align last local fixes

genia-dev · Oct 28, 2024 · 456648a · 456648a
1 parent b0c9c4c
commit 456648a
Show file tree

Hide file tree

Showing 14 changed files with 52 additions and 114 deletions.
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
@@ -3,4 +3,4 @@ name: vibraniumdome
 description: A Helm chart for Kubernetes
 type: application
 version: 0.1.0
-appVersion: "0.1.0"
+appVersion: "1.16.0"
diff --git a/helm/README.md b/helm/README.md
@@ -61,12 +61,6 @@ kubectl port-forward service/vibraniumdome-streamlit-app 8501:8501
 
 Now you can access the application via http://localhost:3000 and the streamlit application via http://localhost:8501 and send llm interactions via http://localhost:5001 .
 
-> [!IMPORTANT]
-> The default configuration works on `ClusterIP`, if you want to run on real env with `NodePort`, you need to configure helm to run:
-
-```
-helm install test-release helm --set app.serviceType=NodePort --set shields.serviceType=NodePort --set streamlitApp.serviceType=NodePort --set opensearchDashboards.service.type=NodePort
-```
 
 ## Uninstall VibraniumDome Helm Chart
 ```

diff --git a/helm/templates/app-service.yaml b/helm/templates/app-service.yaml
@@ -3,12 +3,9 @@ kind: Service
 metadata:
   name: {{ .Values.app.name }}
 spec:
-  type: {{ .Values.app.serviceType }}
+  type: ClusterIP
   ports:
-    - port: {{ (index .Values.app.ports 0).containerPort }}
-      targetPort: {{ (index .Values.app.ports 0).containerPort }}
-      protocol: TCP
-      name: http
-
+  - port: {{ (index .Values.app.ports 0).containerPort }}
+    targetPort: {{ (index .Values.app.ports 0).containerPort }}
   selector:
-    app: {{ .Values.app.name }}
+    app: {{ .Values.app.name }}
diff --git a/helm/templates/opensearch-dashboards-deployment.yaml b/helm/templates/opensearch-dashboards-deployment.yaml
@@ -3,7 +3,7 @@ kind: StatefulSet
 metadata:
   name: {{ .Values.opensearchDashboards.name }}
 spec:
-  replicas: {{ .Values.opensearchDashboards.replicaCount }}
+  replicas: 1
   selector:
     matchLabels:
       app: {{ .Values.opensearchDashboards.name }}
@@ -16,7 +16,7 @@ spec:
       - name: {{ .Values.opensearchDashboards.name }}
         image: "{{ .Values.opensearchDashboards.image.repository }}:{{ .Values.opensearchDashboards.image.tag }}"
         ports:
-        - containerPort: {{ .Values.opensearchDashboards.deployment.containerPort }}
+        - containerPort: 5601
         env:
           - name: "OPENSEARCH_HOSTS"
             value: '["https://vibraniumdome-opensearch-node-1:9200"]'

diff --git a/helm/templates/opensearch-dashboards-service.yaml b/helm/templates/opensearch-dashboards-service.yaml
@@ -3,11 +3,11 @@ kind: Service
 metadata:
   name: {{ .Values.opensearchDashboards.name }}
 spec:
-  type: {{ .Values.opensearchDashboards.service.type }}
+  type: ClusterIP
   ports:
-    - port: {{ .Values.opensearchDashboards.service.port }}
-      targetPort: {{ .Values.opensearchDashboards.service.targetPort }}
-      protocol: {{ .Values.opensearchDashboards.service.protocol }}
-      name: http
+  - port: 5601
+    targetPort: 5601
+    protocol: TCP
+    name: http
   selector:
-    app: {{ .Values.opensearchDashboards.name }}
+    app: {{ .Values.opensearchDashboards.name }}
diff --git a/helm/templates/shields-service.yaml b/helm/templates/shields-service.yaml
@@ -3,9 +3,9 @@ kind: Service
 metadata:
   name: {{ .Values.shields.name }}
 spec:
-  type: {{ .Values.shields.serviceType }}
+  type: ClusterIP
   ports:
-    - port: {{ (index .Values.shields.ports 0).containerPort }}
-      targetPort: {{ (index .Values.shields.ports 0).containerPort }}
