Generated: 2026-01-10 18:54:38 UTC
def _tokenize(
self, texts: list[str], chunk_size: int
) -> tuple[Iterable[int], list[list[int] | str], list[int], list[int]]:
"""Tokenize and batch input texts.
Splits texts based on `embedding_ctx_length` and groups them into batches
of size `chunk_size`.
Args:
texts: The list of texts to tokenize.
chunk_size: The maximum number of texts to include in a single batch. raise ValueError(msg)
def _tokenize(
self, texts: list[str], chunk_size: int
) -> tuple[Iterable[int], list[list[int] | str], list[int], list[int]]:
"""Tokenize and batch input texts.def _construct_responses_api_payload(
messages: Sequence[BaseMessage], payload: dict
) -> dict:
# Rename legacy parameters
for legacy_token_param in ["max_tokens", "max_completion_tokens"]:
if legacy_token_param in payload:
payload["max_output_tokens"] = payload.pop(legacy_token_param)
if "reasoning_effort" in payload and "reasoning" not in payload:
payload["reasoning"] = {"effort": payload.pop("reasoning_effort")}
# Remove temperature parameter for models that don't support it in responses API def _generate(
self,
messages: list[BaseMessage],
stop: list[str] | None = None,
run_manager: CallbackManagerForLLMRun | None = None,
**kwargs: Any,
) -> ChatResult:
self._ensure_sync_client_available()
payload = self._get_request_payload(messages, stop=stop, **kwargs)
generation_info = None
raw_response = None def _get_encoding_model(self) -> tuple[str, tiktoken.Encoding]:
if self.tiktoken_model_name is not None:
model = self.tiktoken_model_name
else:
model = self.model_name
try:
encoding = tiktoken.encoding_for_model(model)
except KeyError:
model_lower = model.lower()
encoder = "cl100k_base" def get_token_ids(self, text: str) -> list[int]:
"""Get the tokens present in the text with tiktoken package."""
if self.custom_get_token_ids is not None:
return self.custom_get_token_ids(text)
# tiktoken NOT supported for Python 3.7 or below
if sys.version_info[1] <= 7:
return super().get_token_ids(text)
_, encoding_model = self._get_encoding_model()
return encoding_model.encode(text)
def get_num_tokens_from_messages( def get_num_tokens_from_messages(
self,
messages: Sequence[BaseMessage],
tools: Sequence[dict[str, Any] | type | Callable | BaseTool] | None = None,
) -> int:
"""Calculate num tokens for `gpt-3.5-turbo` and `gpt-4` with `tiktoken` package.
!!! warning
You must have the `pillow` installed if you want to count image tokens if
you are specifying the image as a base64 string, and you must have both
`pillow` and `httpx` installed if you are specifying the image as a URL. If
def _construct_responses_api_payload(
messages: Sequence[BaseMessage], payload: dict
) -> dict:
# Rename legacy parameters yield generation_chunk
def _generate(
self,
messages: list[BaseMessage],
stop: list[str] | None = None, return encoding_model.encode(text)
def get_num_tokens_from_messages(
self,
messages: Sequence[BaseMessage],
tools: Sequence[dict[str, Any] | type | Callable | BaseTool] | None = None,
def _construct_responses_api_payload(
messages: Sequence[BaseMessage], payload: dict
) -> dict:
# Rename legacy parameters return encoding_model.encode(text)
def get_num_tokens_from_messages(
self,
messages: Sequence[BaseMessage],
tools: Sequence[dict[str, Any] | type | Callable | BaseTool] | None = None, update={
"content": _convert_from_v1_to_ollama(
cast("list[types.ContentBlock]", message.content),
message.response_metadata.get("model_provider"), def _chat_params(
self,
messages: list[BaseMessage],
stop: list[str] | None = None,
**kwargs: Any,
) -> dict[str, Any]:
"""Assemble the parameters for a chat completion request.
Args:
messages: List of LangChain messages to send to the model.
stop: Optional list of stop tokens to use for this invocation. def _convert_messages_to_ollama_messages(
self, messages: list[BaseMessage]
) -> Sequence[Message]:
"""Convert a BaseMessage list to list of messages for Ollama to consume.
Args:
messages: List of BaseMessage to convert.
Returns:
List of messages in Ollama format.
""" def _create_chat_stream(
self,
messages: list[BaseMessage],
stop: list[str] | None = None,
**kwargs: Any,
) -> Iterator[Mapping[str, Any] | str]:
chat_params = self._chat_params(messages, stop, **kwargs)
if chat_params["stream"]:
if self._client:
yield from self._client.chat(**chat_params) # Use ast.literal_eval to safely parse Python-style dicts
# (e.g. with single quotes)
return ast.literal_eval(json_string)
except (SyntaxError, ValueError) as e:
# If both fail, and we're not skipping, raise an informative error.
if skip: """The async client to use for making requests."""
def _chat_params(
self,
messages: list[BaseMessage],
stop: list[str] | None = None, return self
def _convert_messages_to_ollama_messages(
self, messages: list[BaseMessage]
) -> Sequence[Message]:
"""Convert a BaseMessage list to list of messages for Ollama to consume. yield await self._async_client.chat(**chat_params)
def _create_chat_stream(
self,
messages: list[BaseMessage],
stop: list[str] | None = None, return self
def _convert_messages_to_ollama_messages(
self, messages: list[BaseMessage]
) -> Sequence[Message]:
"""Convert a BaseMessage list to list of messages for Ollama to consume. yield await self._async_client.chat(**chat_params)
def _create_chat_stream(
self,
messages: list[BaseMessage],
stop: list[str] | None = None, def _create_generate_stream(
self,
prompt: str,
stop: list[str] | None = None,
**kwargs: Any,
) -> Iterator[Mapping[str, Any] | str]:
if self._client:
yield from self._client.generate(
**self._generate_params(prompt, stop=stop, **kwargs)
)
yield part
def _create_generate_stream(
self,
prompt: str,
stop: list[str] | None = None, return self._create_chat_result(answer)
llm_input = self._to_chat_prompt(messages)
if should_stream:
stream_iter = self.llm._stream(
llm_input, stop=stop, run_manager=run_manager, **kwargs def _inherit_llm_properties(self) -> None:
"""Inherit properties from the wrapped LLM instance if not explicitly set."""
if not hasattr(self, "llm") or self.llm is None:
return
# Map of ChatHuggingFace properties to LLM properties
property_mappings = {
"temperature": "temperature",
"max_tokens": "max_new_tokens", # Different naming convention
"top_p": "top_p",
"seed": "seed", def _generate(
self,
messages: list[BaseMessage],
stop: list[str] | None = None,
run_manager: CallbackManagerForLLMRun | None = None,
stream: bool | None = None, # noqa: FBT001
**kwargs: Any,
) -> ChatResult:
should_stream = stream if stream is not None else self.streaming
if _is_huggingface_textgen_inference(self.llm):def _format_messages(
messages: Sequence[BaseMessage],
) -> tuple[str | list[dict] | None, list[dict]]:
"""Format messages for Anthropic's API."""
system: str | list[dict] | None = None
formatted_messages: list[dict] = []
merged_messages = _merge_messages(messages)
for _i, message in enumerate(merged_messages):
if message.type == "system":
if system is not None:
msg = "Received multiple non-consecutive system messages."def convert_to_anthropic_tool(
tool: Mapping[str, Any] | type | Callable | BaseTool,
*,
strict: bool | None = None,
) -> AnthropicTool:
"""Convert a tool-like object to an Anthropic tool definition.
Args:
tool: A tool-like object to convert. Can be an Anthropic tool dict,
a Pydantic model, a function, or a `BaseTool`.
strict: If `True`, enables strict schema adherence for the tool.def _lc_tool_calls_to_anthropic_tool_use_blocks(
tool_calls: list[ToolCall],
) -> list[_AnthropicToolUse]:
return [
_AnthropicToolUse(
type="tool_use",
name=tool_call["name"],
input=tool_call["args"],
id=cast("str", tool_call["id"]),
)
for tool_call in tool_calls def _client(self) -> anthropic.Client:
client_params = self._client_params
http_client_params = {"base_url": client_params["base_url"]}
if "timeout" in client_params:
http_client_params["timeout"] = client_params["timeout"]
if self.anthropic_proxy:
http_client_params["anthropic_proxy"] = self.anthropic_proxy
http_client = _get_default_httpx_client(**http_client_params)
params = {
**client_params,
"http_client": http_client, def _async_client(self) -> anthropic.AsyncClient:
client_params = self._client_params
http_client_params = {"base_url": client_params["base_url"]}
if "timeout" in client_params:
http_client_params["timeout"] = client_params["timeout"]
if self.anthropic_proxy:
http_client_params["anthropic_proxy"] = self.anthropic_proxy
http_client = _get_default_async_httpx_client(**http_client_params)
params = {
**client_params,
"http_client": http_client,) -> list[_AnthropicToolUse]:
return [
_AnthropicToolUse(
type="tool_use",
name=tool_call["name"],
input=tool_call["args"], else:
args = {}
tool_use_block = _AnthropicToolUse(
type="tool_use",
name=block["name"],
input=args,
def _format_messages(
messages: Sequence[BaseMessage],
) -> tuple[str | list[dict] | None, list[dict]]:
"""Format messages for Anthropic's API."""
def convert_to_anthropic_tool(
tool: Mapping[str, Any] | type | Callable | BaseTool,
*,
strict: bool | None = None,
def _lc_tool_calls_to_anthropic_tool_use_blocks(
tool_calls: list[ToolCall],
) -> list[_AnthropicToolUse]:
return [
def _format_messages(
messages: Sequence[BaseMessage],
) -> tuple[str | list[dict] | None, list[dict]]:
"""Format messages for Anthropic's API.""" def embed_documents(self, texts: list[str]) -> list[SparseVector]:
results = self._model.embed(
texts, batch_size=self._batch_size, parallel=self._parallel
)
return [
SparseVector(indices=result.indices.tolist(), values=result.values.tolist())
for result in results
]
def embed_query(self, text: str) -> SparseVector:
result = next(self._model.query_embed(text)) def embed_query(self, text: str) -> SparseVector:
result = next(self._model.query_embed(text))
return SparseVector(
indices=result.indices.tolist(), values=result.values.tolist()
) def _stream(
self,
messages: list[BaseMessage],
stop: list[str] | None = None,
run_manager: CallbackManagerForLLMRun | None = None,
**kwargs: Any,
) -> Iterator[ChatGenerationChunk]:
message_dicts, params = self._create_message_dicts(messages, stop)
params = {**params, **kwargs}
default_chunk_class = AIMessageChunk
params.pop("stream", None) def _generate(
self,
messages: list[BaseMessage],
stop: list[str] | None = None,
run_manager: CallbackManagerForLLMRun | None = None,
**kwargs: Any,
) -> ChatResult:
if self.streaming:
stream_iter = self._stream(
messages, stop=stop, run_manager=run_manager, **kwargs
) return default_class(content=content) # type: ignore[call-arg]
def _stream(
self,
messages: list[BaseMessage],
stop: list[str] | None = None, yield chunk
def _generate(
self,
messages: list[BaseMessage],
stop: list[str] | None = None, beta_model = self.model_copy(update={"api_base": DEFAULT_BETA_API_BASE})
return beta_model.bind_tools(
tools,
tool_choice=tool_choice, beta_model = self.model_copy(update={"api_base": DEFAULT_BETA_API_BASE})
return beta_model.with_structured_output(
schema,
method=method, def bind_tools(
self,
tools: Sequence[dict[str, Any] | type | Callable | BaseTool],
*,
tool_choice: dict | str | bool | None = None,
strict: bool | None = None,
parallel_tool_calls: bool | None = None,
**kwargs: Any,
) -> Runnable[LanguageModelInput, AIMessage]:
"""Bind tool-like objects to this chat model.
