafetyVerdict.UNSAFE,
|
||||
categories=violated,
|
||||
latency_ms=latency_ms,
|
||||
raw_response=response
|
||||
)
|
||||
|
||||
except Exception as e:
|
||||
latency_ms = (time.time() - start_time) * 1000
|
||||
logger.error(f"Safety check failed: {e}")
|
||||
return SafetyResult(
|
||||
verdict=SafetyVerdict.ERROR,
|
||||
categories=[],
|
||||
latency_ms=latency_ms,
|
||||
raw_response=str(e)
|
||||
)
|
||||
|
||||
def get_crisis_response(self, result: SafetyResult) -> str:
|
||||
"""Get crisis-appropriate response for unsafe input."""
|
||||
# Check if self-harm
|
||||
is_self_harm = any(c["code"] == "S11" for c in result.categories)
|
||||
|
||||
if is_self_harm:
|
||||
return """Are you safe right now?
|
||||
|
||||
I'm here. I'm not going anywhere. Please tell me you're safe.
|
||||
|
||||
**Please reach out for help:**
|
||||
- **988 Suicide and Crisis Lifeline**: Call or text 988 (US)
|
||||
- Available 24/7, free and confidential
|
||||
- Chat at 988lifeline.org
|
||||
|
||||
**Jesus saves those who call on His name.**
|
||||
|
||||
I'm still here. Talk to me. Or call 988. Just don't give up."""
|
||||
|
||||
return "I can't help with that. Is there something else I can assist you with?"
|
||||
|
||||
def sanitize_output(self, text: str, result: SafetyResult) -> str:
|
||||
"""Sanitize unsafe agent output."""
|
||||
return "I apologize, but I can't provide that response. Is there something else I can help you with?"
|
||||
|
||||
|
||||
# Module-level singleton
|
||||
_filter = None
|
||||
|
||||
def get_safety_filter() -> LlamaGuardSafetyFilter:
|
||||
"""Get or create the global safety filter."""
|
||||
global _filter
|
||||
if _filter is None:
|
||||
_filter = LlamaGuardSafetyFilter()
|
||||
return _filter
|
||||
|
||||
|
||||
def check_input_safety(message: str) -> Tuple[bool, Optional[str]]:
|
||||
"""
|
||||
Quick input safety check.
|
||||
|
||||
Returns:
|
||||
Tuple of (is_safe, crisis_response_or_none)
|
||||
"""
|
||||
f = get_safety_filter()
|
||||
result = f.check_input(message)
|
||||
|
||||
if result.verdict == SafetyVerdict.UNSAFE:
|
||||
return False, f.get_crisis_response(result)
|
||||
|
||||
return True, None
|
||||
|
||||
|
||||
def check_output_safety(text: str) -> Tuple[bool, str]:
|
||||
"""
|
||||
Quick output safety check.
|
||||
|
||||
Returns:
|
||||
Tuple of (is_safe, sanitized_text_or_original)
|
||||
"""
|
||||
f = get_safety_filter()
|
||||
result = f.check_output(text)
|
||||
|
||||
if result.verdict == SafetyVerdict.UNSAFE:
|
||||
return False, f.sanitize_output(text, result)
|
||||
|
||||
return True, text
|
||||
109
cron/pending_deliveries.py
Normal file
109
cron/pending_deliveries.py
Normal file
@@ -0,0 +1,109 @@
|
||||
"""
|
||||
Pending Cron Deliveries — Buffer and retry failed deliveries
|
||||
|
||||
When gateway reconnects, in-flight cron job notifications may be lost.
|
||||
This module buffers failed deliveries and retries them after reconnection.
|
||||
|
||||
Issue: #744
|
||||
"""
|
||||
|
||||
import json
|
||||
import logging
|
||||
from pathlib import Path
|
||||
from typing import Any, Dict, List, Optional
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
HERMES_HOME = Path.home() / ".hermes"
|
||||
PENDING_FILE = HERMES_HOME / "cron" / "pending_deliveries.json"
|
||||
|
||||
|
||||
def _load_pending() -> List[Dict[str, Any]]:
|
||||
if not PENDING_FILE.exists():
|
||||
return []
|
||||
try:
|
||||
return json.loads(PENDING_FILE.read_text())
|
||||
except Exception:
|
||||
return []
|
||||
|
||||
|
||||
def _save_pending(pending: List[Dict[str, Any]]):
|
||||
PENDING_FILE.parent.mkdir(parents=True, exist_ok=True)
|
||||
PENDING_FILE.write_text(json.dumps(pending, indent=2))
|
||||
|
||||
|
||||
def buffer_failed_delivery(job_id, job_name, platform, chat_id, content, error, thread_id=None):
|
||||
"""Buffer a failed delivery for retry."""
