diff --git a/backend/sdk/src/main/resources/plugins/ai-agent/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-agent/spec.yaml index eeedb6e8..cd4546a4 100644 --- a/backend/sdk/src/main/resources/plugins/ai-agent/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-agent/spec.yaml @@ -13,6 +13,7 @@ info: version: 1.0.0 contact: name: xingyunyang01 + gatewayMinVersion: "" spec: phase: UNSPECIFIED_PHASE priority: 20 diff --git a/backend/sdk/src/main/resources/plugins/ai-cache/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-cache/spec.yaml index ac9abd70..bbaa3607 100644 --- a/backend/sdk/src/main/resources/plugins/ai-cache/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-cache/spec.yaml @@ -13,6 +13,7 @@ info: version: 1.0.0 contact: name: johnlanni + gatewayMinVersion: "2.0.0" spec: phase: AUTHN priority: 10 diff --git a/backend/sdk/src/main/resources/plugins/ai-data-masking/README.md b/backend/sdk/src/main/resources/plugins/ai-data-masking/README.md new file mode 100644 index 00000000..185d559d --- /dev/null +++ b/backend/sdk/src/main/resources/plugins/ai-data-masking/README.md @@ -0,0 +1,151 @@ +--- +title: AI 数据脱敏 +keywords: [higress,ai data masking] +description: AI 数据脱敏插件配置参考 +--- + +## 功能说明 + + 对请求/返回中的敏感词拦截、替换 + +![image](https://img.alicdn.com/imgextra/i4/O1CN0156Wtko1T9JO0RiWow_!!6000000002339-0-tps-1314-638.jpg) + +### 处理数据范围 + - openai协议:请求/返回对话内容 + - jsonpath:只处理指定字段 + - raw:整个请求/返回body + +### 敏感词拦截 + - 处理数据范围中出现敏感词直接拦截,返回预设错误信息 + - 支持系统内置敏感词库和自定义敏感词 + +### 敏感词替换 + - 将请求数据中出现的敏感词替换为脱敏字符串,传递给后端服务。可保证敏感数据不出域 + - 部分脱敏数据在后端服务返回后可进行还原 + - 自定义规则支持标准正则和grok规则,替换字符串支持变量替换 + +## 运行属性 + +插件执行阶段:`认证阶段` +插件执行优先级:`991` + +## 配置字段 + +| 名称 | 数据类型 | 默认值 | 描述 | +| -------- | -------- | -------- | -------- | +| deny_openai | bool | true | 对openai协议进行拦截 | +| deny_jsonpath | string | [] | 对指定jsonpath拦截 | +| deny_raw | bool | false | 对原始body拦截 | +| system_deny | bool | true | 开启内置拦截规则 | +| deny_code | int | 200 | 拦截时http状态码 | +| deny_message | string | 提问或回答中包含敏感词,已被屏蔽 | 拦截时ai返回消息 | +| deny_raw_message | string | {"errmsg":"提问或回答中包含敏感词,已被屏蔽"} | 非openai拦截时返回内容 | +| deny_content_type | string | application/json | 非openai拦截时返回content_type头 | +| deny_words | array of string | [] | 自定义敏感词列表 | +| replace_roles | array | - | 自定义敏感词正则替换 | +| replace_roles.regex | string | - | 规则正则(内置GROK规则) | +| replace_roles.type | [replace, hash] | - | 替换类型 | +| replace_roles.restore | bool | false | 是否恢复 | +| replace_roles.value | string | - | 替换值(支持正则变量) | + +## 配置示例 + +```yaml +system_deny: true +deny_openai: true +deny_jsonpath: + - "$.messages[*].content" +deny_raw: true +deny_code: 200 +deny_message: "提问或回答中包含敏感词,已被屏蔽" +deny_raw_message: "{\"errmsg\":\"提问或回答中包含敏感词,已被屏蔽\"}" +deny_content_type: "application/json" +deny_words: + - "自定义敏感词1" + - "自定义敏感词2" +replace_roles: + - regex: "%{MOBILE}" + type: "replace" + value: "****" + # 手机号 13800138000 -> **** + - regex: "%{EMAILLOCALPART}@%{HOSTNAME:domain}" + type: "replace" + restore: true + value: "****@$domain" + # 电子邮箱 admin@gmail.com -> ****@gmail.com + - regex: "%{IP}" + type: "replace" + restore: true + value: "***.***.***.***" + # ip 192.168.0.1 -> ***.***.***.*** + - regex: "%{IDCARD}" + type: "replace" + value: "****" + # 身份证号 110000000000000000 -> **** + - regex: "sk-[0-9a-zA-Z]*" + restore: true + type: "hash" + # hash sk-12345 -> 9cb495455da32f41567dab1d07f1973d + # hash后的值提供给大模型,从大模型返回的数据中会将hash值还原为原始值 +``` + +## 敏感词替换样例 + +### 用户请求内容 + + 请将 `curl http://172.20.5.14/api/openai/v1/chat/completions -H "Authorization: sk-12345" -H "Auth: test@gmail.com"` 改成post方式 + +### 处理后请求大模型内容 + + `curl http://***.***.***.***/api/openai/v1/chat/completions -H "Authorization: 48a7e98a91d93896d8dac522c5853948" -H "Auth: ****@gmail.com"` 改成post方式 + +### 大模型返回内容 + + 您想要将一个 `curl` 的 GET 请求转换为 POST 请求,并且这个请求是向一个特定的 API 发送数据。下面是修改后的 `curl` 命令,以 POST 方式发送: + +```sh +curl -X POST \ + -H "Authorization: 48a7e98a91d93896d8dac522c5853948" \ + -H "Auth: ****@gmail.com" \ + -H "Content-Type: application/json" \ + -d '{"key":"value"}' \ + http://***.