# Create a new instance with beta endpoint
beta_model = self.model_copy(update={"api_base": DEFAULT_BETA_API_BASE})
return beta_model.bind_tools(
tools,
tool_choice=tool_choice,
strict=strict, ) from e
def bind_tools(
self,
tools: Sequence[dict[str, Any] | type | Callable | BaseTool],
*, ) from e
def bind_tools(
self,
tools: Sequence[dict[str, Any] | type | Callable | BaseTool],
*, return HumanMessageChunk(content=content)
if role == "assistant" or default_class == AIMessageChunk:
if reasoning := _dict.get("reasoning"):
additional_kwargs["reasoning_content"] = reasoning
if executed_tools := _dict.get("executed_tools"):
additional_kwargs["executed_tools"] = []
for executed_tool in executed_tools:
if executed_tool.get("output"):
# Tool output duplicates query and other server tool call data
additional_kwargs["executed_tools"].append( def __call__(self, data: BaseModel) -> BaseModel:
return self.invoke(data)
class NoOpParser(Invoker):
"""NoOp parser for invokers."""
def invoke(self, data: BaseModel) -> BaseModel:
return data
logger = logging.getLogger(__name__)
# Mistral enforces a specific pattern for tool call IDs
TOOL_CALL_ID_PATTERN = re.compile(r"^[a-zA-Z0-9]{9}$")
# This SSL context is equivalent to the default `verify=True`.
# https://www.python-httpx.org/advanced/ssl/#configuring-client-instances
global_ssl_context = ssl.create_default_context(cafile=certifi.where())def _base62_encode(num: int) -> str:
"""Encode a number in base62 and ensures result is of a specified length."""
base62 = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
if num == 0:
return base62[0]def _parse_model_string(model_name: str) -> tuple[str, str]:
"""Parse a model string into provider and model name components.
The model string should be in the format 'provider:model-name', where provider
is one of the supported providers.
Args:
model_name: A model string in the format 'provider:model-name'
Returns:
A tuple of (provider, model_name)def _infer_model_and_provider(
model: str,
*,
provider: str | None = None,
) -> tuple[str, str]:
if not model.strip():
msg = "Model name cannot be empty"
raise ValueError(msg)
if provider is None and ":" in model:
provider, model_name = _parse_model_string(model)
else: ) -> Any:
return self._model(config).invoke(input, config=config, **kwargs)
def invoke(
self,
input: LanguageModelInput,
config: RunnableConfig | None = None,
**kwargs: Any,
) -> Any:
return self._model(config).invoke(input, config=config, **kwargs)
@override
async def ainvoke(
self, model_, effective_response_format = _get_bound_model(request)
messages = request.messages
if request.system_message:
messages = [request.system_message, *messages]
output = model_.invoke(messages)
if name:def create_agent(
model: str | BaseChatModel,
tools: Sequence[BaseTool | Callable[..., Any] | dict[str, Any]] | None = None,
*,
system_prompt: str | SystemMessage | None = None,
middleware: Sequence[AgentMiddleware[StateT_co, ContextT]] = (),
response_format: ResponseFormat[ResponseT] | type[ResponseT] | dict[str, Any] | None = None,
state_schema: type[AgentState[ResponseT]] | None = None,
context_schema: type[ContextT] | None = None,
checkpointer: Checkpointer | None = None,
store: BaseStore | None = None, def _get_bound_model(
request: ModelRequest,
) -> tuple[Runnable[Any, Any], ResponseFormat[Any] | None]:
"""Get the model with appropriate tool bindings.
Performs auto-detection of strategy if needed based on model capabilities.
Args:
request: The model request containing model, tools, and response format.
Returns: def _execute_model_sync(request: ModelRequest) -> ModelResponse:
"""Execute model and return response.
This is the core model execution logic wrapped by `wrap_model_call` handlers.
Raises any exceptions that occur during model invocation.
"""
# Get the bound model (with auto-detection if needed)
model_, effective_response_format = _get_bound_model(request)
messages = request.messages
if request.system_message:
messages = [request.system_message, *messages]
return result
def create_agent(
model: str | BaseChatModel,
tools: Sequence[BaseTool | Callable[..., Any] | dict[str, Any]] | None = None,
*,
system_prompt: str | SystemMessage | None = None,
middleware: Sequence[AgentMiddleware[StateT_co, ContextT]] = (), return request.model.bind(**request.model_settings), None
def _execute_model_sync(request: ModelRequest) -> ModelResponse:
"""Execute model and return response.
This is the core model execution logic wrapped by `wrap_model_call` handlers. return request.model.bind(**request.model_settings), None
def _execute_model_sync(request: ModelRequest) -> ModelResponse:
"""Execute model and return response.
This is the core model execution logic wrapped by `wrap_model_call` handlers. # Extract tool information for emulation
tool_args = request.tool_call["args"]
tool_description = request.tool.description if request.tool else "No description available"
# Build prompt for emulator LLM
prompt = (
f"You are emulating a tool call for testing purposes.\n\n"
f"Tool: {tool_name}\n"
f"Description: {tool_description}\n"
f"Arguments: {tool_args}\n\n"
f"Generate a realistic response that this tool would return "
f"given these arguments.\n"
f"Return ONLY the tool's output, no explanation or preamble. "
f"Introduce variation into your responses."
)
# Get emulated response from LLM
response = self.model.invoke([HumanMessage(prompt)])
# Get emulated response from LLM
response = self.model.invoke([HumanMessage(prompt)])
# Short-circuit: return emulated result without executing real tool """
selection_request = self._prepare_selection_request(request)
if selection_request is None:
return handler(request)
# Create dynamic response model with Literal enum of available tool names
type_adapter = _create_tool_selection_response(selection_request.available_tools)
schema = type_adapter.json_schema()
structured_model = selection_request.model.with_structured_output(schema)
response = structured_model.invoke(
[ schema = type_adapter.json_schema()
structured_model = selection_request.model.with_structured_output(schema)
response = structured_model.invoke(
response = structured_model.invoke(
[
{"role": "system", "content": selection_request.system_message}, return request.override(tools=[*selected_tools, *provider_tools])
def wrap_model_call(
self,
request: ModelRequest,
handler: Callable[[ModelRequest], ModelResponse], def _create_summary(self, messages_to_summarize: list[AnyMessage]) -> str:
"""Generate summary for the given messages."""
if not messages_to_summarize:
return "No previous conversation history."
trimmed_messages = self._trim_messages_for_summary(messages_to_summarize)
if not trimmed_messages:
return "Previous conversation was too long to summarize."
# Format messages to avoid token inflation from metadata when str() is called on
# message objects return idx
def _create_summary(self, messages_to_summarize: list[AnyMessage]) -> str:
"""Generate summary for the given messages."""
if not messages_to_summarize:
return "No previous conversation history." def count_tokens(messages: Sequence[BaseMessage]) -> int:
return request.model.get_num_tokens_from_messages(
system_msg + list(messages), request.tools
) def wrap_model_call(
self,
request: ModelRequest,
handler: Callable[[ModelRequest], ModelResponse],
) -> ModelCallResult:
"""Apply context edits before invoking the model via handler.
Args:
request: Model request to execute (includes state and runtime).
handler: Async callback that executes the model request and returns
`ModelResponse`. def count_tokens(messages: Sequence[BaseMessage]) -> int:
return request.model.get_num_tokens_from_messages(
system_msg + list(messages), request.tools
)
edited_messages = deepcopy(list(request.messages))
for edit in self.edits:
edit.apply(edited_messages, count_tokens=count_tokens)
return handler(request.override(messages=edited_messages))
def count_tokens(messages: Sequence[BaseMessage]) -> int:
return request.model.get_num_tokens_from_messages(
system_msg + list(messages), request.tools
)
edited_messages = deepcopy(list(request.messages))
for edit in self.edits:
edit.apply(edited_messages, count_tokens=count_tokens)
return await handler(request.override(messages=edited_messages))
self.token_count_method = token_count_method
def wrap_model_call(
self,
request: ModelRequest,
handler: Callable[[ModelRequest], ModelResponse], system_msg = [request.system_message] if request.system_message else []
def count_tokens(messages: Sequence[BaseMessage]) -> int:
return request.model.get_num_tokens_from_messages(
system_msg + list(messages), request.tools
) system_msg = [request.system_message] if request.system_message else []
def count_tokens(messages: Sequence[BaseMessage]) -> int:
return request.model.get_num_tokens_from_messages(
system_msg + list(messages), request.tools
) ) -> list[Document]:
docs = self.base_retriever.invoke(
query, def _get_relevant_documents(
self,
query: str,
*,
run_manager: CallbackManagerForRetrieverRun,
**kwargs: Any,
) -> list[Document]:
docs = self.base_retriever.invoke(
query,
config={"callbacks": run_manager.get_child()},
**kwargs,
@override
def _get_relevant_documents(
self,
query: str,
*, retriever_docs = [
retriever.invoke(
query, def merge_documents(
self,
query: str,
run_manager: CallbackManagerForRetrieverRun,
) -> list[Document]:
"""Merge the results of the retrievers.
Args:
query: The query to search for.
run_manager: The callback handler to use.
return await self.amerge_documents(query, run_manager)
def merge_documents(
self,
query: str,
run_manager: CallbackManagerForRetrieverRun, """
re_phrased_question = self.llm_chain.invoke(
query, def _get_relevant_documents(
self,
query: str,
*,
run_manager: CallbackManagerForRetrieverRun,
) -> list[Document]:
"""Get relevant documents given a user question.
Args:
query: user question
run_manager: callback handler to use )
def _get_relevant_documents(
self,
query: str,
*, retriever_docs = [
retriever.invoke(
query, def rank_fusion(
self,
query: str,
run_manager: CallbackManagerForRetrieverRun,
*,
config: RunnableConfig | None = None,
) -> list[Document]:
"""Rank fusion.