+  - port: {{ (index .Values.shields.ports 0).containerPort }}
+    targetPort: {{ (index .Values.shields.ports 0).containerPort }}
   selector:
     app: {{ .Values.shields.name }}
diff --git a/helm/templates/streamlit-app-service.yaml b/helm/templates/streamlit-app-service.yaml
@@ -3,7 +3,7 @@ kind: Service
 metadata:
   name: {{ .Values.streamlitApp.name }}
 spec:
-  type: {{ .Values.streamlitApp.serviceType }}
+  type: ClusterIP
   ports:
   - port: {{ (index .Values.streamlitApp.ports 0).containerPort }}
     targetPort: {{ (index .Values.streamlitApp.ports 0).containerPort }}

diff --git a/helm/templates/tests/test-connection.yaml b/helm/templates/tests/test-connection.yaml
@@ -11,5 +11,5 @@ spec:
     - name: wget
       image: busybox
       command: ['wget']
-      args: ['{{ include "vibraniumdome.fullname" . }}:{{ (index .Values.shields.ports 0).containerPort }}']
+      args: ['{{ include "vibraniumdome.fullname" . }}:{{ .Values.service.port }}']
   restartPolicy: Never
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -6,38 +6,13 @@ app:
     tag: 0.3.0
   ports:
     - containerPort: 3000
-  serviceType: ClusterIP  # Default service type
   environment:
-    # `vibraniumdome-app` serves as the frontend (management & dashboard) of the VibraniumDome service,
-    # utilizing a MySQL database for its state. This is the database URL which, by default, does not include a password.
-    # You can modify this by adding a password after `root:` and configuring it
-    # in this file as well as in `vibraniumdome-app-db` under the MYSQL_ROOT_PASSWORD environment variable.
     DATABASE_URL: "mysql://root:@vibraniumdome-app-db:3306/vibraniumdome"
-    # `vibraniumdome-app` is a Next.js app that includes a login page,
-    # this key is used by NextAuth to create authenticated sessions.
     NEXTAUTH_SECRET: "TNhv82aTvdYGcn7J8mUMpgaIEjgCpagUyn1dih/Ex0Y="
-    # The base URL for login. Note that if you change from ClusterIP to NodePort with a LoadBalancer Ingress,
-    # you need to configure the FQDN here, e.g., https://myapp.myvibraniumdome.com
     NEXTAUTH_URL: "http://localhost:3000"
-    # The Next.js authentication library, NextAuth, supports multiple authentication providers.
-    # You can read more here: https://next-auth.js.org/v3/configuration/providers
-    # Google Social Login is one of these providers. You can configure this login by creating a Google App Integration
-    # and providing the credential details of the app here.
     GOOGLE_CLIENT_ID: "changeme"
     GOOGLE_CLIENT_SECRET: "changeme"
-    # `vibraniumdome-app` contains embedded OpenSearch to ensure seamless integration between the app and OpenSearch.
-    # The authentication method in OpenSearch has transitioned from basic authentication to jwtToken. To generate this jwtToken,
-    # the app and OpenSearch share a key. Note that if you change the default key, you must also update it in this file
-    # by providing the base64 encoded value. For example, the default case for `39214785178865762003920415964132` in base64
-    # encoding is `MzkyMTQ3ODUxNzg4NjU3NjIwMDM5MjA0MTU5NjQxMzI=`, so in this config it is plain, while in the OpenSearch config,
-    # it is the base64 encoding of '39214785178865762003920415964132', which is 'MzkyMTQ3ODUxNzg4NjU3NjIwMDM5MjA0MTU5NjQxMzI=':
-    # config:
-    #   signing_key: "MzkyMTQ3ODUxNzg4NjU3NjIwMDM5MjA0MTU5NjQxMzI="
-    #   jwt_header: "Authorization"
     OPENSEARCH_JWT_HMAC_SIGNING_KEY: "39214785178865762003920415964132"
-    # The OpenSearch URLs are not secrets; they are the dashboard IDs used to load the correct pre-built dashboards.