***.***.***/api/openai/v1/chat/completions +``` + +这里做了如下几个修改: + +- `-X POST` 设置请求方式为 POST。 +- `-H "Content-Type: application/json"` 设置请求头中的 `Content-Type` 为 `application/json`,这通常用来告诉服务器您发送的数据格式是 JSON。 +- `-d '{"key":"value"}'` 这里设置了要发送的数据,`'{"key":"value"}'` 是一个简单的 JSON 对象示例。您需要将其替换为您实际想要发送的数据。 + +请注意,您需要将 `"key":"value"` 替换为您实际要发送的数据内容。如果您的 API 接受不同的数据结构或者需要特定的字段,请根据实际情况调整这部分内容。 + +### 处理后返回用户内容 + + 您想要将一个 `curl` 的 GET 请求转换为 POST 请求,并且这个请求是向一个特定的 API 发送数据。下面是修改后的 `curl` 命令,以 POST 方式发送: + +```sh +curl -X POST \ + -H "Authorization: sk-12345" \ + -H "Auth: test@gmail.com" \ + -H "Content-Type: application/json" \ + -d '{"key":"value"}' \ + http://172.20.5.14/api/openai/v1/chat/completions +``` + +这里做了如下几个修改: + +- `-X POST` 设置请求方式为 POST。 +- `-H "Content-Type: application/json"` 设置请求头中的 `Content-Type` 为 `application/json`,这通常用来告诉服务器您发送的数据格式是 JSON。 +- `-d '{"key":"value"}'` 这里设置了要发送的数据,`'{"key":"value"}'` 是一个简单的 JSON 对象示例。您需要将其替换为您实际想要发送的数据。 + +请注意,您需要将 `"key":"value"` 替换为您实际要发送的数据内容。如果您的 API 接受不同的数据结构或者需要特定的字段,请根据实际情况调整这部分内容。 + + +## 相关说明 + + - 流模式中如果脱敏后的词被多个chunk拆分,可能无法进行还原 + - 流模式中,如果敏感词语被多个chunk拆分,可能会有敏感词的一部分返回给用户的情况 + - grok 内置规则列表 https://help.aliyun.com/zh/sls/user-guide/grok-patterns + - 内置敏感词库数据来源 https://github.com/houbb/sensitive-word/tree/master/src/main/resources + diff --git a/backend/sdk/src/main/resources/plugins/ai-data-masking/README_EN.md b/backend/sdk/src/main/resources/plugins/ai-data-masking/README_EN.md new file mode 100644 index 00000000..6b03e212 --- /dev/null +++ b/backend/sdk/src/main/resources/plugins/ai-data-masking/README_EN.md @@ -0,0 +1,131 @@ +--- +title: AI Data Masking +keywords: [higress, ai data masking] +description: AI Data Masking Plugin Configuration Reference +--- +## Function Description + Interception and replacement of sensitive words in requests/responses +![image](https://img.alicdn.com/imgextra/i4/O1CN0156Wtko1T9JO0RiWow_!!6000000002339-0-tps-1314-638.jpg) + +### Data Handling Scope + - openai protocol: Request/response conversation content + - jsonpath: Only process specified fields + - raw: Entire request/response body + +### Sensitive Word Interception + - Directly intercept sensitive words in the data handling scope and return preset error messages + - Supports system's built-in sensitive word library and custom sensitive words + +### Sensitive Word Replacement + - Replace sensitive words in request data with masked strings before passing to back-end services. Ensures that sensitive data does not leave the domain + - Some masked data can be restored after being returned by the back-end service + - Custom rules support standard regular expressions and grok rules, and replacement strings support variable substitution + +## Execution Properties +Plugin Execution Phase: `Authentication Phase` +Plugin Execution Priority: `991` + +## Configuration Fields +| Name | Data Type | Default Value | Description | +| ---------------------- | ---------------- | -------------- | ------------------------------------ | +| deny_openai | bool | true | Intercept openai protocol | +| deny_jsonpath | string | [] | Intercept specified jsonpath | +| deny_raw | bool | false | Intercept raw body | +| system_deny | bool | true | Enable built-in interception rules | +| deny_code | int | 200 | HTTP status code when intercepted | +| deny_message | string | Sensitive words found in the question or answer have been blocked | AI returned message when intercepted | +| deny_raw_message | string | {"errmsg":"Sensitive words found in the question or answer have been blocked"} | Content returned when not openai intercepted | +| deny_content_type | string | application/json | Content type header returned when not openai intercepted | +| deny_words | array of string | [] | Custom sensitive word list | +| replace_roles | array | - | Custom sensitive word regex replacement | +| replace_roles.regex | string | - | Rule regex (built-in GROK rule) | +| replace_roles.type | [replace, hash] | - | Replacement