stack

mosaic/stack

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jason Woltje	f2b25079d9	fix(#27 ): address security issues in intent classification All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details - Add input sanitization to prevent LLM prompt injection (escapes quotes, backslashes, replaces newlines) - Add MaxLength(500) validation to DTO to prevent DoS - Add entity validation to filter malicious LLM responses - Add confidence validation to clamp values to 0.0-1.0 - Make LLM model configurable via INTENT_CLASSIFICATION_MODEL env var - Add 12 new security tests (total: 72 tests, from 60) Security fixes identified by code review: - CVE-mitigated: Prompt injection via unescaped user input - CVE-mitigated: Unvalidated entity data from LLM response - CVE-mitigated: Missing input length validation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 16:50:32 -06:00
Jason Woltje	d7f04d1148	feat(#27 ): implement intent classification service All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details Implement intent classification for natural language queries in the brain module. Features: - Hybrid classification approach: rule-based (fast, <100ms) with optional LLM fallback - 10 intent types: query_tasks, query_events, query_projects, create_task, create_event, update_task, update_event, briefing, search, unknown - Entity extraction: dates, times, priorities, statuses, people - Pattern-based matching with priority system (higher priority = checked first) - Optional LLM classification for ambiguous queries - POST /api/brain/classify endpoint Implementation: - IntentClassificationService with classify(), classifyWithRules(), classifyWithLlm(), extractEntities() - Comprehensive regex patterns for common query types - Entity extraction for dates, times, priorities, statuses, mentions - Type-safe interfaces for IntentType, IntentClassification, ExtractedEntity, IntentPattern - ClassifyIntentDto and IntentClassificationResultDto for API validation - Integrated with existing LlmService (optional dependency) Testing: - 60 comprehensive tests covering all intent types - Edge cases: empty queries, special characters, case sensitivity, multiple whitespace - Entity extraction tests with position tracking - LLM fallback tests with error handling - 100% test coverage - All tests passing (60/60) - TDD approach: tests written first Quality: - No explicit any types - Explicit return types on all functions - No TypeScript errors - Build successful - Follows existing code patterns - Quality Rails compliance: All lint checks pass Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 15:41:10 -06:00

Author

SHA1

Message

Date

Jason Woltje

f2b25079d9

fix(#27 ): address security issues in intent classification

ci/woodpecker/push/woodpecker Pipeline was successful

Details

- Add input sanitization to prevent LLM prompt injection
  (escapes quotes, backslashes, replaces newlines)
- Add MaxLength(500) validation to DTO to prevent DoS
- Add entity validation to filter malicious LLM responses
- Add confidence validation to clamp values to 0.0-1.0
- Make LLM model configurable via INTENT_CLASSIFICATION_MODEL env var
- Add 12 new security tests (total: 72 tests, from 60)

Security fixes identified by code review:
- CVE-mitigated: Prompt injection via unescaped user input
- CVE-mitigated: Unvalidated entity data from LLM response
- CVE-mitigated: Missing input length validation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-31 16:50:32 -06:00

Jason Woltje

d7f04d1148

feat(#27 ): implement intent classification service

ci/woodpecker/push/woodpecker Pipeline was successful

Details

Implement intent classification for natural language queries in the brain module.

Features:
- Hybrid classification approach: rule-based (fast, <100ms) with optional LLM fallback
- 10 intent types: query_tasks, query_events, query_projects, create_task, create_event, update_task, update_event, briefing, search, unknown
- Entity extraction: dates, times, priorities, statuses, people
- Pattern-based matching with priority system (higher priority = checked first)
- Optional LLM classification for ambiguous queries
- POST /api/brain/classify endpoint

Implementation:
- IntentClassificationService with classify(), classifyWithRules(), classifyWithLlm(), extractEntities()
- Comprehensive regex patterns for common query types
- Entity extraction for dates, times, priorities, statuses, mentions
- Type-safe interfaces for IntentType, IntentClassification, ExtractedEntity, IntentPattern
- ClassifyIntentDto and IntentClassificationResultDto for API validation
- Integrated with existing LlmService (optional dependency)

Testing:
- 60 comprehensive tests covering all intent types
- Edge cases: empty queries, special characters, case sensitivity, multiple whitespace
- Entity extraction tests with position tracking
- LLM fallback tests with error handling
- 100% test coverage
- All tests passing (60/60)
- TDD approach: tests written first

Quality:
- No explicit any types
- Explicit return types on all functions
- No TypeScript errors
- Build successful
- Follows existing code patterns
- Quality Rails compliance: All lint checks pass

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-31 15:41:10 -06:00

2 Commits