快速开始
在LiteLLM代理(AI网关)上设置提示注入检测和PII屏蔽
1. 在LiteLLM的config.yaml中定义防护措施
在你的guardrails部分设置防护措施
model_list:
- model_name: gpt-3.5-turbo
litellm_params:
model: openai/gpt-3.5-turbo
api_key: os.environ/OPENAI_API_KEY
guardrails:
- guardrail_name: "aporia-pre-guard"
litellm_params:
guardrail: aporia # 支持的值: "aporia", "lakera"
mode: "during_call"
api_key: os.environ/APORIA_API_KEY_1
api_base: os.environ/APORIA_API_BASE_1
- guardrail_name: "aporia-post-guard"
litellm_params:
guardrail: aporia # 支持的值: "aporia", "lakera"
mode: "post_call"
api_key: os.environ/APORIA_API_KEY_2
api_base: os.environ/APORIA_API_BASE_2
mode支持的值(事件钩子)
pre_call在LLM调用之前运行,针对输入post_call在LLM调用之后运行,针对输入和输出during_call在LLM调用期间运行,针对输入 与pre_call相同,但在LLM调用时并行运行。响应在防护措施检查完成之前不会返回。
2. 启动LiteLLM网关
litellm --config config.yaml --detailed_debug
3. 测试请求
- 不成功的调用
- 成功的调用
预期此调用会失败,因为请求中的ishaan@berri.ai是PII
curl -i http://localhost:4000/v1/chat/completions \
-H "Content-Type: application/json" \
-H "Authorization: Bearer sk-npnwjPQciVRok5yNZgKmFQ" \
-d '{
"model": "gpt-3.5-turbo",
"messages": [
{"role": "user", "content": "hi my email is ishaan@berri.ai"}
],
"guardrails": ["aporia-pre-guard", "aporia-post-guard"]
}'
预期失败响应
{
"error": {
"message": {
"error": "违反了防护措施策略",
"aporia_ai_response": {
"action": "block",
"revised_prompt": null,
"revised_response": "Aporia检测到并屏蔽了PII",
"explain_log": null
}
},
"type": "None",
"param": "None",
"code": "400"
}
}
curl -i http://localhost:4000/v1/chat/completions \
-H "Content-Type: application/json" \
-H "Authorization: Bearer sk-npnwjPQciVRok5yNZgKmFQ" \
-d '{
"model": "gpt-3.5-turbo",
"messages": [
{"role": "user", "content": "hi what is the weather"}
],
"guardrails": ["aporia-pre-guard", "aporia-post-guard"]
}'
高级
✨ 按项目(API密钥)控制防护措施
info
✨ 这是企业版功能 联系我们获取免费试用
使用此功能按项目控制运行哪些防护措施。在本教程中,我们只想为1个项目(API密钥)运行以下防护措施:
guardrails: ["aporia-pre-guard", "aporia-post-guard"]
步骤1 创建带有防护措施设置的密钥
- /key/generate
- /key/update
curl -X POST 'http://0.0.0.0:4000/key/generate' \
-H 'Authorization: Bearer sk-1234' \
-H 'Content-Type: application/json' \
-D '{
"guardrails": ["aporia-pre-guard", "aporia-post-guard"]
}
}'
curl --location 'http://0.0.0.0:4000/key/update' \
--header 'Authorization: Bearer sk-1234' \
--header 'Content-Type: application/json' \
--data '{
"key": "sk-jNm1Zar7XfNdZXp49Z1kSQ",
"guardrails": ["aporia-pre-guard", "aporia-post-guard"]
}
}'
步骤2 使用新密钥进行测试
curl --location 'http://0.0.0.0:4000/chat/completions' \
--header 'Authorization: Bearer sk-jNm1Zar7XfNdZXp49Z1kSQ' \
--header 'Content-Type: application/json' \
--data '{
"model": "gpt-3.5-turbo",
"messages": [
{
"role": "user",
"content": "my email is ishaan@berri.ai"
}
]
}'
✨ 禁止团队启用/禁用防护措施
info
✨ 这是企业版功能 联系我们获取免费试用
1. 禁止团队修改防护措施
curl -X POST 'http://0.0.0.0:4000/team/update' \
-H 'Authorization: Bearer sk-1234' \
-H 'Content-Type: application/json' \
-D '{
"team_id": "4198d93c-d375-4c83-8d5a-71e7c5473e50",
"metadata": {"guardrails": {"modify_guardrails": false}}
}'
2. 尝试为某个调用禁用防护措施
curl --location 'http://0.0.0.0:4000/chat/completions' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer $LITELLM_VIRTUAL_KEY' \
--data '{
"model": "gpt-3.5-turbo",
"messages": [
{
"role": "user",
"content": "想出10种随机的颜色。"
}
],
"metadata": {"guardrails": {"hide_secrets": false}}
}'
3. 获取403错误
{
"error": {
"message": {
"error": "您的团队没有修改防护栏的权限。"
},
"type": "auth_error",
"param": "None",
"code": 403
}
}
预计不会在回调的服务器日志中看到+1 412-612-9992。
info
pii_masking防护栏在此请求上运行,因为api key=sk-jNm1Zar7XfNdZXp49Z1kSQ的"permissions": {"pii_masking": true}