fix: preserve cloak config defaults when mode omitted
This commit is contained in:
@@ -1241,36 +1241,28 @@ func applyCloaking(ctx context.Context, cfg *config.Config, auth *cliproxyauth.A
|
|||||||
useExperimentalCCHSigning := experimentalCCHSigningEnabled(cfg, auth)
|
useExperimentalCCHSigning := experimentalCCHSigningEnabled(cfg, auth)
|
||||||
|
|
||||||
// Get cloak config from ClaudeKey configuration
|
// Get cloak config from ClaudeKey configuration
|
||||||
|
|
||||||
cloakCfg := resolveClaudeKeyCloakConfig(cfg, auth)
|
cloakCfg := resolveClaudeKeyCloakConfig(cfg, auth)
|
||||||
attrMode, attrStrict, attrWords, attrCache := getCloakConfigFromAuth(auth)
|
attrMode, attrStrict, attrWords, attrCache := getCloakConfigFromAuth(auth)
|
||||||
|
|
||||||
// Determine cloak settings
|
// Determine cloak settings
|
||||||
var cloakMode string
|
cloakMode := attrMode
|
||||||
var strictMode bool
|
strictMode := attrStrict
|
||||||
var sensitiveWords []string
|
sensitiveWords := attrWords
|
||||||
var cacheUserID bool
|
cacheUserID := attrCache
|
||||||
|
|
||||||
if cloakCfg != nil {
|
if cloakCfg != nil {
|
||||||
cloakMode = strings.TrimSpace(cloakCfg.Mode)
|
if mode := strings.TrimSpace(cloakCfg.Mode); mode != "" {
|
||||||
if cloakMode == "" {
|
cloakMode = mode
|
||||||
cloakMode = attrMode
|
}
|
||||||
strictMode = attrStrict
|
if cloakCfg.StrictMode {
|
||||||
sensitiveWords = attrWords
|
strictMode = true
|
||||||
} else {
|
}
|
||||||
strictMode = cloakCfg.StrictMode
|
if len(cloakCfg.SensitiveWords) > 0 {
|
||||||
sensitiveWords = cloakCfg.SensitiveWords
|
sensitiveWords = cloakCfg.SensitiveWords
|
||||||
}
|
}
|
||||||
if cloakCfg.CacheUserID != nil {
|
if cloakCfg.CacheUserID != nil {
|
||||||
cacheUserID = *cloakCfg.CacheUserID
|
cacheUserID = *cloakCfg.CacheUserID
|
||||||
} else {
|
|
||||||
cacheUserID = attrCache
|
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
cloakMode = attrMode
|
|
||||||
strictMode = attrStrict
|
|
||||||
sensitiveWords = attrWords
|
|
||||||
cacheUserID = attrCache
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Determine if cloaking should be applied
|
// Determine if cloaking should be applied
|
||||||
|
|||||||
@@ -1814,3 +1814,27 @@ func TestClaudeExecutor_ExperimentalCCHSigningOptInSignsFinalBody(t *testing.T)
|
|||||||
t.Fatalf("cch = %q, want %q\nbody: %s", actualCCH, wantCCH, string(seenBody))
|
t.Fatalf("cch = %q, want %q\nbody: %s", actualCCH, wantCCH, string(seenBody))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestApplyCloaking_PreservesConfiguredStrictModeAndSensitiveWordsWhenModeOmitted(t *testing.T) {
|
||||||
|
cfg := &config.Config{
|
||||||
|
ClaudeKey: []config.ClaudeKey{{
|
||||||
|
APIKey: "key-123",
|
||||||
|
Cloak: &config.CloakConfig{
|
||||||
|
StrictMode: true,
|
||||||
|
SensitiveWords: []string{"proxy"},
|
||||||
|
},
|
||||||
|
}},
|
||||||
|
}
|
||||||
|
auth := &cliproxyauth.Auth{Attributes: map[string]string{"api_key": "key-123"}}
|
||||||
|
payload := []byte(`{"system":"proxy rules","messages":[{"role":"user","content":[{"type":"text","text":"proxy access"}]}]}`)
|
||||||
|
|
||||||
|
out := applyCloaking(context.Background(), cfg, auth, payload, "claude-3-5-sonnet-20241022", "key-123")
|
||||||
|
|
||||||
|
blocks := gjson.GetBytes(out, "system").Array()
|
||||||
|
if len(blocks) != 2 {
|
||||||
|
t.Fatalf("expected strict mode to keep only injected system blocks, got %d", len(blocks))
|
||||||
|
}
|
||||||
|
if got := gjson.GetBytes(out, "messages.0.content.0.text").String(); !strings.Contains(got, zeroWidthSpace) {
|
||||||
|
t.Fatalf("expected configured sensitive word obfuscation to apply, got %q", got)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user