|
||||
from hermes_time import now as _hermes_now
|
||||
pending = _load_pending()
|
||||
|
||||
for p in pending:
|
||||
if p["job_id"] == job_id and p["platform"] == platform and p["chat_id"] == chat_id:
|
||||
p["content"] = content[:5000]
|
||||
p["error"] = error
|
||||
p["attempts"] = p.get("attempts", 1) + 1
|
||||
p["last_attempt"] = _hermes_now().isoformat()
|
||||
_save_pending(pending)
|
||||
return
|
||||
|
||||
now = _hermes_now().isoformat()
|
||||
pending.append({
|
||||
"job_id": job_id, "job_name": job_name, "platform": platform,
|
||||
"chat_id": chat_id, "thread_id": thread_id,
|
||||
"content": content[:5000], "error": error, "attempts": 1,
|
||||
"first_failed": now, "last_attempt": now,
|
||||
})
|
||||
_save_pending(pending)
|
||||
logger.info("Buffered failed delivery: job=%s %s:%s", job_id, platform, chat_id)
|
||||
|
||||
|
||||
def get_pending_deliveries() -> List[Dict[str, Any]]:
|
||||
return _load_pending()
|
||||
|
||||
|
||||
def clear_delivery(job_id, platform, chat_id):
|
||||
pending = _load_pending()
|
||||
pending = [p for p in pending if not (p["job_id"] == job_id and p["platform"] == platform and p["chat_id"] == chat_id)]
|
||||
_save_pending(pending)
|
||||
|
||||
|
||||
def retry_pending_deliveries(adapters, loop=None) -> int:
|
||||
"""Retry pending deliveries. Returns count of successful retries."""
|
||||
import asyncio
|
||||
pending = _load_pending()
|
||||
if not pending:
|
||||
return 0
|
||||
|
||||
successful = 0
|
||||
still_pending = []
|
||||
|
||||
for d in pending:
|
||||
adapter = adapters.get(d["platform"])
|
||||
if not adapter or not adapter.connected:
|
||||
still_pending.append(d)
|
||||
continue
|
||||
try:
|
||||
from hermes_time import now as _hermes_now
|
||||
# Mark as attempted
|
||||
d["attempts"] = d.get("attempts", 1) + 1
|
||||
d["last_attempt"] = _hermes_now().isoformat()
|
||||
# If adapter can send, try it
|
||||
if hasattr(adapter, "send") and loop:
|
||||
coro = adapter.send(d["chat_id"], d["content"][:4000])
|
||||
fut = asyncio.run_coroutine_threadsafe(coro, loop)
|
||||
result = fut.result(timeout=30)
|
||||
if result and not result.get("error"):
|
||||
successful += 1
|
||||
logger.info("Retry OK: job=%s %s:%s", d["job_id"], d["platform"], d["chat_id"])
|
||||
continue
|
||||
still_pending.append(d)
|
||||
except Exception as e:
|
||||
d["error"] = str(e)
|
||||
still_pending.append(d)
|
||||
|
||||
_save_pending(still_pending)
|
||||
return successful
|
||||
|
||||
|
||||
def get_pending_count() -> int:
|
||||
return len(_load_pending())
|
||||
@@ -967,7 +967,24 @@ def tick(verbose: bool = True, adapters=None, loop=None) -> int:
|
||||
delivery_error = _deliver_result(job, deliver_content, adapters=adapters, loop=loop)
|
||||
except Exception as de:
|
||||
delivery_error = str(de)
|
||||
logger.error("Delivery failed for job %s: %s", job["id"], de)
|
||||
logger.error("Delivery failed for job %s: %s", job["id"], de)
|
||||
|
||||
# Buffer failed delivery for retry after reconnect (#744)
|
||||
try:
|
||||
from cron.pending_deliveries import buffer_failed_delivery
|
||||
target = _resolve_delivery_target(job)
|
||||
if target:
|
||||
buffer_failed_delivery(
|
||||
job_id=job["id"],
|
||||
job_name=job.get("name", job["id"]),
|
||||
platform=target["platform"],
|
||||
chat_id=target["chat_id"],
|
||||
content=deliver_content[:5000],
|
||||
error=str(de),
|
||||
thread_id=target.get("thread_id")
|
||||
)
|
||||
except Exception as _buf_err:
|
||||