-    # Note that if you change from ClusterIP to NodePort with a LoadBalancer Ingress,
-    # you need to configure the FQDN here, e.g., https://myopensearch.myvibraniumdome.com
     OPENSEARCH_DASHBOARD_URL: "http://localhost:5601/app/dashboards?jwtToken=<JWT>#/view/575f44f0-8314-11ee-8fdd-231c9d91c919?embed=true&_g=(filters%3A!()%2CrefreshInterval%3A(pause%3A!f%2Cvalue%3A900000)%2Ctime%3A(from%3Anow-7d%2Cto%3Anow))&show-query-input=true&show-time-filter=true"
     OPENSEARCH_GOVERNANCE_URL: "http://localhost:5601/app/dashboards?jwtToken=<JWT>#/view/7825b8b0-b6e8-11ee-8860-0f0de9c93d68?embed=true&_g=(filters%3A!()%2CrefreshInterval%3A(pause%3A!f%2Cvalue%3A900000)%2Ctime%3A(from%3Anow-7d%2Cto%3Anow))&show-query-input=true&show-time-filter=true"
 
@@ -62,15 +37,11 @@ shields:
     tag: 0.3.0
   ports:
     - containerPort: 5001
-  serviceType: ClusterIP  # Default service type
   environment:
     OPENAI_API_KEY: ""
     VIBRANIUM_DOME_OPENSEARCH_HOST: "vibraniumdome-opensearch-node-1"
     VIBRANIUM_DOME_OPENSEARCH_PORT: "9200"
     VIBRANIUM_DOME_APP_BASE_URL: "http://vibraniumdome-app:3000"
-    # The VibraniumDome client requires authentication to send telemetry data to `vibraniumdome-shields`.
-    # This key is used to authenticate to the system and to identify which tenant the data belongs to.
-    # To modify this key, you also need to update it in `seed.ts` in `vibraniumdome-app`.
     VIBRANIUM_DOME_API_KEY: "vibranium_elgstr7i53e3vpy0pbc8175fp6eaj4k3fjzd"
     VIBRANIUM_HOME: "/app"
     TOKENIZERS_PARALLELISM: "false"
@@ -83,7 +54,6 @@ streamlitApp:
     tag: 0.3.0
   ports:
     - containerPort: 8501
-  serviceType: ClusterIP  # Default service type
 
 opensearchNode1:
   replicaCount: 1
@@ -112,20 +82,21 @@ opensearchDashboards:
   image:
     repository: opensearchproject/opensearch-dashboards
     tag: 2.9.0
-  service:
-    type: ClusterIP  # Default service type
-    port: 5601
-    targetPort: 5601
-    protocol: TCP
-  deployment:
-    containerPort: 5601
+  ports:
+    - containerPort: 5601
 
 opensearchSeeder:
   name: vibraniumdome-opensearch-seeder
   image:
     repository: centos
     tag: latest
 
+service:
+  port: 3000
+
+service:
+  type: "NodePort"
+
 serviceAccount:
   create: false
 

diff --git a/vibraniumdome-app/package.json b/vibraniumdome-app/package.json
@@ -22,7 +22,7 @@
     "@mui/icons-material": "^5.14.15",
     "@mui/material": "^5.14.15",
     "@next-auth/prisma-adapter": "1.0.7",
-    "@prisma/client": "5.13.0",
+    "@prisma/client": "5.5.0",
     "@radix-ui/react-avatar": "^1.0.4",
     "@radix-ui/react-checkbox": "^1.0.4",
     "@radix-ui/react-dialog": "^1.0.5",
@@ -84,7 +84,7 @@