type | +| replace_roles.restore | bool | false | Whether to restore | +| replace_roles.value | string | - | Replacement value (supports regex variables) | + +## Configuration Example +```yaml +system_deny: true +deny_openai: true +deny_jsonpath: + - "$.messages[*].content" +deny_raw: true +deny_code: 200 +deny_message: "Sensitive words found in the question or answer have been blocked" +deny_raw_message: "{\"errmsg\":\"Sensitive words found in the question or answer have been blocked\"}" +deny_content_type: "application/json" +deny_words: + - "Custom sensitive word 1" + - "Custom sensitive word 2" +replace_roles: + - regex: "%{MOBILE}" + type: "replace" + value: "****" + # Mobile number 13800138000 -> **** + - regex: "%{EMAILLOCALPART}@%{HOSTNAME:domain}" + type: "replace" + restore: true + value: "****@$domain" + # Email admin@gmail.com -> ****@gmail.com + - regex: "%{IP}" + type: "replace" + restore: true + value: "***.***.***.***" + # IP 192.168.0.1 -> ***.***.***.*** + - regex: "%{IDCARD}" + type: "replace" + value: "****" + # ID card number 110000000000000000 -> **** + - regex: "sk-[0-9a-zA-Z]*" + restore: true + type: "hash" + # hash sk-12345 -> 9cb495455da32f41567dab1d07f1973d + # The hashed value is provided to the large model, and the hash value will be restored to the original value from the data returned by the large model +``` + +## Sensitive Word Replacement Example +### User Request Content + Please change `curl http://172.20.5.14/api/openai/v1/chat/completions -H "Authorization: sk-12345" -H "Auth: test@gmail.com"` to POST method + +### Processed Request Large Model Content + `curl http://***.***.***.***/api/openai/v1/chat/completions -H "Authorization: 48a7e98a91d93896d8dac522c5853948" -H "Auth: ****@gmail.com"` change to POST method + +### Large Model Returned Content + You want to convert a `curl` GET request to a POST request, and this request is sending data to a specific API. Below is the modified `curl` command to send as POST: +```sh +curl -X POST \ + -H "Authorization: 48a7e98a91d93896d8dac522c5853948" \ + -H "Auth: ****@gmail.com" \ + -H "Content-Type: application/json" \ + -d '{"key":"value"}' \ + http://***.***.***.***/api/openai/v1/chat/completions +``` +Here are the following modifications made: +- `-X POST` sets the request method to POST. +- `-H "Content-Type: application/json"` sets the `Content-Type` in the request header to `application/json`, which is typically used to inform the server that the data you are sending is in JSON format. +- `-d '{"key":"value"}'` sets the data to be sent, where `'{"key":"value"}'` is a simple example of a JSON object. You need to replace it with the actual data you want to send. + +Please note that you need to replace `"key":"value"` with the actual data content you want to send. If your API accepts a different data structure or requires specific fields, please adjust this part according to your actual situation. + +### Processed Return to User Content + You want to convert a `curl` GET request to a POST request, and this request is sending data to a specific API. Below is the modified `curl` command to send as POST: +```sh +curl -X POST \ + -H "Authorization: sk-12345" \ + -H "Auth: test@gmail.com" \ + -H "Content-Type: application/json" \ + -d '{"key":"value"}' \ + http://172.20.5.14/api/openai/v1/chat/completions +``` +Here are the following modifications made: +- `-X POST` sets the request method to POST. +- `-H "Content-Type: application/json"` sets the `Content-Type` in the request header to `application/json`, which is typically used to inform the server that the data you are sending is in JSON format. +- `-d '{"key":"value"}'` sets the data to be sent, where `'{"key":"value"}'` is a simple example of a JSON object. You need to replace it with the actual data you want to send. + +Please note that you need to replace `"key":"value"` with the actual data content you want to send. If your API accepts a different data structure or requires specific