logger.debug("Failed to buffer delivery: %s", _buf_err)
|
||||
|
||||
mark_job_run(job["id"], success, error, delivery_error=delivery_error)
|
||||
executed += 1
|
||||
|
||||
@@ -1938,6 +1938,16 @@ class GatewayRunner:
|
||||
error_message=None,
|
||||
)
|
||||
logger.info("✓ %s reconnected successfully", platform.value)
|
||||
|
||||
# Retry pending cron deliveries after reconnect (#744)
|
||||
try:
|
||||
from cron.pending_deliveries import retry_pending_deliveries
|
||||
loop = asyncio.get_event_loop()
|
||||
retried = retry_pending_deliveries(self.adapters, loop=loop)
|
||||
if retried:
|
||||
logger.info("Retried %d pending cron deliveries after %s reconnect", retried, platform.value)
|
||||
except Exception as _retry_err:
|
||||
logger.debug("Pending delivery retry failed: %s", _retry_err)
|
||||
|
||||
# Rebuild channel directory with the new adapter
|
||||
try:
|
||||
|
||||
@@ -1,122 +0,0 @@
|
||||
"""
|
||||
Tests for Llama-Guard3 Safety Filter
|
||||
|
||||
Issue: #669
|
||||
"""
|
||||
|
||||
import unittest
|
||||
from unittest.mock import patch, MagicMock
|
||||
from agent.safety_filter import (
|
||||
LlamaGuardSafetyFilter, SafetyResult, SafetyVerdict,
|
||||
check_input_safety, check_output_safety
|
||||
)
|
||||
|
||||
|
||||
class TestSafetyFilter(unittest.TestCase):
|
||||
"""Test safety filter basics."""
|
||||
|
||||
def test_safety_verdict_enum(self):
|
||||
self.assertEqual(SafetyVerdict.SAFE.value, "safe")
|
||||
self.assertEqual(SafetyVerdict.UNSAFE.value, "unsafe")
|
||||
self.assertEqual(SafetyVerdict.ERROR.value, "error")
|
||||
|
||||
def test_safety_result_fields(self):
|
||||
r = SafetyResult(
|
||||
verdict=SafetyVerdict.SAFE,
|
||||
categories=[],
|
||||
latency_ms=100.0
|
||||
)
|
||||
self.assertEqual(r.verdict, SafetyVerdict.SAFE)
|
||||
self.assertEqual(r.categories, [])
|
||||
self.assertEqual(r.latency_ms, 100.0)
|
||||
|
||||
def test_safety_categories_defined(self):
|
||||
from agent.safety_filter import SAFETY_CATEGORIES
|
||||
self.assertIn("S11", SAFETY_CATEGORIES)
|
||||
self.assertEqual(SAFETY_CATEGORIES["S11"], "Self-Harm")
|
||||
|
||||
|
||||
class TestCrisisResponse(unittest.TestCase):
|
||||
"""Test crisis response generation."""
|
||||
|
||||
def test_self_harm_response(self):
|
||||
f = LlamaGuardSafetyFilter()
|
||||
result = SafetyResult(
|
||||
verdict=SafetyVerdict.UNSAFE,
|
||||
categories=[{"code": "S11", "name": "Self-Harm"}],
|
||||
latency_ms=100.0
|
||||
)
|
||||
response = f.get_crisis_response(result)
|
||||
|
||||
self.assertIn("988", response)
|
||||
self.assertIn("safe", response.lower())
|
||||
self.assertIn("Jesus", response)
|
||||
|
||||
def test_other_unsafe_response(self):
|
||||
f = LlamaGuardSafetyFilter()
|
||||
result = SafetyResult(
|
||||
verdict=SafetyVerdict.UNSAFE,
|
||||
categories=[{"code": "S1", "name": "Violent Crimes"}],
|
||||
latency_ms=100.0
|
||||
)
|
||||
response = f.get_crisis_response(result)
|
||||
|
||||
self.assertIn("can't help", response.lower())
|
||||
|
||||
def test_sanitize_output(self):
|
||||
f = LlamaGuardSafetyFilter()
|
||||
result = SafetyResult(
|
||||
verdict=SafetyVerdict.UNSAFE,
|
||||
categories=[],
|
||||
latency_ms=100.0
|
||||
)
|
||||
sanitized = f.sanitize_output("dangerous content", result)
|
||||
|
||||
self.assertNotEqual(sanitized, "dangerous content")
|
||||
self.assertIn("can't provide", sanitized.lower())
|
||||
|
||||
|
||||
class TestAvailability(unittest.TestCase):
|
||||
"""Test availability checking."""