     "postcss": "^8.4.27",
     "prettier": "^3.0.0",
     "prettier-plugin-tailwindcss": "^0.5.1",
-    "prisma": "5.13.0",
+    "prisma": "5.5.0",
     "tailwindcss": "^3.3.3",
     "ts-node": "^10.9.1",
     "typescript": "^5.2.2"

diff --git a/vibraniumdome-app/prisma/seed.ts b/vibraniumdome-app/prisma/seed.ts
@@ -8,7 +8,7 @@ const defaultPolicy = {
   "redact_conversation": false,
   "input_shields": [
     { "type": "com.vibraniumdome.shield.input.transformer", "metadata": { "threshold": 0.70 }, "full_name": "Prompt injection transformer shield" },
-    { "type": "com.vibraniumdome.shield.input.transformer", "metadata": { "model": "ProtectAI/deberta-v3-base-prompt-injection-v2", "threshold": 0.9 }, "full_name": "Prompt injection transformer shield 1" },
+    { "type": "com.vibraniumdome.shield.input.transformer", "metadata": { "model": "ProtectAI/deberta-v3-base-prompt-injection", "threshold": 0.9 }, "full_name": "Prompt injection transformer shield 1" },
     { "type": "com.vibraniumdome.shield.input.model_dos", "metadata": { "threshold": 10, "interval_sec": 60, "limit_by": "llm.user" }, "full_name": "Model denial of service shield" },
     { "type": "com.vibraniumdome.shield.input.captain", "metadata": { "model": "gpt-3.5-turbo", "model_vendor": "openai" }, "full_name": "Captain's shield" },
     { "type": "com.vibraniumdome.shield.input.semantic_similarity", "metadata": {}, "full_name": "Semantic vector similarity shield" },

diff --git a/vibraniumdome-app/src/server/api/routers/policy.ts b/vibraniumdome-app/src/server/api/routers/policy.ts
@@ -17,7 +17,7 @@ const basePolicy = {
   "redact_conversation": false,
   "input_shields": [
     { "type": "com.vibraniumdome.shield.input.transformer", "metadata": { "threshold": 0.70 }, "full_name": "Prompt injection transformer shield" },
-    { "type": "com.vibraniumdome.shield.input.transformer", "metadata": { "model": "ProtectAI/deberta-v3-base-prompt-injection-v2", "threshold": 0.9 }, "full_name": "Prompt injection transformer shield 1" },
+    { "type": "com.vibraniumdome.shield.input.transformer", "metadata": { "model": "ProtectAI/deberta-v3-base-prompt-injection", "threshold": 0.98 }, "full_name": "Prompt injection transformer shield 1" },
     { "type": "com.vibraniumdome.shield.input.model_dos", "metadata": { "threshold": 10, "interval_sec": 60, "limit_by": "llm.user" }, "full_name": "Model denial of service shield" },
     { "type": "com.vibraniumdome.shield.input.captain", "metadata": { "model": "gpt-3.5-turbo", "model_vendor": "openai" }, "full_name": "Captain's shield" },
     { "type": "com.vibraniumdome.shield.input.semantic_similarity", "metadata": {}, "full_name": "Semantic vector similarity shield" },