fields, please adjust this part according to your actual situation. + +## Related Notes + - In streaming mode, if the masked words are split across multiple chunks, restoration may not be possible + - In streaming mode, if sensitive words are split across multiple chunks, there may be cases where part of the sensitive word is returned to the user + - Grok built-in rule list: https://help.aliyun.com/zh/sls/user-guide/grok-patterns + - Built-in sensitive word library data source: https://github.com/houbb/sensitive-word/tree/master/src/main/resources diff --git a/backend/sdk/src/main/resources/plugins/ai-data-masking/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-data-masking/spec.yaml new file mode 100644 index 00000000..7d70bbeb --- /dev/null +++ b/backend/sdk/src/main/resources/plugins/ai-data-masking/spec.yaml @@ -0,0 +1,92 @@ +apiVersion: 1.0.0 +info: + type: oss + category: ai + image: platform_wasm/ai-data-masking + name: ai-data-masking + title: AI data masking + x-title-i18n: + zh-CN: AI 数据脱敏 + description: Intercept, replace, and restore sensitive information in requests/responses. + x-description-i18n: + zh-CN: 对请求/响应中的敏感信息进行拦截、替换、还原 + iconUrl: https://img.alicdn.com/imgextra/i1/O1CN018iKKih1iVx287RltL_!!6000000004419-2-tps-42-42.png + version: 1.0.0 + contact: + name: johnlanni + gatewayMinVersion: "2.0.0" +spec: + phase: AUTHN + priority: 991 + configSchema: + openAPIV3Schema: + type: object + example: + system_deny: true + deny_openai: true + deny_jsonpath: + - "$.messages[*].content" + deny_message: "Question or answer contains sensitive words and has been blocked." + deny_words: + - "Custom Sensitive Word 1" + - "Custom Sensitive Word 2" + replace_roles: + - regex: "%{MOBILE}" + type: "replace" + value: "****" + # Phone number: 13800138000 -> **** + - regex: "%{EMAILLOCALPART}@%{HOSTNAME:domain}" + type: "replace" + restore: true + value: "****@$domain" + # Email: admin@gmail.com -> ****@gmail.com + - regex: "%{IP}" + type: "replace" + restore: true + value: "***.***.***.***" + # IP: 192.168.0.1 -> ***.***.***.*** + - regex: "%{IDCARD}" + type: "replace" + value: "****" + # ID card: 110000000000000000 -> **** + - regex: "sk-[0-9a-zA-Z]*" + restore: true + type: "hash" + # hash sk-12345 -> 9cb495455da32f41567dab1d07f1973d + # The hashed value is provided to the large model, and within the data returned by the large model, the hash value is reversed back to its original value. + routeConfigSchema: + openAPIV3Schema: + type: object + example: + system_deny: true + deny_openai: true + deny_jsonpath: + - "$.messages[*].content" + deny_message: "Question or answer contains sensitive words and has been blocked." + deny_words: + - "Custom Sensitive Word 1" + - "Custom Sensitive Word 2" + replace_roles: + - regex: "%{MOBILE}" + type: "replace" + value: "****" + # Phone number: 13800138000 -> **** + - regex: "%{EMAILLOCALPART}@%{HOSTNAME:domain}" + type: "replace" + restore: true + value: "****@$domain" + # Email: admin@gmail.com -> ****@gmail.com + - regex: "%{IP}" + type: "replace" + restore: true + value: "***.***.***.***" + # IP: 192.168.0.1 -> ***.***.***.*** + - regex: "%{IDCARD}" + type: "replace" + value: "****" + # ID card: 110000000000000000 -> **** + - regex: "sk-[0-9a-zA-Z]*" + restore: true + type: "hash" + # hash sk-12345 -> 9cb495455da32f41567dab1d07f1973d + # The hashed value is provided to the large model, and within the data returned by the large model, the hash value is reversed back to its original value. diff --git a/backend/sdk/src/main/resources/plugins/ai-history/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-history/spec.yaml index 5494d6cf..839af9a4 100644 --- a/backend/sdk/src/main/resources/plugins/ai-history/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-history/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "2.0.0" type: oss category: ai name: ai-history diff --git a/backend/sdk/src/main/resources/plugins/ai-intent/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-intent/spec.yaml