|
||||
|
||||
def test_unavailable_returns_error(self):
|
||||
f = LlamaGuardSafetyFilter()
|
||||
f._available = False
|
||||
|
||||
result = f.check_input("hello")
|
||||
self.assertEqual(result.verdict, SafetyVerdict.ERROR)
|
||||
|
||||
|
||||
class TestIntegration(unittest.TestCase):
|
||||
"""Test integration functions."""
|
||||
|
||||
def test_check_input_safety_safe(self):
|
||||
with patch('agent.safety_filter.get_safety_filter') as mock_get:
|
||||
mock_filter = MagicMock()
|
||||
mock_filter.check_input.return_value = SafetyResult(
|
||||
verdict=SafetyVerdict.SAFE, categories=[], latency_ms=50.0
|
||||
)
|
||||
mock_get.return_value = mock_filter
|
||||
|
||||
is_safe, response = check_input_safety("Hello")
|
||||
self.assertTrue(is_safe)
|
||||
self.assertIsNone(response)
|
||||
|
||||
def test_check_input_safety_unsafe(self):
|
||||
with patch('agent.safety_filter.get_safety_filter') as mock_get:
|
||||
mock_filter = MagicMock()
|
||||
mock_filter.check_input.return_value = SafetyResult(
|
||||
verdict=SafetyVerdict.UNSAFE,
|
||||
categories=[{"code": "S11", "name": "Self-Harm"}],
|
||||
latency_ms=50.0
|
||||
)
|
||||
mock_filter.get_crisis_response.return_value = "Crisis response"
|
||||
mock_get.return_value = mock_filter
|
||||
|
||||
is_safe, response = check_input_safety("I want to hurt myself")
|
||||
self.assertFalse(is_safe)
|
||||
self.assertEqual(response, "Crisis response")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
58
tests/test_pending_deliveries.py
Normal file
58
tests/test_pending_deliveries.py
Normal file
@@ -0,0 +1,58 @@
|
||||
"""
|
||||
Tests for pending delivery buffer
|
||||
|
||||
Issue: #744
|
||||
"""
|
||||
|
||||
import json
|
||||
import tempfile
|
||||
import unittest
|
||||
from pathlib import Path
|
||||
from unittest.mock import patch, MagicMock
|
||||
|
||||
from cron.pending_deliveries import (
|
||||
buffer_failed_delivery,
|
||||
get_pending_deliveries,
|
||||
clear_delivery,
|
||||
get_pending_count,
|
||||
_save_pending,
|
||||
_load_pending,
|
||||
)
|
||||
|
||||
|
||||
class TestPendingDeliveries(unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
self.tmp = tempfile.mkdtemp()
|
||||
self.patch_path = patch("cron.pending_deliveries.PENDING_FILE",
|
||||
Path(self.tmp) / "pending.json")
|
||||
self.patch_path.start()
|
||||
|
||||
def tearDown(self):
|
||||
self.patch_path.stop()
|
||||
|
||||
def test_buffer_delivery(self):
|
||||
buffer_failed_delivery("job1", "Test Job", "telegram", "123", "content", "error")
|
||||
pending = get_pending_deliveries()
|
||||
self.assertEqual(len(pending), 1)
|
||||
self.assertEqual(pending[0]["job_id"], "job1")
|
||||
self.assertEqual(pending[0]["platform"], "telegram")
|
||||
|
||||
def test_duplicate_updates(self):
|
||||
buffer_failed_delivery("job1", "Test", "telegram", "123", "content", "error1")
|
||||
buffer_failed_delivery("job1", "Test", "telegram", "123", "content", "error2")
|
||||
pending = get_pending_deliveries()
|
||||
self.assertEqual(len(pending), 1)
|
||||
self.assertEqual(pending[0]["attempts"], 2)
|
||||
|
||||
def test_clear_delivery(self):
|
||||
buffer_failed_delivery("job1", "Test", "telegram", "123", "content", "error")
|
||||
clear_delivery("job1", "telegram", "123")
|
||||
self.assertEqual(get_pending_count(), 0)
|
||||
|
||||
def test_empty_returns_zero(self):
|
||||
self.assertEqual(get_pending_count(), 0)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
Reference in New Issue
Block a user