Retrieve the results of the retrievers and use rank_fusion_func to get
the final result. return await self.arank_fusion(query, run_manager)
def rank_fusion(
self,
query: str,
run_manager: CallbackManagerForRetrieverRun, """
queries = self.generate_queries(query, run_manager)
if self.include_original: """
response = self.llm_chain.invoke(
{"question": question}, def _get_relevant_documents(
self,
query: str,
*,
run_manager: CallbackManagerForRetrieverRun,
) -> list[Document]:
"""Get relevant documents given a user query.
Args:
query: user query
run_manager: the callback handler to use. def generate_queries(
self,
question: str,
run_manager: CallbackManagerForRetrieverRun,
) -> list[str]:
"""Generate queries based upon user input.
Args:
question: user query
run_manager: run manager for callbacks
return [doc for docs in document_lists for doc in docs]
def _get_relevant_documents(
self,
query: str,
*, return self.unique_union(documents)
def generate_queries(
self,
question: str,
run_manager: CallbackManagerForRetrieverRun,def _parse_model_string(model_name: str) -> tuple[str, str]:
"""Parse a model string into provider and model name components.
The model string should be in the format 'provider:model-name', where provider
is one of the supported providers.
Args:
model_name: A model string in the format 'provider:model-name'
Returns:
A tuple of (provider, model_name)def _infer_model_and_provider(
model: str,
*,
provider: str | None = None,
) -> tuple[str, str]:
if not model.strip():
msg = "Model name cannot be empty"
raise ValueError(msg)
if provider is None and ":" in model:
provider, model_name = _parse_model_string(model)
else: def save_context(self, inputs: dict[str, Any], outputs: dict[str, str]) -> None:
"""Save context from this conversation to buffer."""
input_str, output_str = self._get_input_output(inputs, outputs)
self.chat_memory.add_messages(
[
HumanMessage(content=input_str),
AIMessage(content=output_str),
],
)
async def asave_context( def clear(self) -> None:
"""Clear memory contents."""
self.chat_memory.clear()
async def aclear(self) -> None:
"""Clear memory contents."""
await self.chat_memory.aclear() return inputs[prompt_input_key], outputs[output_key]
def save_context(self, inputs: dict[str, Any], outputs: dict[str, str]) -> None:
"""Save context from this conversation to buffer."""
input_str, output_str = self._get_input_output(inputs, outputs)
self.chat_memory.add_messages( def prune(self) -> None:
"""Prune buffer if it exceeds max token limit."""
buffer = self.chat_memory.messages
curr_buffer_length = self.llm.get_num_tokens_from_messages(buffer)
if curr_buffer_length > self.max_token_limit:
pruned_memory = []
while curr_buffer_length > self.max_token_limit:
pruned_memory.append(buffer.pop(0))
curr_buffer_length = self.llm.get_num_tokens_from_messages(buffer)
self.moving_summary_buffer = self.predict_new_summary(
pruned_memory, await self.aprune()
def prune(self) -> None:
"""Prune buffer if it exceeds max token limit."""
buffer = self.chat_memory.messages
curr_buffer_length = self.llm.get_num_tokens_from_messages(buffer) await self.aprune()
def prune(self) -> None:
"""Prune buffer if it exceeds max token limit."""
buffer = self.chat_memory.messages
curr_buffer_length = self.llm.get_num_tokens_from_messages(buffer) def save_context(self, inputs: dict[str, Any], outputs: dict[str, str]) -> None:
"""Save context from this conversation to buffer. Pruned."""
BaseChatMemory.save_context(self, inputs, outputs)
self._timestamps.append(datetime.now().astimezone())
# Prune buffer if it exceeds max token limit
buffer = self.chat_memory.messages
curr_buffer_length = self.llm.get_num_tokens_from_messages(buffer)
if curr_buffer_length > self.max_token_limit:
while curr_buffer_length > self.max_token_limit:
self._pop_and_store_interaction(buffer)
curr_buffer_length = self.llm.get_num_tokens_from_messages(buffer) return {self.memory_key: messages}
def save_context(self, inputs: dict[str, Any], outputs: dict[str, str]) -> None:
"""Save context from this conversation to buffer. Pruned."""
BaseChatMemory.save_context(self, inputs, outputs)
self._timestamps.append(datetime.now().astimezone()) input_key = self._get_prompt_input_key(inputs)
query = inputs[input_key]
docs = self.retriever.invoke(query)
return self._documents_to_memory_variables(docs) def load_memory_variables(
self,
inputs: dict[str, Any],
) -> dict[str, list[Document] | str]:
"""Return history buffer."""
input_key = self._get_prompt_input_key(inputs)
query = inputs[input_key]
docs = self.retriever.invoke(query)
return self._documents_to_memory_variables(docs)
async def aload_memory_variables( def clear(self) -> None:
"""Clear memory contents."""
self.chat_memory.clear()
self.entity_cache.clear()
self.entity_store.clear() def save_context(self, inputs: dict[str, Any], outputs: dict[str, str]) -> None:
"""Save context from this conversation to buffer. Pruned."""
super().save_context(inputs, outputs)
# Prune buffer if it exceeds max token limit
buffer = self.chat_memory.messages
curr_buffer_length = self.llm.get_num_tokens_from_messages(buffer)
if curr_buffer_length > self.max_token_limit:
pruned_memory = []
while curr_buffer_length > self.max_token_limit:
pruned_memory.append(buffer.pop(0))
curr_buffer_length = self.llm.get_num_tokens_from_messages(buffer) return {self.memory_key: self.buffer}
def save_context(self, inputs: dict[str, Any], outputs: dict[str, str]) -> None:
"""Save context from this conversation to buffer. Pruned."""
super().save_context(inputs, outputs)
# Prune buffer if it exceeds max token limit ) -> Any:
return self._model(config).invoke(input, config=config, **kwargs)
def invoke(
self,
input: LanguageModelInput,
config: RunnableConfig | None = None,
**kwargs: Any,
) -> Any:
return self._model(config).invoke(input, config=config, **kwargs)
@override
async def ainvoke(
self, create_structured_chat_agent,
)
from langchain_classic.agents.tool_calling_agent.base import create_tool_calling_agent
from langchain_classic.agents.xml.base import XMLAgent, create_xml_agent
if TYPE_CHECKING: "create_sql_agent",
"create_structured_chat_agent",
"create_tool_calling_agent",
"create_vectorstore_agent",
"create_vectorstore_router_agent",
"create_xml_agent", def plan(
self,
intermediate_steps: list[tuple[AgentAction, str]],
callbacks: Callbacks = None,
**kwargs: Any,
) -> AgentAction | AgentFinish:
"""Based on past history and current inputs, decide what to do.
Args:
intermediate_steps: Steps the LLM has taken to date,
along with the observations. def plan(
self,
intermediate_steps: list[tuple[AgentAction, str]],
callbacks: Callbacks = None,
**kwargs: Any,
) -> list[AgentAction] | AgentFinish:
"""Based on past history and current inputs, decide what to do.
Args:
intermediate_steps: Steps the LLM has taken to date,
along with the observations. return self.input_keys_arg
def plan(
self,
intermediate_steps: list[tuple[AgentAction, str]],
callbacks: Callbacks = None, return self.input_keys_arg
def plan(
self,
intermediate_steps: list[tuple[AgentAction, str]],
callbacks: Callbacks = None, return self.input_keys_arg
def plan(
self,
intermediate_steps: list[tuple[AgentAction, str]],
callbacks: Callbacks = None, return self.input_keys_arg
def plan(
self,
intermediate_steps: list[tuple[AgentAction, str]],
callbacks: Callbacks = None, else:
completion = self.retry_chain.invoke(
{ if self.legacy and hasattr(self.retry_chain, "run"):
completion = self.retry_chain.run(
prompt=prompt_value.to_string(),
completion=completion, if self.legacy and hasattr(self.retry_chain, "run"):
completion = self.retry_chain.run(
prompt=prompt_value.to_string(),
completion=completion, def parse_with_prompt(self, completion: str, prompt_value: PromptValue) -> T:
"""Parse the output of an LLM call using a wrapped parser.
Args:
completion: The chain completion to parse.
prompt_value: The prompt to use to parse the completion.
Returns:
The parsed completion.
"""
retries = 0 def parse_with_prompt(self, completion: str, prompt_value: PromptValue) -> T:
retries = 0
while retries <= self.max_retries:
try:
return self.parser.parse(completion)
except OutputParserException as e:
if retries == self.max_retries:
raise
retries += 1
if self.legacy and hasattr(self.retry_chain, "run"): if self.legacy and hasattr(self.retry_chain, "run"):
completion = self.retry_chain.run(
instructions=self.parser.get_format_instructions(),
completion=completion, def parse(self, completion: str) -> T:
retries = 0
while retries <= self.max_retries:
try:
return self.parser.parse(completion)
except OutputParserException as e:
if retries == self.max_retries:
raise
retries += 1
if self.legacy and hasattr(self.retry_chain, "run"):
@override
def parse(self, completion: str) -> T:
retries = 0
while retries <= self.max_retries:def load_evaluator(
evaluator: EvaluatorType,
*,
llm: BaseLanguageModel | None = None,
**kwargs: Any,
) -> Chain | StringEvaluator:
"""Load the requested evaluation chain specified by a string.
Parameters
----------
evaluator : EvaluatorType raise ImportError(msg) from e
llm = llm or ChatOpenAI(model="gpt-4", seed=42, temperature=0)
except Exception as e:
msg = (
f"Evaluation with the {evaluator_cls} requires a "
def load_evaluator(
evaluator: EvaluatorType,
*,
llm: BaseLanguageModel | None = None,def generate_example(
examples: list[dict],
llm: BaseLanguageModel,
prompt_template: PromptTemplate,
) -> str:
"""Return another example given a list of examples for a prompt."""
prompt = FewShotPromptTemplate(
examples=examples,
suffix=TEST_GEN_TEMPLATE_SUFFIX,
input_variables=[],
example_prompt=prompt_template, ) -> dict[str, str]:
response = self.generate([inputs], run_manager=run_manager)
return self.create_outputs(response)[0] try:
response = self.generate(input_list, run_manager=run_manager)
except BaseException as e: def _call(
self,
inputs: dict[str, Any],
run_manager: CallbackManagerForChainRun | None = None,
) -> dict[str, str]:
response = self.generate([inputs], run_manager=run_manager)
return self.create_outputs(response)[0]
def generate(
self,
input_list: list[dict[str, Any]], def generate(
self,
input_list: list[dict[str, Any]],
run_manager: CallbackManagerForChainRun | None = None,
) -> LLMResult:
"""Generate LLM result from inputs."""
prompts, stop = self.prep_prompts(input_list, run_manager=run_manager)
callbacks = run_manager.get_child() if run_manager else None
if isinstance(self.llm, BaseLanguageModel):
return self.llm.generate_prompt(
prompts, def apply(
self,
input_list: list[dict[str, Any]],
callbacks: Callbacks = None,
) -> list[dict[str, str]]:
"""Utilize the LLM generate method for speed gains."""
callback_manager = CallbackManager.configure(
callbacks,
self.callbacks,
self.verbose,
) return [self.output_key, "full_generation"]
def _call(
self,
inputs: dict[str, Any],
run_manager: CallbackManagerForChainRun | None = None, return prompts, stop
def apply(
self,
input_list: list[dict[str, Any]],
callbacks: Callbacks = None, return prompts, stop
def apply(
self,
input_list: list[dict[str, Any]],
callbacks: Callbacks = None,
return self.invoke(
inputs,
return self.invoke(
inputs,
cast("RunnableConfig", {k: v for k, v in config.items() if v is not None}), def __call__(
self,
inputs: dict[str, Any] | Any,
return_only_outputs: bool = False, # noqa: FBT001,FBT002
callbacks: Callbacks = None,
*,
tags: list[str] | None = None,
metadata: dict[str, Any] | None = None,
run_name: str | None = None,
include_run_info: bool = False,
) -> dict[str, Any]:
@deprecated("0.1.0", alternative="invoke", removal="1.0")
def __call__(
self,
inputs: dict[str, Any] | Any,
return_only_outputs: bool = False, # noqa: FBT001,FBT002 )
return chain.invoke({chain.input_key: question})[chain.output_key]
)
return chain.invoke({chain.question_key: question})
def query(
self,
question: str,
llm: BaseLanguageModel | None = None,
retriever_kwargs: dict[str, Any] | None = None,
**kwargs: Any,
) -> str:
"""Query the `VectorStore` using the provided LLM.