diff --git a/vibraniumdome-app/yarn.lock b/vibraniumdome-app/yarn.lock
@@ -729,46 +729,22 @@
   resolved "https://registry.yarnpkg.com/@popperjs/core/-/core-2.11.8.tgz#6b79032e760a0899cd4204710beede972a3a185f"
   integrity sha512-P1st0aksCrn9sGZhp8GMYwBnQsbvAWsZAX44oXNNvLHGqAOcoVxmjZiohstwQ7SqKnbR47akdNi+uleWD8+g6A==
 
-"@prisma/client@5.13.0":
-  version "5.13.0"
-  resolved "https://registry.yarnpkg.com/@prisma/client/-/client-5.13.0.tgz#b9f1d0983d714e982675201d8222a9ecb4bdad4a"
-  integrity sha512-uYdfpPncbZ/syJyiYBwGZS8Gt1PTNoErNYMuqHDa2r30rNSFtgTA/LXsSk55R7pdRTMi5pHkeP9B14K6nHmwkg==
-
-"@prisma/debug@5.13.0":
-  version "5.13.0"
-  resolved "https://registry.yarnpkg.com/@prisma/debug/-/debug-5.13.0.tgz#d88b0f6fafa0c216e20e284ed9fc30f1cbe45786"
-  integrity sha512-699iqlEvzyCj9ETrXhs8o8wQc/eVW+FigSsHpiskSFydhjVuwTJEfj/nIYqTaWFYuxiWQRfm3r01meuW97SZaQ==
-
-"@prisma/engines-version@5.13.0-23.b9a39a7ee606c28e3455d0fd60e78c3ba82b1a2b":
-  version "5.13.0-23.b9a39a7ee606c28e3455d0fd60e78c3ba82b1a2b"
-  resolved "https://registry.yarnpkg.com/@prisma/engines-version/-/engines-version-5.13.0-23.b9a39a7ee606c28e3455d0fd60e78c3ba82b1a2b.tgz#a72a4fb83ba1fd01ad45f795aa55168f60d34723"
-  integrity sha512-AyUuhahTINGn8auyqYdmxsN+qn0mw3eg+uhkp8zwknXYIqoT3bChG4RqNY/nfDkPvzWAPBa9mrDyBeOnWSgO6A==
-
-"@prisma/engines@5.13.0":
-  version "5.13.0"
-  resolved "https://registry.yarnpkg.com/@prisma/engines/-/engines-5.13.0.tgz#8994ebf7b4e35aee7746a8465ec22738379bcab6"
-  integrity sha512-hIFLm4H1boj6CBZx55P4xKby9jgDTeDG0Jj3iXtwaaHmlD5JmiDkZhh8+DYWkTGchu+rRF36AVROLnk0oaqhHw==
-  dependencies:
-    "@prisma/debug" "5.13.0"
-    "@prisma/engines-version" "5.13.0-23.b9a39a7ee606c28e3455d0fd60e78c3ba82b1a2b"
-    "@prisma/fetch-engine" "5.13.0"
-    "@prisma/get-platform" "5.13.0"
-
-"@prisma/fetch-engine@5.13.0":
-  version "5.13.0"
-  resolved "https://registry.yarnpkg.com/@prisma/fetch-engine/-/fetch-engine-5.13.0.tgz#9b6945c7b38bb59e840f8905b20ea7a3d059ca55"
-  integrity sha512-Yh4W+t6YKyqgcSEB3odBXt7QyVSm0OQlBSldQF2SNXtmOgMX8D7PF/fvH6E6qBCpjB/yeJLy/FfwfFijoHI6sA==
-  dependencies:
-    "@prisma/debug" "5.13.0"
-    "@prisma/engines-version" "5.13.0-23.b9a39a7ee606c28e3455d0fd60e78c3ba82b1a2b"
-    "@prisma/get-platform" "5.13.0"
-
-"@prisma/get-platform@5.13.0":
-  version "5.13.0"
-  resolved "https://registry.yarnpkg.com/@prisma/get-platform/-/get-platform-5.13.0.tgz#99ef909a52b9d79b64d72d2d3d8210c4892b6572"
-  integrity sha512-B/WrQwYTzwr7qCLifQzYOmQhZcFmIFhR81xC45gweInSUn2hTEbfKUPd2keAog+y5WI5xLAFNJ3wkXplvSVkSw==
-  dependencies:
-    "@prisma/debug" "5.13.0"
+"@prisma/client@5.5.0":