index 0d8e26aa..6df07d9e 100644 --- a/backend/sdk/src/main/resources/plugins/ai-intent/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-intent/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "2.0.0" type: enterprise category: ai name: ai-intent diff --git a/backend/sdk/src/main/resources/plugins/ai-json-resp/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-json-resp/spec.yaml index 22a19e62..b7f2aa0d 100644 --- a/backend/sdk/src/main/resources/plugins/ai-json-resp/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-json-resp/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: oss category: ai name: ai-json-resp diff --git a/backend/sdk/src/main/resources/plugins/ai-prompt-decorator/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-prompt-decorator/spec.yaml index f787e85f..1e10e6bb 100644 --- a/backend/sdk/src/main/resources/plugins/ai-prompt-decorator/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-prompt-decorator/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: ai name: ai-prompt-decorator diff --git a/backend/sdk/src/main/resources/plugins/ai-prompt-template/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-prompt-template/spec.yaml index aec1116c..74635638 100644 --- a/backend/sdk/src/main/resources/plugins/ai-prompt-template/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-prompt-template/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: ai name: ai-prompt-template diff --git a/backend/sdk/src/main/resources/plugins/ai-proxy/README_dev.md b/backend/sdk/src/main/resources/plugins/ai-proxy/README_dev.md index 70634fc8..548d6407 100644 --- a/backend/sdk/src/main/resources/plugins/ai-proxy/README_dev.md +++ b/backend/sdk/src/main/resources/plugins/ai-proxy/README_dev.md @@ -32,8 +32,8 @@ static_resources: address: hunyuan.tencentcloudapi.com port_value: 443 transport_socket: - name: envoy.transport_sockets.tls - typed_config: + name: envoy.transport_sockets.tlsgatewayMinVersion: "" +typed_config: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext "sni": "hunyuan.tencentcloudapi.com" ``` @@ -61,4 +61,4 @@ curl --location 'http://127.0.0.1:10000/v1/chat/completions' \ ## 测试须知 -由于 `ai-proxy` 插件使用了 Higress 对数据面定制的特殊功能,因此在测试时需要使用版本不低于 1.4.0-rc.1 的 Higress Gateway 镜像。 \ No newline at end of file +由于 `ai-proxy` 插件使用了 Higress 对数据面定制的特殊功能,因此在测试时需要使用版本不低于 1.4.0-rc.1 的 Higress Gateway 镜像。 diff --git a/backend/sdk/src/main/resources/plugins/ai-proxy/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-proxy/spec.yaml index acb8f8c6..fd2141b8 100644 --- a/backend/sdk/src/main/resources/plugins/ai-proxy/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-proxy/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "2.0.0" type: enterprise category: ai name: ai-proxy diff --git a/backend/sdk/src/main/resources/plugins/ai-quota/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-quota/spec.yaml index 8f96903c..2ba8d0c7 100644 --- a/backend/sdk/src/main/resources/plugins/ai-quota/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-quota/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: oss category: ai name: ai-quota diff --git a/backend/sdk/src/main/resources/plugins/ai-rag/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-rag/spec.yaml index caaa321f..b0e03c69 100644 --- a/backend/sdk/src/main/resources/plugins/ai-rag/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-rag/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: ai name: ai-rag diff --git a/backend/sdk/src/main/resources/plugins/ai-security-guard/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-security-guard/spec.yaml index b87fb241..1977a35f 100644 --- a/backend/sdk/src/main/resources/plugins/ai-security-guard/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-security-guard/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "2.0.0" type: enterprise category: ai name: ai-security-guard diff --git a/backend/sdk/src/main/resources/plugins/ai-statistics/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-statistics/spec.yaml