Args:
question: The question or prompt to query. def query_with_sources(
self,
question: str,
llm: BaseLanguageModel | None = None,
retriever_kwargs: dict[str, Any] | None = None,
**kwargs: Any,
) -> dict:
"""Query the `VectorStore` and retrieve the answer along with sources.
Args:
question: The question or prompt to query. )
def query(
self,
question: str,
llm: BaseLanguageModel | None = None, return (await chain.ainvoke({chain.input_key: question}))[chain.output_key]
def query_with_sources(
self,
question: str,
llm: BaseLanguageModel | None = None, var_name = self.input_keys[0]
result = self.llm_chain.invoke({var_name: text})
if isinstance(self.llm_chain, LLMChain): _run_manager = run_manager or CallbackManagerForChainRun.get_noop_manager()
return self.llm_chain.invoke(
inputs, var_name = self.input_keys[0]
result = self.llm_chain.invoke({var_name: text})
if isinstance(self.llm_chain, LLMChain):
documents = [result[self.output_keys[0]]] def _call(
self,
inputs: dict[str, Any],
run_manager: CallbackManagerForChainRun | None = None,
) -> dict[str, str]:
"""Call the internal llm chain."""
_run_manager = run_manager or CallbackManagerForChainRun.get_noop_manager()
return self.llm_chain.invoke(
inputs,
config={"callbacks": _run_manager.get_child()},
) return self.combine_embeddings(embeddings)
def _call(
self,
inputs: dict[str, Any],
run_manager: CallbackManagerForChainRun | None = None, def _call(
self,
inputs: dict[str, Any],
run_manager: CallbackManagerForChainRun | None = None,
) -> dict[str, Any]:
_run_manager = run_manager or CallbackManagerForChainRun.get_noop_manager()
input_text = f"{inputs[self.input_key]}\nESQuery:"
_run_manager.on_text(input_text, verbose=self.verbose)
indices = self._list_indices()
indices_info = self._get_indices_infos(indices)
query_inputs: dict = { Args:
spec: OpenAPI spec to convert.
Returns:
Tuple of the OpenAI functions JSON schema and a default function for executing
a request based on the OpenAI function schema.
"""
try:
from langchain_community.tools import APIOperation
except ImportError as e:def create_citation_fuzzy_match_runnable(llm: BaseChatModel) -> Runnable:
"""Create a citation fuzzy match Runnable.
Example usage:
```python
from langchain_classic.chains import create_citation_fuzzy_match_runnable
from langchain_openai import ChatOpenAI
model = ChatOpenAI(model="gpt-4o-mini")
def create_citation_fuzzy_match_runnable(llm: BaseChatModel) -> Runnable:
"""Create a citation fuzzy match Runnable.
Example usage:def create_sql_query_chain(
llm: BaseLanguageModel,
db: SQLDatabase,
prompt: BasePromptTemplate | None = None,
k: int = 5,
*,
get_col_comments: bool | None = None,
) -> Runnable[SQLInput | SQLInputWithTables | dict[str, Any], str]:
r"""Create a chain that generates SQL queries.
*Security Note*: This chain generates SQL queries for the given database.
def create_sql_query_chain(
llm: BaseLanguageModel,
db: SQLDatabase,
prompt: BasePromptTemplate | None = None,def create_openai_fn_runnable(
functions: Sequence[dict[str, Any] | type[BaseModel] | Callable],
llm: Runnable,
prompt: BasePromptTemplate | None = None,
*,
enforce_single_function_usage: bool = True,
output_parser: BaseOutputParser | BaseGenerationOutputParser | None = None,
**llm_kwargs: Any,
) -> Runnable:
"""Create a runnable sequence that uses OpenAI functions.
def _create_openai_tools_runnable(
tool: dict[str, Any] | type[BaseModel] | Callable,
llm: Runnable,
*,
prompt: BasePromptTemplate | None,
output_parser: BaseOutputParser | BaseGenerationOutputParser | None,
enforce_tool_usage: bool,
first_tool_only: bool,
) -> Runnable:
oai_tool = convert_to_openai_tool(tool)
llm_kwargs: dict[str, Any] = {"tools": [oai_tool]}def _create_openai_json_runnable(
output_schema: dict[str, Any] | type[BaseModel],
llm: Runnable,
prompt: BasePromptTemplate | None = None,
*,
output_parser: BaseOutputParser | BaseGenerationOutputParser | None = None,
) -> Runnable:
if isinstance(output_schema, type) and is_basemodel_subclass(output_schema):
output_parser = output_parser or PydanticOutputParser(
pydantic_object=output_schema,
)
def _create_openai_tools_runnable(
tool: dict[str, Any] | type[BaseModel] | Callable,
llm: Runnable,
*, def _get_docs(
self,
question: str,
*,
run_manager: CallbackManagerForChainRun,
) -> list[Document]:
"""Get docs."""
return self.retriever.invoke(
question,
config={"callbacks": run_manager.get_child()},
) retriever: BaseRetriever = Field(exclude=True)
def _get_docs(
self,
question: str,
*, ) -> list[Document]:
question = inputs[self.question_key]
docs = self.retriever.invoke(
question, def _get_docs(
self,
inputs: dict[str, Any],
*,
run_manager: CallbackManagerForChainRun,
) -> list[Document]:
question = inputs[self.question_key]
docs = self.retriever.invoke(
question,
config={"callbacks": run_manager.get_child()},
) return docs[:num_docs]
def _get_docs(
self,
inputs: dict[str, Any],
*, ) -> dict[str, list]:
docs = self.text_splitter.create_documents([inputs[self.input_key]])
results = self.llm_chain.generate(
[{"text": d.page_content} for d in docs], def _call(
self,
inputs: dict[str, Any],
run_manager: CallbackManagerForChainRun | None = None,
) -> dict[str, list]:
docs = self.text_splitter.create_documents([inputs[self.input_key]])
results = self.llm_chain.generate(
[{"text": d.page_content} for d in docs],
run_manager=run_manager,
)
qa = [json.loads(res[0].text) for res in results.generations] return [self.output_key]
def _call(
self,
inputs: dict[str, Any],
run_manager: CallbackManagerForChainRun | None = None, def _call(
self,
inputs: dict[str, str],
run_manager: CallbackManagerForChainRun | None = None,
) -> dict[str, str]:
_run_manager = run_manager or CallbackManagerForChainRun.get_noop_manager()
url = inputs[self.input_url_key]
browser_content = inputs[self.input_browser_content_key]
llm_cmd = self.llm_chain.invoke(
{
"objective": self.objective, return [self.output_key]
def _call(
self,
inputs: dict[str, str],
run_manager: CallbackManagerForChainRun | None = None, def _get_docs(
self,
question: str,
inputs: dict[str, Any],
*,
run_manager: CallbackManagerForChainRun,
) -> list[Document]:
"""Get docs."""
docs = self.retriever.invoke(
question,
config={"callbacks": run_manager.get_child()},
@override
def _get_docs(
self,
question: str,
inputs: dict[str, Any], context = "\n\n".join(d.page_content for d in docs)
result = self.response_chain.invoke(
{ def _do_generation(
self,
questions: list[str],
user_input: str,
response: str,
_run_manager: CallbackManagerForChainRun,
) -> tuple[str, bool]:
callbacks = _run_manager.get_child()
docs = []
for question in questions:
docs.extend(self.retriever.invoke(question)) def _call(
self,
inputs: dict[str, Any],
run_manager: CallbackManagerForChainRun | None = None,
) -> dict[str, Any]:
_run_manager = run_manager or CallbackManagerForChainRun.get_noop_manager()
user_input = inputs[self.input_keys[0]]
response = ""
def from_llm(
cls,
llm: BaseLanguageModel | None,
max_generation_len: int = 32,
**kwargs: Any,
) -> FlareChain:
"""Creates a FlareChain from a language model.
Args:
llm: Language model to use.
max_generation_len: Maximum length of the generated response. continue
marginal, finished = self._do_retrieval(
low_confidence_spans,
_run_manager,
user_input, end="\n",
)
return self._do_generation(questions, user_input, response, _run_manager)
def _call(
self,
inputs: dict[str, Any],
run_manager: CallbackManagerForChainRun | None = None,
) -> dict[str, Any]:
_run_manager = run_manager or CallbackManagerForChainRun.get_noop_manager() return ["response"]
def _do_generation(
self,
questions: list[str],
user_input: str, return self._do_generation(questions, user_input, response, _run_manager)
def _call(
self,
inputs: dict[str, Any],
run_manager: CallbackManagerForChainRun | None = None,
@classmethod
def from_llm(
cls,
llm: BaseLanguageModel | None,
max_generation_len: int = 32, def from_llm(
cls,
llm: BaseLanguageModel,
*,
prompt: PromptTemplate | None = None,
criteria: CRITERIA_TYPE | str | None = None,
normalize_by: float | None = None,
**kwargs: Any,
) -> ScoreStringEvalChain:
"""Initialize the ScoreStringEvalChain from an LLM.
def from_llm(
cls,
llm: BaseLanguageModel,
*,
prompt: PromptTemplate | None = None,
criteria: CRITERIA_TYPE | str | None = None,
**kwargs: Any,
) -> PairwiseStringEvalChain:
"""Initialize the PairwiseStringEvalChain from an LLM.
Args:def create_self_ask_with_search_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: BasePromptTemplate,
) -> Runnable:
"""Create an agent that uses self-ask with search prompting.