+  version "5.5.0"
+  resolved "https://registry.yarnpkg.com/@prisma/client/-/client-5.5.0.tgz#d3f787a66e34d97c33325a3f1b14af918f07e723"
+  integrity sha512-JiCj/h79PRawWiBVa4Ng4tBaKMrfJgUwuRrZi4NuQRd58gWIP4kEYMqIidpUrab3dU2NM617pWRG2avX+dh+Sg==
+  dependencies:
+    "@prisma/engines-version" "5.5.0-19.475c616176945d72f4330c92801f0c5e6398dc0f"
+
+"@prisma/engines-version@5.5.0-19.475c616176945d72f4330c92801f0c5e6398dc0f":
+  version "5.5.0-19.475c616176945d72f4330c92801f0c5e6398dc0f"
+  resolved "https://registry.yarnpkg.com/@prisma/engines-version/-/engines-version-5.5.0-19.475c616176945d72f4330c92801f0c5e6398dc0f.tgz#c3ddca62ee65158a20ce194c2492791f506f4bfc"
+  integrity sha512-/1orOUq7I54ISYBJockYB15FmF/VkCBeFzYYkWyLtBl2tLlJWHmA3NEUBM+wSmXGLK78BmuSNHrLbf8bmXkukQ==
+
+"@prisma/engines@5.5.0":
+  version "5.5.0"
+  resolved "https://registry.yarnpkg.com/@prisma/engines/-/engines-5.5.0.tgz#80b9035d533e3dcd4297ddeada4806fe176ae7bf"
+  integrity sha512-WX+8l4sJuWeS3A/5WqJpdBHp32UzUticiKwUWbFggcd6/sqGtCiiaFmXYmNw6Au2O6hjSX37Y07Vu2ZhP9cmWg==
 
 "@radix-ui/number@1.0.1":
   version "1.0.1"
@@ -4482,12 +4458,12 @@ pretty-format@^3.8.0:
   resolved "https://registry.npmjs.org/pretty-format/-/pretty-format-3.8.0.tgz"
   integrity sha512-WuxUnVtlWL1OfZFQFuqvnvs6MiAGk9UNsBostyBOB0Is9wb5uRESevA6rnl/rkksXaGX3GzZhPup5d6Vp1nFew==
 
-prisma@5.13.0:
-  version "5.13.0"
-  resolved "https://registry.yarnpkg.com/prisma/-/prisma-5.13.0.tgz#1f06e20ccfb6038ad68869e6eacd3b346f9d0851"
-  integrity sha512-kGtcJaElNRAdAGsCNykFSZ7dBKpL14Cbs+VaQ8cECxQlRPDjBlMHNFYeYt0SKovAVy2Y65JXQwB3A5+zIQwnTg==
+prisma@5.5.0:
+  version "5.5.0"
+  resolved "https://registry.yarnpkg.com/prisma/-/prisma-5.5.0.tgz#088c3733ddc578cabdbddb89adc53ddc423ac27f"
+  integrity sha512-QyMMh1WQiGU07Iz3Q8jd6y5KlomGLDVb4etkMWpQ4EmDAaY+zGgNHmBk2MfRPb0A+un1Ior1nZWZorfnKD6E5A==
   dependencies:
-    "@prisma/engines" "5.13.0"
+    "@prisma/engines" "5.5.0"
 
 prompts@^2.4.2:
   version "2.4.2"

diff --git a/vibraniumdome-shields/vibraniumdome_shields/settings/settings.toml b/vibraniumdome-shields/vibraniumdome_shields/settings/settings.toml
@@ -27,7 +27,7 @@ semantic_similarity.min_prompt_len=10
 semantic_similarity.default_threshold=0.34
 # false for sync or true for async
 # execution_mode_async=true
-transformer_model_name="vibraniumdome/deberta-v3-base-optimus-v0,ProtectAI/deberta-v3-base-prompt-injection-v2"
+transformer_model_name="vibraniumdome/deberta-v3-base-optimus-v0,ProtectAI/deberta-v3-base-prompt-injection"
 # transformer_model_name="deepset/deberta-v3-base-injection"
 refusal_model_name="MoritzLaurer/deberta-v3-large-zeroshot-v1"
 # sensetive_info_disc_model_name="en_core_web_lg"