Tags give the ability to mark specific points in history as being important
-
v2.0
Release: v2.0f3ffaf53 · ·## Changelog ### Features - **AI-Powered Prompt Improvement**: Added an integrated tool that uses configured LLM providers to automatically refine and enhance user prompts. The system uses a sophisticated two-phase internal process (evaluation + precision refinement) to improve clarity, structure, and effectiveness while preserving the original intent. - **Prompt Testing Framework**: Introduced a comprehensive testing framework to evaluate and validate prompts, featuring: - **LLM as a Judge**: Automates the evaluation of prompt responses against multiple models using configurable scoring dimensions (e.g., correctness, clarity, safety). - **Robustness Testing**: Measures the semantic and structural consistency of prompt outputs across multiple runs to calculate a unified reliability score. - **Security Evaluation**: Assesses prompt resistance to common adversarial attacks, including prompt injection, system prompt leakage, and obfuscated instructions. - **LLM Provider Configuration**: Users can now configure and manage connections to multiple LLM providers (e.g., OpenAI, Anthropic, Ollama, other OpenAI-compatible endpoints) through the settings UI. API keys are securely encrypted at rest. - **User Self-Deactivation**: Added a feature in the "Danger Zone" of the settings page for users to deactivate their own accounts. This action revokes all sessions and notifies administrators. ### Bug Fixes - **Database Connection with Special Characters**: Fixed a critical bug where special characters (e.g., `%`) in the `POSTGRES_PASSWORD` would cause database connection failures. - **Foreign Key Behavior on User Deletion**: Changed the `ondelete` behavior for user-related foreign keys from `CASCADE` to `SET NULL` to prevent accidental data loss when a user account is deactivated. ### Security - **Encrypted LDAP & LLM Credentials**: All LLM provider API keys and LDAP bind passwords are now encrypted at rest using a dedicated, strong encryption key, significantly improving credential security. - **Hardened CI/CD Pipeline**: Removed hardcoded credentials from the `.gitlab-ci.yml` file, replacing them with secure CI/CD variables to prevent secret leaks. - **Strengthened CORS Policy**: Implemented a stricter Content Security Policy (CSP) and required explicit `FRONTEND_URLS` configuration in production to prevent cross-origin vulnerabilities. - **Enhanced Security Headers**: Added a comprehensive set of security headers (HSTS, X-Frame-Options, CSP with nonce support) to protect against clickjacking, XSS, and other web vulnerabilities. - **Improved Admin Password Security**: Increased the recommended length for the `ADMIN_PASSWORD` to 32 characters and added validation against weak, common passwords. - **Hardened Docker Images & Kubernetes Manifests**: Pinned base images to specific digests, implemented non-root users, and configured read-only filesystems with resource limits in Kubernetes deployments to enhance container security. - **Disabled API Docs in Production**: OpenAPI/Swagger documentation endpoints are now automatically disabled in production environments to prevent information disclosure. - **Sanitized Error Messages**: Exception messages are now sanitized to prevent leaking sensitive information or internal paths to the client. ### Refactoring - **Database Migration Process**: Improved the startup script to be more robust. It now uses advisory locks to prevent race conditions in multi-replica deployments and can automatically "stamp" existing databases to bootstrap them into the migration system. - **CI/CD Build Logic**: Centralized Docker authentication logic in the `before_script` section of the GitLab CI configuration, reducing duplication. - **LLM API Transport Layer**: Created a new, unified transport layer (`llm_transport.py`) for making provider-agnostic calls to LLMs, supporting streaming and granular timeout configurations. - **Asynchronous Security Evaluation**: The Security Evaluation test now runs asynchronously with status polling to support long-running evaluations without tying up HTTP connections. ### Performance - **LLM Streaming Support**: Added a preference for using streaming API calls for LLM interactions. This improves responsiveness and avoids idle timeouts during long inference tasks. ### Other - **Documentation Overhaul**: The `README.md` and other documentation files have been extensively updated to cover all new features, including the testing framework, LLM provider configuration, security enhancements, and a detailed troubleshooting guide. - **Improved Build Tagging**: The CI/CD pipeline now automatically tags Docker images with `latest` for the `main` branch and `dev` for all other branches, improving version management.