Args:
llm: LLM to use as the agent.
tools: List of tools. Should just be of length 1, with that tool having
name `Intermediate Answer`
def create_self_ask_with_search_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: BasePromptTemplate,def create_openai_tools_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: ChatPromptTemplate,
strict: bool | None = None, # noqa: FBT001
) -> Runnable:
"""Create an agent that uses OpenAI tools.
Args:
llm: LLM to use as the agent.
tools: Tools this agent has access to. raise ValueError(msg)
llm_with_tools = llm.bind(
tools=[convert_to_openai_tool(tool, strict=strict) for tool in tools],
)
def create_openai_tools_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: ChatPromptTemplate, def save_context(self, inputs: dict[str, Any], outputs: dict[str, Any]) -> None:
"""Save context from this conversation to buffer. Pruned.
Args:
inputs: Inputs to the agent.
outputs: Outputs from the agent.
"""
input_str, output_str = self._get_input_output(inputs, outputs)
self.chat_memory.add_messages(input_str) # type: ignore[arg-type]
format_to_messages = (
format_to_tool_messages return {self.memory_key: final_buffer}
def save_context(self, inputs: dict[str, Any], outputs: dict[str, Any]) -> None:
"""Save context from this conversation to buffer. Pruned.
Args: if with_functions:
predicted_message = self.llm.invoke(
messages,
functions=self.functions,def create_openai_functions_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: ChatPromptTemplate,
) -> Runnable:
"""Create an agent that uses OpenAI function calling.
Args:
llm: LLM to use as the agent. Should work with OpenAI function calling,
so either be an OpenAI model that supports that or a wrapper of
a different model that adds in equivalent support. def plan(
self,
intermediate_steps: list[tuple[AgentAction, str]],
callbacks: Callbacks = None,
with_functions: bool = True, # noqa: FBT001,FBT002
**kwargs: Any,
) -> AgentAction | AgentFinish:
"""Given input, decided what to do.
Args:
intermediate_steps: Steps the LLM has taken to date, )
raise ValueError(msg)
llm_with_tools = llm.bind(functions=[convert_to_openai_function(t) for t in tools])
return (
RunnablePassthrough.assign(
agent_scratchpad=lambda x: format_to_openai_function_messages( messages = prompt.to_messages()
if with_functions:
predicted_message = self.llm.invoke(
messages,
functions=self.functions,
callbacks=callbacks,
def create_openai_functions_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: ChatPromptTemplate, messages = prompt.to_messages()
predicted_message = self.llm.invoke(
messages,
functions=self.functions, def plan(
self,
intermediate_steps: list[tuple[AgentAction, str]],
callbacks: Callbacks = None,
**kwargs: Any,
) -> list[AgentAction] | AgentFinish:
"""Given input, decided what to do.
Args:
intermediate_steps: Steps the LLM has taken to date,
along with observations. prompt = self.prompt.format_prompt(**full_inputs)
messages = prompt.to_messages()
predicted_message = self.llm.invoke(
messages,
functions=self.functions,
callbacks=callbacks,def create_tool_calling_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: ChatPromptTemplate,
*,
message_formatter: MessageFormatter = format_to_tool_messages,
) -> Runnable:
"""Create an agent that uses tools.
Args:
llm: LLM to use as the agent.
def create_tool_calling_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: ChatPromptTemplate, from langchain_classic.agents import (
AgentExecutor,
create_tool_calling_agent,
tool,
)
from langchain_anthropic import ChatAnthropic tools = [magic_function]
agent = create_tool_calling_agent(model, tools, prompt)
agent_executor = AgentExecutor(agent=agent, tools=tools, verbose=True)
agent_executor.invoke({"input": "what is the value of magic_function(3)?"})
def create_tool_calling_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: ChatPromptTemplate,
def create_structured_chat_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: ChatPromptTemplate,def create_json_chat_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: ChatPromptTemplate,
stop_sequence: bool | list[str] = True, # noqa: FBT001,FBT002
tools_renderer: ToolsRenderer = render_text_description,
template_tool_response: str = TEMPLATE_TOOL_RESPONSE,
) -> Runnable:
r"""Create an agent that uses JSON to format its logic, build for Chat Models.
Args:
def create_json_chat_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: ChatPromptTemplate,def create_xml_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: BasePromptTemplate,
tools_renderer: ToolsRenderer = render_text_description,
*,
stop_sequence: bool | list[str] = True,
) -> Runnable:
r"""Create an agent that uses XML to format its logic.
Args:
def create_xml_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: BasePromptTemplate,def _get_openai_client() -> openai.OpenAI:
try:
import openai
return openai.OpenAI()
except ImportError as e:
msg = "Unable to import openai, please install with `pip install openai`."
raise ImportError(msg) from e
except AttributeError as e:
msg = (
"Please make sure you are using a v1.1-compatible version of openai. You "def _get_openai_async_client() -> openai.AsyncOpenAI:
try:
import openai
return openai.AsyncOpenAI()
except ImportError as e:
msg = "Unable to import openai, please install with `pip install openai`."
raise ImportError(msg) from e
except AttributeError as e:
msg = (
"Please make sure you are using a v1.1-compatible version of openai. You " def _get_response(self, run: Any) -> Any:
# TODO: Pagination
if run.status == "completed":
import openai
major_version = int(openai.version.VERSION.split(".")[0])
minor_version = int(openai.version.VERSION.split(".")[1])
version_gte_1_14 = (major_version > 1) or (
major_version == 1 and minor_version >= 14 # noqa: PLR2004
) )
def _get_response(self, run: Any) -> Any:
# TODO: Pagination
if run.status == "completed":def create_react_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: BasePromptTemplate,
output_parser: AgentOutputParser | None = None,
tools_renderer: ToolsRenderer = render_text_description,
*,
stop_sequence: bool | list[str] = True,
) -> Runnable:
r"""Create an agent that uses ReAct prompting.
def create_react_agent(
llm: BaseLanguageModel,
tools: Sequence[BaseTool],
prompt: BasePromptTemplate,def _run_llm(
llm: BaseLanguageModel,
inputs: dict[str, Any],
callbacks: Callbacks,
*,
tags: list[str] | None = None,
input_mapper: Callable[[dict], Any] | None = None,
metadata: dict[str, Any] | None = None,
) -> str | BaseMessage:
"""Run the language model on the example.
def _run_chain(
chain: Chain | Runnable,
inputs: dict[str, Any],
callbacks: Callbacks,
*,
tags: list[str] | None = None,
input_mapper: Callable[[dict], Any] | None = None,
metadata: dict[str, Any] | None = None,
) -> dict | str:
"""Run a chain on inputs."""
inputs_ = inputs if input_mapper is None else input_mapper(inputs)def run_on_dataset(
client: Client | None,
dataset_name: str,
llm_or_chain_factory: MODEL_OR_CHAIN_FACTORY,
*,
evaluation: smith_eval.RunEvalConfig | None = None,
dataset_version: datetime | str | None = None,
concurrency_level: int = 5,
project_name: str | None = None,
project_metadata: dict[str, Any] | None = None,
verbose: bool = False,
## Sync Utilities
def _run_llm(
llm: BaseLanguageModel,
inputs: dict[str, Any],
callbacks: Callbacks,
*,
tags: list[str] | None = None,
def _run_chain(
chain: Chain | Runnable,
inputs: dict[str, Any],
callbacks: Callbacks,
def _run_llm(
llm: BaseLanguageModel,
inputs: dict[str, Any],
callbacks: Callbacks,
def run_on_dataset(
client: Client | None,
dataset_name: str,
llm_or_chain_factory: MODEL_OR_CHAIN_FACTORY,
def _run_chain(
chain: Chain | Runnable,
inputs: dict[str, Any],
callbacks: Callbacks, """Filter down documents based on their relevance to the query."""
results = self.reranker.invoke(
{"documents": documents, "query": query}, def compress_documents(
self,
documents: Sequence[Document],
query: str,
callbacks: Callbacks | None = None,
) -> Sequence[Document]:
"""Filter down documents based on their relevance to the query."""
results = self.reranker.invoke(
{"documents": documents, "query": query},
config={"callbacks": callbacks},
) def from_llm(
cls,
llm: BaseLanguageModel,
*,
prompt: BasePromptTemplate | None = None,
**kwargs: Any,
) -> "LLMListwiseRerank":
"""Create a LLMListwiseRerank document compressor from a language model.
Args:
llm: The language model to use for filtering. **Must implement def compress_documents(
self,
documents: Sequence[Document],
query: str,
callbacks: Callbacks | None = None,
) -> Sequence[Document]:
"""Rerank documents using CrossEncoder.
Args:
documents: A sequence of documents to compress.
query: The query to use for compressing the documents.
@override
def compress_documents(
self,
documents: Sequence[Document],
query: str, def compress_documents(
self,
documents: Sequence[Document],
query: str,
callbacks: Callbacks | None = None,
) -> Sequence[Document]:
"""Compress page content of raw documents."""
