Fixed. Sorry!
Studio screenrecorder!
Update: 15 august 2023
Added Antropic Claude AI. Its a antropic claude AI endpoint now. Thanks @lizzie
Currently working on:
- Adding server side actions (for non streaming) and embeddings
- JSON generators for OpenAi, OpenRouter and Claude
- More samples for different use cases (like function calling)
Are there other suggestions?
Hey there, great plugin! Looking forward to play around with it! Just wondering whether it can pass dynamic value for prompt, such as using app data, I saw the youtube demo, is the “JSON parameters” where we pass the dynamic value?
(Sorry for the dumb question btw)
Yeah the json params. Working on a easier way to generate json params. So you wont have to be technical to do that!
For everyone who is dm’ing me. If you want support for this plugin, please use the forum. I don’t respond to DM’s for support for the plugin.
Update 15-08-2023:
Added history to OpenRouter plugin. Will share instructions soon on how to use it!
First of all awesome plugin!
I have a custom backend API that has response streaming enabled. I would like to use it within this plugin. My endpoint has various different query parameters and headers thats why I would need to customize it.
To archive that in first place I tried to setup my own cloudflare worker. I used the cloudflare wrangler and the provided code in the github repo.
When I hit the endpoint in the cloudflare worker dashboard with my new customer worker API host and the endpoint, I see that the console returns:
- Check Client ID
- Access granted
E.g. - {cloudflare-host}/ai/openai/v1/chat/completions?client_id={clientID}
Also when I add the custom api-host into the bubble workflow and try it on the frontend interface it does not work but also does not throw any error.
Any idea?
Thank you kind sir!
Why are you using your own backend for ai streaming? Dont get it?
Because we are not only calling vanilla LLM Endpoints like openAI to get completion.
Our backend is connected to vectorstores, other tools and it handles many more data processing steps that runs in the background when user is querying via our API.
Thats a use case outside of this plugin’s capabilities and what I am willing to develop. I hope you understand that But its open source so you can figure out how to add it for your own endpoint!
Basically the plugin generates a JWT and the server checks if that jwt is valid. Also encrypts api key / prompts using bubble and then decrypts it on the server
I let a security researching create a audit of an entire app (including this plugin) because a client of mine required that. This is his audit of the plugin:
Security Audit Report
AI Proxy Plugin for Bubble
Conducted by: Ahmed M., Security Specialist
Date of Report: August 16, 2023
Security Score: 10/10
Security Issues Found: 0
Summary:
This report details the security audit conducted for the encryption and decryption algorithms used in the AI Proxy Plugin for Bubble. The plugin is very securely set up, adhering to the latest security best practices. After a thorough examination, the implemented cryptography standards demonstrate robust security measures. The audit found 0 security issues, resulting in a security rating of 10/10.
Key Findings:
- AES-256-GCM Encryption: This algorithm is a strong and industry-recognized standard for ensuring data confidentiality and integrity.
- PBKDF2 Key Derivation: With 100,000 iterations and SHA-256 as the hash function, the key derivation process is computationally intensive, making brute-force attacks highly impractical.
- Unique IV and Salt Generation: The implementation securely generates a unique IV and salt for each encryption operation, reducing the risk of key compromise due to IV or salt reuse.
- Secure Password Management: The server-only knowledge of the password used for key derivation is a commendable practice, minimizing the risk of key compromise.
- Authentication Tag Handling: The algorithm effectively handles authentication tags, ensuring data integrity during decryption.
Recommendations:
- Secure Data Transmission: Ensure that encrypted data is transferred over secure channels (e.g., HTTPS) to protect against potential interception.
- Enhanced Error Handling: Implement comprehensive error handling for decryption, allowing for graceful failures and reducing potential information leaks.
- Regular Security Updates: Stay updated with the latest security patches and updates for the cryptographic library in use.
Conclusion:
Based on the audit conducted, the encryption and decryption algorithms employed by the AI Proxy Plugin for Bubble are exemplary in terms of security. The choice of AES-256-GCM for encryption, combined with the secure key derivation using PBKDF2 and the unique, secure generation of IVs and salts, establishes a strong security posture. The plugin is set up using the latest security best practices and has received a security score of 10/10
What I am trying to do now is not really out of the plugin’s capabilities, as for now the ONLY thing I want to archive is to run the plugin on a custom hosted cloudflare worker without modifying the plugin code. Currently the plugin allows to add custom host URL, right? I just can’t get it to work on the cloudflare worker. Would appreciate any direction
PS: Congrats on the Security Audit. This plugin really sets high standard on how it handles security. The plugin is engineering masterpiece!
Ill release a new version this weekend with error handling and uptime monitoring
I was so excited to discover this because it uses OpenRouter! But then I realized that the Choose AI model field and the system message fields are static. I need these fields to be dynamic based on users choice. Any chance you’re going to make that possible?
Jup. Already done. Will release it later today!
Update 19 august 2023:
Added uptime monitoring: AI Proxy