compressed_docs = []
for doc in documents:
_input = self.get_input(query, doc)
output_ = self.llm_chain.invoke(_input, config={"callbacks": callbacks}) ) -> list[Document]:
structured_query = self.query_constructor.invoke(
{"query": query}, def _get_relevant_documents(
self,
query: str,
*,
run_manager: CallbackManagerForRetrieverRun,
) -> list[Document]:
structured_query = self.query_constructor.invoke(
{"query": query},
config={"callbacks": run_manager.get_child()},
)
if self.verbose:
@override
def _get_relevant_documents(
self,
query: str,
*, "ChatGeneration",
self.generate_prompt(
[self._convert_input(input)], "AIMessageChunk",
self.invoke(input, config=config, stop=stop, **kwargs),
) def invoke(
self,
input: LanguageModelInput,
config: RunnableConfig | None = None,
*,
stop: list[str] | None = None,
**kwargs: Any,
) -> AIMessage:
config = ensure_config(config)
return cast(
"AIMessage", def generate_prompt(
self,
prompts: list[PromptValue],
stop: list[str] | None = None,
callbacks: Callbacks = None,
**kwargs: Any,
) -> LLMResult:
prompt_messages = [p.to_messages() for p in prompts]
return self.generate(prompt_messages, stop=stop, callbacks=callbacks, **kwargs)
@override ) -> Iterator[str]:
result = self.invoke(input, config)
for i_c, c in enumerate(result): def stream(
self,
input: LanguageModelInput,
config: RunnableConfig | None = None,
*,
stop: list[str] | None = None,
**kwargs: Any,
) -> Iterator[str]:
result = self.invoke(input, config)
for i_c, c in enumerate(result):
if self.sleep is not None:
@override
def stream(
self,
input: LanguageModelInput,
config: RunnableConfig | None = None, return (
self.generate_prompt(
[self._convert_input(input)], try:
llm_result = self.generate_prompt(
[self._convert_input(input_) for input_ in inputs], # model doesn't implement streaming, so use default implementation
yield self.invoke(input, config=config, stop=stop, **kwargs)
else: ) -> LLMResult:
prompt_strings = [p.to_string() for p in prompts]
return self.generate(prompt_strings, stop=stop, callbacks=callbacks, **kwargs)
def invoke(
self,
input: LanguageModelInput,
config: RunnableConfig | None = None,
*,
stop: list[str] | None = None,
**kwargs: Any,
) -> str:
config = ensure_config(config)
return (
self.generate_prompt( def batch(
self,
inputs: list[LanguageModelInput],
config: RunnableConfig | list[RunnableConfig] | None = None,
*,
return_exceptions: bool = False,
**kwargs: Any,
) -> list[str]:
if not inputs:
return []
def stream(
self,
input: LanguageModelInput,
config: RunnableConfig | None = None,
*,
stop: list[str] | None = None,
**kwargs: Any,
) -> Iterator[str]:
if type(self)._stream == BaseLLM._stream: # noqa: SLF001
# model doesn't implement streaming, so use default implementation
yield self.invoke(input, config=config, stop=stop, **kwargs) def generate_prompt(
self,
prompts: list[PromptValue],
stop: list[str] | None = None,
callbacks: Callbacks | list[Callbacks] | None = None,
**kwargs: Any,
) -> LLMResult:
prompt_strings = [p.to_string() for p in prompts]
return self.generate(prompt_strings, stop=stop, callbacks=callbacks, **kwargs)
@override def batch(
self,
inputs: list[Any],
config: RunnableConfig | list[RunnableConfig] | None = None,
*,
return_exceptions: bool = False,
**kwargs: Any,
) -> list[AIMessage]:
if isinstance(config, list):
return [
self.invoke(m, c, **kwargs) @override
# manually override batch to preserve batch ordering with no concurrency
def batch(
self,
inputs: list[Any],
config: RunnableConfig | list[RunnableConfig] | None = None,def tool(
name_or_callable: str | Callable | None = None,
runnable: Runnable | None = None,
*args: Any,
description: str | None = None,
return_direct: bool = False,
args_schema: ArgsSchema | None = None,
infer_schema: bool = True,
response_format: Literal["content", "content_and_artifact"] = "content",
parse_docstring: bool = False,
error_on_invalid_docstring: bool = True,def convert_runnable_to_tool(
runnable: Runnable,
args_schema: type[BaseModel] | None = None,
*,
name: str | None = None,
description: str | None = None,
arg_types: dict[str, type] | None = None,
) -> BaseTool:
"""Convert a Runnable into a BaseTool.
Args: def _create_tool_factory(
tool_name: str,
) -> Callable[[Callable | Runnable], BaseTool]:
"""Create a decorator that takes a callable and returns a tool.
Args:
tool_name: The name that will be assigned to the tool.
Returns:
A function that takes a callable or Runnable and returns a tool.
""" def invoke_wrapper(callbacks: Callbacks | None = None, **kwargs: Any) -> Any:
return runnable.invoke(kwargs, config={"callbacks": callbacks})
if (
arg_types is None
and schema.get("type") == "object"
and schema.get("properties")
):
args_schema = runnable.input_schema
else:
args_schema = _get_schema_from_runnable_and_arg_types( def invoke_wrapper(
callbacks: Callbacks | None = None, **kwargs: Any
) -> Any:
return runnable.invoke(kwargs, {"callbacks": callbacks})
coroutine = ainvoke_wrapper
func = invoke_wrapper
schema: ArgsSchema | None = runnable.input_schema
tool_description = description or repr(runnable)
elif inspect.iscoroutinefunction(dec_func):
coroutine = dec_func
def tool(
name_or_callable: str | Callable | None = None,
runnable: Runnable | None = None,
*args: Any,
def convert_runnable_to_tool(
runnable: Runnable,
args_schema: type[BaseModel] | None = None,
*, """ # noqa: D214, D410, D411 # We're intentionally showing bad formatting in examples
def _create_tool_factory(
tool_name: str,
) -> Callable[[Callable | Runnable], BaseTool]:
"""Create a decorator that takes a callable and returns a tool. return await runnable.ainvoke(kwargs, config={"callbacks": callbacks})
def invoke_wrapper(callbacks: Callbacks | None = None, **kwargs: Any) -> Any:
return runnable.invoke(kwargs, config={"callbacks": callbacks})
if ( return await runnable.ainvoke(kwargs, {"callbacks": callbacks})
def invoke_wrapper(
callbacks: Callbacks | None = None, **kwargs: Any
) -> Any:
return runnable.invoke(kwargs, {"callbacks": callbacks}) ) -> str | tuple[str, list[Document]]:
docs = retriever.invoke(query, config={"callbacks": callbacks})
content = document_separator.join(def create_retriever_tool(
retriever: BaseRetriever,
name: str,
description: str,
*,
document_prompt: BasePromptTemplate | None = None,
document_separator: str = "\n\n",
response_format: Literal["content", "content_and_artifact"] = "content",
) -> StructuredTool:
r"""Create a tool to do retrieval of documents.
def func(
query: str, callbacks: Callbacks = None
) -> str | tuple[str, list[Document]]:
docs = retriever.invoke(query, config={"callbacks": callbacks})
content = document_separator.join(
format_document(doc, document_prompt_) for doc in docs
)
if response_format == "content_and_artifact":
return (content, docs)
return content
def _create_subset_model_v2(
name: str,
model: type[BaseModel],
field_names: list[str],
*,
descriptions: dict | None = None,
fn_description: str | None = None,
) -> type[BaseModel]:
"""Create a Pydantic model with a subset of the model fields."""
descriptions_ = descriptions or {}
fields = {}
def _create_subset_model_v2(
name: str,
model: type[BaseModel],
field_names: list[str],def _convert_python_function_to_openai_function(
function: Callable,
) -> FunctionDescription:
"""Convert a Python function to an OpenAI function-calling API compatible dict.
Assumes the Python function has type hints and a docstring with a description. If
the docstring has Google Python style argument descriptions, these will be
included as well.
Args:
function: The Python function to convert.
def _convert_python_function_to_openai_function(
function: Callable,
) -> FunctionDescription:
"""Convert a Python function to an OpenAI function-calling API compatible dict.
def _convert_pydantic_to_openai_function(
model: type,
*,
name: str | None = None, _HAS_PYPPETEER = False
MARKDOWN_SPECIAL_CHARS = "*_`"
_HEX_COLOR_PATTERN = re.compile(r"^#(?:[0-9a-fA-F]{3}){1,2}$")
def draw_mermaid(
nodes: dict[str, Node],
edges: list[Edge], else:
return bound.invoke(input_, config, **kwargs)
try:
return bound.invoke(input_, config, **kwargs)
except Exception as e: def invoke(
self, input: Input, config: RunnableConfig | None = None, **kwargs: Any
) -> Output:
runnable, config = self.prepare(config)
return runnable.invoke(input, config, **kwargs)
@override
async def ainvoke(
self, input: Input, config: RunnableConfig | None = None, **kwargs: Any
) -> Output:
runnable, config = self.prepare(config) def batch(
self,
inputs: list[Input],
config: RunnableConfig | list[RunnableConfig] | None = None,
*,
return_exceptions: bool = False,
**kwargs: Any | None,
) -> list[Output]:
configs = get_config_list(config, len(inputs))
prepared = [self.prepare(c) for c in configs]
def invoke(
prepared: tuple[Runnable[Input, Output], RunnableConfig],
input_: Input,
) -> Output | Exception:
bound, config = prepared
if return_exceptions:
try:
return bound.invoke(input_, config, **kwargs)
except Exception as e:
return e
else:
@override
def invoke(
self, input: Input, config: RunnableConfig | None = None, **kwargs: Any
) -> Output:
runnable, config = self.prepare(config)
@override
def batch(
self,
inputs: list[Input],
config: RunnableConfig | list[RunnableConfig] | None = None, return []
def invoke(
prepared: tuple[Runnable[Input, Output], RunnableConfig],
input_: Input,
) -> Output | Exception:
expression_value = condition.invoke(
input, else:
output = self.default.invoke(
input, if expression_value:
output = runnable.invoke(
input,
expression_value = condition.invoke(
input, def invoke(
self, input: Input, config: RunnableConfig | None = None, **kwargs: Any
) -> Output:
"""First evaluates the condition, then delegate to `True` or `False` branch.
Args:
input: The input to the `Runnable`.
config: The configuration for the `Runnable`.
**kwargs: Additional keyword arguments to pass to the `Runnable`.
Returns: def stream(
self,
input: Input,
config: RunnableConfig | None = None,
**kwargs: Any | None,
) -> Iterator[Output]:
"""First evaluates the condition, then delegate to `True` or `False` branch.
Args:
input: The input to the `Runnable`.
config: The configuration for the `Runnable`.
@override
def invoke(
self, input: Input, config: RunnableConfig | None = None, **kwargs: Any
) -> Output:
"""First evaluates the condition, then delegate to `True` or `False` branch.
@override
def stream(
self,
input: Input,
config: RunnableConfig | None = None, with attempt:
result = super().invoke(
input_, def _invoke(
self,
input_: Input,
run_manager: "CallbackManagerForChainRun",
config: RunnableConfig,
**kwargs: Any,
) -> Output:
for attempt in self._sync_retrying(reraise=True):
with attempt:
result = super().invoke(
input_, ]
def _invoke(
self,
input_: Input,
run_manager: "CallbackManagerForChainRun", else:
return runnable.invoke(input_, config, **kwargs)
try:
return runnable.invoke(input_, config, **kwargs)
except Exception as e: def invoke(
self, input: RouterInput, config: RunnableConfig | None = None, **kwargs: Any
) -> Output:
key = input["key"]
actual_input = input["input"]
if key not in self.runnables:
msg = f"No runnable associated with key '{key}'"
raise ValueError(msg)
runnable = self.runnables[key]
return runnable.invoke(actual_input, config) def batch(
self,
inputs: list[RouterInput],
config: RunnableConfig | list[RunnableConfig] | None = None,
*,
return_exceptions: bool = False,
**kwargs: Any | None,
) -> list[Output]:
if not inputs:
return []
def invoke(
runnable: Runnable[Input, Output], input_: Input, config: RunnableConfig
) -> Output | Exception:
if return_exceptions:
try:
return runnable.invoke(input_, config, **kwargs)
except Exception as e:
return e
else:
return runnable.invoke(input_, config, **kwargs)
@override
def invoke(
self, input: RouterInput, config: RunnableConfig | None = None, **kwargs: Any
) -> Output:
key = input["key"]
@override
def batch(
self,
inputs: list[RouterInput],
config: RunnableConfig | list[RunnableConfig] | None = None, raise ValueError(msg)
def invoke(
runnable: Runnable[Input, Output], input_: Input, config: RunnableConfig
) -> Output | Exception:
if return_exceptions: def _invoke(
self,
value: dict[str, Any],
run_manager: CallbackManagerForChainRun,
config: RunnableConfig,
**kwargs: Any,
) -> dict[str, Any]:
if not isinstance(value, dict):
msg = "The input to RunnablePassthrough.assign() must be a dict."
raise ValueError(msg) # noqa: TRY004
return graph
def _invoke(
self,
value: dict[str, Any],
run_manager: CallbackManagerForChainRun, else:
out = self.invoke(input_, config, **kwargs)
try:
out: Output | Exception = self.invoke(input_, config, **kwargs)
except Exception as e: def batch(
self,
inputs: list[Input],
config: RunnableConfig | list[RunnableConfig] | None = None,
*,
return_exceptions: bool = False,
**kwargs: Any | None,
) -> list[Output]:
"""Default implementation runs invoke in parallel using a thread pool executor.
The default implementation of batch works well for IO bound runnables. def batch_as_completed(
self,
inputs: Sequence[Input],
config: RunnableConfig | Sequence[RunnableConfig] | None = None,
*,
return_exceptions: bool = False,
**kwargs: Any | None,
) -> Iterator[tuple[int, Output | Exception]]:
"""Run `invoke` in parallel on a list of inputs.
Yields results as they complete. def stream(
self,
input: Input,
config: RunnableConfig | None = None,
**kwargs: Any | None,
) -> Iterator[Output]:
"""Default implementation of `stream`, which calls `invoke`.
Subclasses must override this method if they support streaming output.
Args: def _invoke(
self,
input_: Input,
run_manager: CallbackManagerForChainRun,
config: RunnableConfig,
**kwargs: Any,
) -> Output:
if inspect.isgeneratorfunction(self.func):
output: Output | None = None
for chunk in call_func_with_variable_args(
cast("Callable[[Input], Iterator[Output]]", self.func), def invoke(
self,
input: Input,
config: RunnableConfig | None = None,
**kwargs: Any | None,
) -> Output:
return self.bound.invoke(
input,
self._merge_configs(config),
**{**self.kwargs, **kwargs},
) def invoke(input_: Input, config: RunnableConfig) -> Output | Exception:
if return_exceptions:
try:
return self.invoke(input_, config, **kwargs)
except Exception as e:
return e
else:
return self.invoke(input_, config, **kwargs)
# If there's only one input, don't bother with the executor
if len(inputs) == 1: def invoke(
i: int, input_: Input, config: RunnableConfig
) -> tuple[int, Output | Exception]:
if return_exceptions:
try:
out: Output | Exception = self.invoke(input_, config, **kwargs)
except Exception as e:
out = e
else:
out = self.invoke(input_, config, **kwargs)
return await run_in_executor(config, self.invoke, input, config, **kwargs)
def batch(
self,
inputs: list[Input],
config: RunnableConfig | list[RunnableConfig] | None = None, ) -> Iterator[tuple[int, Output | Exception]]: ...
def batch_as_completed(
self,
inputs: Sequence[Input],
config: RunnableConfig | Sequence[RunnableConfig] | None = None, yield await coro
def stream(
self,
input: Input,
config: RunnableConfig | None = None, return self._repr
def _invoke(
self,
input_: Input,
run_manager: CallbackManagerForChainRun,
@override
def invoke(
self,
input: Input,
config: RunnableConfig | None = None, configs = get_config_list(config, len(inputs))
def invoke(input_: Input, config: RunnableConfig) -> Output | Exception:
if return_exceptions:
try:
return self.invoke(input_, config, **kwargs) configs = get_config_list(config, len(inputs))
def invoke(
i: int, input_: Input, config: RunnableConfig
) -> tuple[int, Output | Exception]:
if return_exceptions:- `BaseMedia`: Base class providing `id` and `metadata` fields
- `Blob`: Raw data loading (files, binary data) - used by document loaders
- `Document`: Text content for retrieval (RAG, vector stores, semantic search)
!!! note "Not for LLM chat messages"
These classes are for data processing pipelines, not LLM I/O. For multimodal def __init__(
self,
evaluators: Sequence[langsmith.RunEvaluator],
client: langsmith.Client | None = None,
example_id: UUID | str | None = None,
skip_unfinished: bool = True, # noqa: FBT001,FBT002
project_name: str | None = "evaluators",
max_concurrency: int | None = None,
**kwargs: Any,
) -> None:
"""Create an EvaluatorCallbackHandler. lock: threading.Lock
def __init__(
self,
evaluators: Sequence[langsmith.RunEvaluator],
client: langsmith.Client | None = None,Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'ConfigAnalyzer' object has no attribute 'file_exists'
Implement statistical analysis on prompt patterns
Use ML-based anomaly detection for unusual inputs
Set up alerts for prompt anomaly detection
Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'bool' object has no attribute 'lower'
Implement watermarking for model outputs
Use cryptographic watermarks for model weights
Track watermark verification for model theft detection
Detection failed: 'bool' object has no attribute 'lower'
Use Presidio or SpaCy for NER-based PII detection
Implement custom NER models for domain-specific PII
Run PII detection on all inputs and outputs
Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'bool' object has no attribute 'lower'
Implement rate limiting on API endpoints
Add query logging and anomaly detection
Monitor for extraction patterns
Implement drift detection with evidently or alibi-detect
Monitor input data distribution changes
Set up automated alerts for drift events
Implement anomaly detection on model inputs
Monitor for unusual query patterns
Use statistical methods or ML-based detection
Implement adversarial input detection
Use adversarial robustness toolkits
Add input perturbation analysis
Detection failed: 'bool' object has no attribute 'lower'
Use Evidently or alibi-detect for drift monitoring
Set up automated alerts for significant drift
Implement automatic retraining pipelines
Use SHAP or LIME for model explanations
Provide decision explanations in outputs
Implement feature attribution tracking
Use Fairlearn or AIF360 for bias detection
Implement fairness metrics tracking
Test for demographic parity and equalized odds
Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'bool' object has no attribute 'lower'
Use MLflow, DVC, or Weights & Biases for model tracking
Implement model versioning with metadata
Maintain model registry with provenance information
Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'bool' object has no attribute 'lower'
Use Fairlearn or AIF360 for fairness metrics
Implement demographic parity testing
Monitor fairness metrics in production
Implement adversarial testing for bias
Test across demographic groups
Use TextAttack or CheckList for NLP bias testing
Detection failed: 'ConfigAnalyzer' object has no attribute 'file_exists'
Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'bool' object has no attribute 'lower'
Detection failed: 'bool' object has no attribute 'lower'
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations for SQL Injection: 1. Use parameterized queries: cursor.execute(query, (param,)) 2. Never concatenate LLM output into SQL 3. Use ORM query builders (SQLAlchemy, Django ORM) 4. Apply strict input validation 5. Use read-only database connections where possible
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations for SQL Injection: 1. Use parameterized queries: cursor.execute(query, (param,)) 2. Never concatenate LLM output into SQL 3. Use ORM query builders (SQLAlchemy, Django ORM) 4. Apply strict input validation 5. Use read-only database connections where possible
Mitigations for SQL Injection: 1. Use parameterized queries: cursor.execute(query, (param,)) 2. Never concatenate LLM output into SQL 3. Use ORM query builders (SQLAlchemy, Django ORM) 4. Apply strict input validation 5. Use read-only database connections where possible
Secure Remote Code Patterns: 1. NEVER execute code fetched from network without verification 2. Use cryptographic signatures to verify downloaded code 3. Pin URLs and verify checksums 4. Use package managers instead of direct downloads 5. Sandbox execution in isolated environments
Secure Remote Code Patterns: 1. NEVER execute code fetched from network without verification 2. Use cryptographic signatures to verify downloaded code 3. Pin URLs and verify checksums 4. Use package managers instead of direct downloads 5. Sandbox execution in isolated environments
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Code Execution Security: 1. NEVER execute LLM-generated code directly with exec()/eval() 2. If code execution is necessary, use sandboxed environments (Docker, VM) 3. Implement strict code validation and static analysis before execution 4. Use allowlists for permitted functions/modules 5. Set resource limits (CPU, memory, time) for execution 6. Parse and validate code structure before running 7. Consider using safer alternatives (JSON, declarative configs) 8. Log all code execution attempts with full context 9. Require human review for generated code 10. Use tools like RestrictedPython for safer Python execution
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations for Command Injection: 1. Never pass LLM output to shell commands 2. Use subprocess with shell=False and list arguments 3. Apply allowlist validation for expected values 4. Use shlex.quote() if shell execution is unavoidable 5. Consider alternative APIs that don't use shell
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations for SQL Injection: 1. Use parameterized queries: cursor.execute(query, (param,)) 2. Never concatenate LLM output into SQL 3. Use ORM query builders (SQLAlchemy, Django ORM) 4. Apply strict input validation 5. Use read-only database connections where possible
Mitigations for SQL Injection: 1. Use parameterized queries: cursor.execute(query, (param,)) 2. Never concatenate LLM output into SQL 3. Use ORM query builders (SQLAlchemy, Django ORM) 4. Apply strict input validation 5. Use read-only database connections where possible
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations for Command Injection: 1. Never pass LLM output to shell commands 2. Use subprocess with shell=False and list arguments 3. Apply allowlist validation for expected values 4. Use shlex.quote() if shell execution is unavoidable 5. Consider alternative APIs that don't use shell
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations for Command Injection: 1. Never pass LLM output to shell commands 2. Use subprocess with shell=False and list arguments 3. Apply allowlist validation for expected values 4. Use shlex.quote() if shell execution is unavoidable 5. Consider alternative APIs that don't use shell
Mitigations for Command Injection: 1. Never pass LLM output to shell commands 2. Use subprocess with shell=False and list arguments 3. Apply allowlist validation for expected values 4. Use shlex.quote() if shell execution is unavoidable 5. Consider alternative APIs that don't use shell
Mitigations for Command Injection: 1. Never pass LLM output to shell commands 2. Use subprocess with shell=False and list arguments 3. Apply allowlist validation for expected values 4. Use shlex.quote() if shell execution is unavoidable 5. Consider alternative APIs that don't use shell
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations for Command Injection: 1. Never pass LLM output to shell commands 2. Use subprocess with shell=False and list arguments 3. Apply allowlist validation for expected values 4. Use shlex.quote() if shell execution is unavoidable 5. Consider alternative APIs that don't use shell
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations for Command Injection: 1. Never pass LLM output to shell commands 2. Use subprocess with shell=False and list arguments 3. Apply allowlist validation for expected values 4. Use shlex.quote() if shell execution is unavoidable 5. Consider alternative APIs that don't use shell
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Secure Remote Code Patterns: 1. NEVER execute code fetched from network without verification 2. Use cryptographic signatures to verify downloaded code 3. Pin URLs and verify checksums 4. Use package managers instead of direct downloads 5. Sandbox execution in isolated environments
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Code Execution Security: 1. NEVER execute LLM-generated code directly with exec()/eval() 2. If code execution is necessary, use sandboxed environments (Docker, VM) 3. Implement strict code validation and static analysis before execution 4. Use allowlists for permitted functions/modules 5. Set resource limits (CPU, memory, time) for execution 6. Parse and validate code structure before running 7. Consider using safer alternatives (JSON, declarative configs) 8. Log all code execution attempts with full context 9. Require human review for generated code 10. Use tools like RestrictedPython for safer Python execution High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
NEVER directly execute LLM-generated code: 1. Remove direct execution: - Do not use eval(), exec(), or os.system() - Avoid dynamic code execution - Use safer alternatives (allow-lists) 2. If code generation is required: - Generate code for review only - Require human approval before execution - Use sandboxing (containers, VMs) - Implement strict security policies 3. Use structured outputs: - Return data, not code - Use JSON schemas - Define clear interfaces 4. Add safeguards: - Static code analysis before execution - Whitelist allowed operations - Rate limiting and monitoring
Mitigations for SQL Injection: 1. Use parameterized queries: cursor.execute(query, (param,)) 2. Never concatenate LLM output into SQL 3. Use ORM query builders (SQLAlchemy, Django ORM) 4. Apply strict input validation 5. Use read-only database connections where possible
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations for SQL Injection: 1. Use parameterized queries: cursor.execute(query, (param,)) 2. Never concatenate LLM output into SQL 3. Use ORM query builders (SQLAlchemy, Django ORM) 4. Apply strict input validation 5. Use read-only database connections where possible
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Secure Remote Code Patterns: 1. NEVER execute code fetched from network without verification 2. Use cryptographic signatures to verify downloaded code 3. Pin URLs and verify checksums 4. Use package managers instead of direct downloads 5. Sandbox execution in isolated environments
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Mitigations: 1. Use structured prompt templates (e.g., LangChain PromptTemplate) 2. Implement input sanitization to remove prompt injection patterns 3. Use separate 'user' and 'system' message roles (ChatML format) 4. Apply input validation and length limits 5. Use allowlists for expected input formats 6. Consider prompt injection detection libraries
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Secure Code Execution: 1. NEVER use eval/exec on untrusted input 2. Use safe alternatives (json.loads, ast.literal_eval) 3. Validate and sanitize all external content 4. Use sandboxed execution environments
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Remove hardcoded secrets immediately: 1. Use environment variables: os.getenv('API_KEY') 2. Use secret management: AWS Secrets Manager, Azure Key Vault, HashiCorp Vault 3. Use configuration files (never commit to git): config.ini, .env 4. Rotate the exposed secret immediately 5. Scan git history for leaked secrets: git-secrets, truffleHog 6. Add secret scanning to CI/CD pipeline
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Secure Code Execution: 1. NEVER use eval/exec on untrusted input 2. Use safe alternatives (json.loads, ast.literal_eval) 3. Validate and sanitize all external content 4. Use sandboxed execution environments
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Secure Tool/Plugin Implementation: 1. NEVER execute shell commands from LLM output directly 2. Use allowlists for permitted commands/operations 3. Validate all file paths against allowed directories 4. Use parameterized queries - never raw SQL from LLM 5. Validate URLs against allowlist before HTTP requests 6. Implement strict input schemas (JSON Schema, Pydantic) 7. Add rate limiting and request throttling 8. Log all tool invocations for audit 9. Use principle of least privilege 10. Implement human-in-the-loop for destructive operations
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Model DoS Mitigations: 1. Implement rate limiting per user/IP (@limiter.limit('10/minute')) 2. Validate and limit input length (max 1000 chars) 3. Set token limits (max_tokens=500) 4. Configure timeouts (timeout=30 seconds) 5. Avoid LLM calls in unbounded loops 6. Implement circuit breakers for cascading failures 7. Monitor and alert on resource usage 8. Use queuing for batch processing 9. Implement cost controls and budgets
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Tool Calling Security Best Practices: 1. Implement permission checks before tool execution (check_permission, authorize) 2. Use allowlists to restrict which tools can be called 3. Require human confirmation for sensitive operations 4. Log all tool executions with context for audit trails 5. Implement rate limiting on tool calls to prevent abuse 6. Use least-privilege principle - only grant necessary permissions 7. Add input validation for tool parameters 8. Consider implementing a "dry-run" mode for testing 9. Set up alerts for unusual tool usage patterns 10. Document tool permissions and restrictions clearly
Tool Calling Security Best Practices: 1. Implement permission checks before tool execution (check_permission, authorize) 2. Use allowlists to restrict which tools can be called 3. Require human confirmation for sensitive operations 4. Log all tool executions with context for audit trails 5. Implement rate limiting on tool calls to prevent abuse 6. Use least-privilege principle - only grant necessary permissions 7. Add input validation for tool parameters 8. Consider implementing a "dry-run" mode for testing 9. Set up alerts for unusual tool usage patterns 10. Document tool permissions and restrictions clearly
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Tool Calling Security Best Practices: 1. Implement permission checks before tool execution (check_permission, authorize) 2. Use allowlists to restrict which tools can be called 3. Require human confirmation for sensitive operations 4. Log all tool executions with context for audit trails 5. Implement rate limiting on tool calls to prevent abuse 6. Use least-privilege principle - only grant necessary permissions 7. Add input validation for tool parameters 8. Consider implementing a "dry-run" mode for testing 9. Set up alerts for unusual tool usage patterns 10. Document tool permissions and restrictions clearly
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Secure Tool Loading: 1. Validate tool names against an allowlist 2. Only load tools from trusted sources 3. Review tool permissions before loading 4. Sandbox tool execution
Secure Tool Loading: 1. Validate tool names against an allowlist 2. Only load tools from trusted sources 3. Review tool permissions before loading 4. Sandbox tool execution
Supply Chain Security Best Practices: 1. Pin model versions explicitly (model='gpt-4-0613') 2. Use model registries with version control 3. Document model versions in requirements.txt or similar 4. Implement model versioning in CI/CD pipelines
Tool Calling Security Best Practices: 1. Implement permission checks before tool execution (check_permission, authorize) 2. Use allowlists to restrict which tools can be called 3. Require human confirmation for sensitive operations 4. Log all tool executions with context for audit trails 5. Implement rate limiting on tool calls to prevent abuse 6. Use least-privilege principle - only grant necessary permissions 7. Add input validation for tool parameters 8. Consider implementing a "dry-run" mode for testing 9. Set up alerts for unusual tool usage patterns 10. Document tool permissions and restrictions clearly
Tool Calling Security Best Practices: 1. Implement permission checks before tool execution (check_permission, authorize) 2. Use allowlists to restrict which tools can be called 3. Require human confirmation for sensitive operations 4. Log all tool executions with context for audit trails 5. Implement rate limiting on tool calls to prevent abuse 6. Use least-privilege principle - only grant necessary permissions 7. Add input validation for tool parameters 8. Consider implementing a "dry-run" mode for testing 9. Set up alerts for unusual tool usage patterns 10. Document tool permissions and restrictions clearly
Tool Calling Security Best Practices: 1. Implement permission checks before tool execution (check_permission, authorize) 2. Use allowlists to restrict which tools can be called 3. Require human confirmation for sensitive operations 4. Log all tool executions with context for audit trails 5. Implement rate limiting on tool calls to prevent abuse 6. Use least-privilege principle - only grant necessary permissions 7. Add input validation for tool parameters 8. Consider implementing a "dry-run" mode for testing 9. Set up alerts for unusual tool usage patterns 10. Document tool permissions and restrictions clearly
Tool Calling Security Best Practices: 1. Implement permission checks before tool execution (check_permission, authorize) 2. Use allowlists to restrict which tools can be called 3. Require human confirmation for sensitive operations 4. Log all tool executions with context for audit trails 5. Implement rate limiting on tool calls to prevent abuse 6. Use least-privilege principle - only grant necessary permissions 7. Add input validation for tool parameters 8. Consider implementing a "dry-run" mode for testing 9. Set up alerts for unusual tool usage patterns 10. Document tool permissions and restrictions clearly
Secure Tool Loading: 1. Validate tool names against an allowlist 2. Only load tools from trusted sources 3. Review tool permissions before loading 4. Sandbox tool execution
Secure Tool Loading: 1. Validate tool names against an allowlist 2. Only load tools from trusted sources 3. Review tool permissions before loading 4. Sandbox tool execution
Secure Tool Loading: 1. Validate tool names against an allowlist 2. Only load tools from trusted sources 3. Review tool permissions before loading 4. Sandbox tool execution
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
High-Risk Operation Safety: 1. Require explicit user confirmation for destructive actions 2. Display clear preview of what will be changed/deleted 3. Implement "undo" functionality where possible 4. Use transaction rollback for database operations 5. Add time delays before executing irreversible actions 6. Send notifications for critical operations 7. Implement approval workflows for sensitive operations 8. Maintain detailed audit logs of all actions 9. Use "dry-run" mode to show what would happen 10. Consider implementing operation quotas/limits
Secure Code Execution: 1. NEVER use eval/exec on untrusted input 2. Use safe alternatives (json.loads, ast.literal_eval) 3. Validate and sanitize all external content 4. Use sandboxed execution environments
Critical data_modification decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards
Critical security decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards
Critical security, data_modification decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards
Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical security, data_modification decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards
Critical data_modification decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards
Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical security decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards
Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical security decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards
Critical security decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards
Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical data_modification decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards
Critical data_modification decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards
Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical security decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical data_modification decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards
Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical security decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical security decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical security decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical security decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards
Critical security decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards
Critical security decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical security decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical data_modification decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical security, data_modification decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Implement confidence thresholds for automated actions: 1. Add confidence scoring: - Request confidence scores from LLM - Calculate custom confidence metrics - Track historical accuracy 2. Set thresholds: - High confidence (>0.9): Auto-execute - Medium confidence (0.7-0.9): Human review - Low confidence (<0.7): Reject or escalate 3. Validate output: - Use schema validation (Pydantic) - Check output format and constraints - Verify against expected patterns 4. Implement fallbacks: - Have backup strategies for low confidence - Use simpler/safer alternatives - Escalate to human operators
Critical data_modification decision requires human oversight: 1. Implement human-in-the-loop review: - Add review queue for high-stakes decisions - Require explicit human approval before execution - Log all decisions for audit trail 2. Add verification mechanisms: - Cross-reference with trusted sources - Implement multi-step verification - Use confidence thresholds 3. Include safety checks: - Set limits on transaction amounts - Require secondary confirmation - Implement rollback mechanisms 4. Add disclaimers: - Inform users output may be incorrect - Recommend professional consultation - Document limitations clearly 5. Monitor and review: - Track decision outcomes - Review failures and near-misses - Continuously improve safeguards