index 7ed36eda..782d5b53 100644 --- a/backend/sdk/src/main/resources/plugins/ai-statistics/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-statistics/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: ai name: ai-statistics diff --git a/backend/sdk/src/main/resources/plugins/ai-token-ratelimit/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-token-ratelimit/spec.yaml index da957c11..46874d2d 100644 --- a/backend/sdk/src/main/resources/plugins/ai-token-ratelimit/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-token-ratelimit/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: ai name: ai-token-ratelimit diff --git a/backend/sdk/src/main/resources/plugins/ai-transformer/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-transformer/spec.yaml index 9eb53289..91515046 100644 --- a/backend/sdk/src/main/resources/plugins/ai-transformer/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-transformer/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "2.0.0" type: enterprise category: ai name: ai-transformer diff --git a/backend/sdk/src/main/resources/plugins/basic-auth/spec.yaml b/backend/sdk/src/main/resources/plugins/basic-auth/spec.yaml index fdcd32fa..5f7f5b3a 100644 --- a/backend/sdk/src/main/resources/plugins/basic-auth/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/basic-auth/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: auth name: basic-auth/v1 diff --git a/backend/sdk/src/main/resources/plugins/bot-detect/spec.yaml b/backend/sdk/src/main/resources/plugins/bot-detect/spec.yaml index f731f19f..d21a5b53 100644 --- a/backend/sdk/src/main/resources/plugins/bot-detect/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/bot-detect/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: security name: bot-detect/v1 diff --git a/backend/sdk/src/main/resources/plugins/cache-control/spec.yaml b/backend/sdk/src/main/resources/plugins/cache-control/spec.yaml index 12312cfe..107026ac 100644 --- a/backend/sdk/src/main/resources/plugins/cache-control/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/cache-control/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: oss category: transformation name: cache-control diff --git a/backend/sdk/src/main/resources/plugins/cluster-key-rate-limit/spec.yaml b/backend/sdk/src/main/resources/plugins/cluster-key-rate-limit/spec.yaml index 9d8a9adc..4c90e049 100644 --- a/backend/sdk/src/main/resources/plugins/cluster-key-rate-limit/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/cluster-key-rate-limit/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: traffic name: cluster-key-rate-limit diff --git a/backend/sdk/src/main/resources/plugins/cors/spec.yaml b/backend/sdk/src/main/resources/plugins/cors/spec.yaml index eae62284..0595c598 100644 --- a/backend/sdk/src/main/resources/plugins/cors/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/cors/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: oss category: security name: cors diff --git a/backend/sdk/src/main/resources/plugins/custom-response/spec.yaml b/backend/sdk/src/main/resources/plugins/custom-response/spec.yaml index e6736a15..16bcaaea 100644 --- a/backend/sdk/src/main/resources/plugins/custom-response/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/custom-response/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: transformation name: custom-response/v1 diff --git a/backend/sdk/src/main/resources/plugins/de-graphql/spec.yaml b/backend/sdk/src/main/resources/plugins/de-graphql/spec.yaml index 786900ac..e2b3e83d 100644 --- a/backend/sdk/src/main/resources/plugins/de-graphql/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/de-graphql/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: oss category: transformation name: de-graphql diff --git a/backend/sdk/src/main/resources/plugins/ext-auth/spec.yaml b/backend/sdk/src/main/resources/plugins/ext-auth/spec.yaml index 09c8684c..ddc91528 100644 --- a/backend/sdk/src/main/resources/plugins/ext-auth/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ext-auth/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "2.0.0" type: oss category: auth name: ext-auth diff --git a/backend/sdk/src/main/resources/plugins/frontend-gray/spec.yaml b/backend/sdk/src/main/resources/plugins/frontend-gray/spec.yaml index 14a08814..7e90bed7 100644 --- a/backend/sdk/src/main/resources/plugins/frontend-gray/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/frontend-gray/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: oss category: transformation name: frontend-gray diff --git a/backend/sdk/src/main/resources/plugins/geo-ip/spec.yaml b/backend/sdk/src/main/resources/plugins/geo-ip/spec.yaml index 9e17e065..c5fcac32 100644 --- a/backend/sdk/src/main/resources/plugins/geo-ip/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/geo-ip/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: oss category: transformation name: geo-ip diff --git a/backend/sdk/src/main/resources/plugins/hmac-auth/spec.yaml b/backend/sdk/src/main/resources/plugins/hmac-auth/spec.yaml index 4dfff3d6..5b68a8dd 100644 --- a/backend/sdk/src/main/resources/plugins/hmac-auth/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/hmac-auth/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: auth name: hmac-auth/v1 diff --git a/backend/sdk/src/main/resources/plugins/ip-restriction/spec.yaml b/backend/sdk/src/main/resources/plugins/ip-restriction/spec.yaml index 066a7013..01b26670 100644 --- a/backend/sdk/src/main/resources/plugins/ip-restriction/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ip-restriction/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: oss category: traffic name: ip-restriction diff --git a/backend/sdk/src/main/resources/plugins/jwt-auth/spec.yaml b/backend/sdk/src/main/resources/plugins/jwt-auth/spec.yaml index 369f3891..10ccfc41 100644 --- a/backend/sdk/src/main/resources/plugins/jwt-auth/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/jwt-auth/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: auth name: jwt-auth/v1 diff --git a/backend/sdk/src/main/resources/plugins/key-auth/spec.yaml b/backend/sdk/src/main/resources/plugins/key-auth/spec.yaml index aa87de54..014a09b3 100644 --- a/backend/sdk/src/main/resources/plugins/key-auth/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/key-auth/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: auth name: key-auth/v1 diff --git a/backend/sdk/src/main/resources/plugins/key-rate-limit/spec.yaml b/backend/sdk/src/main/resources/plugins/key-rate-limit/spec.yaml index 08b3ef67..663426e3 100644 --- a/backend/sdk/src/main/resources/plugins/key-rate-limit/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/key-rate-limit/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: traffic name: key-rate-limit/v1 diff --git a/backend/sdk/src/main/resources/plugins/oauth/spec.yaml b/backend/sdk/src/main/resources/plugins/oauth/spec.yaml index 41f300b2..9f2314f8 100644 --- a/backend/sdk/src/main/resources/plugins/oauth/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/oauth/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: auth name: oauth/v1 diff --git a/backend/sdk/src/main/resources/plugins/oidc/spec.yaml b/backend/sdk/src/main/resources/plugins/oidc/spec.yaml index 5ffac680..70734cdc 100644 --- a/backend/sdk/src/main/resources/plugins/oidc/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/oidc/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: auth name: oidc diff --git a/backend/sdk/src/main/resources/plugins/opa/spec.yaml b/backend/sdk/src/main/resources/plugins/opa/spec.yaml index ad8a9cf5..68ad7a0f 100644 --- a/backend/sdk/src/main/resources/plugins/opa/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/opa/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: oss category: auth name: opa diff --git a/backend/sdk/src/main/resources/plugins/request-block/spec.yaml b/backend/sdk/src/main/resources/plugins/request-block/spec.yaml index 46daad3a..0d95a312 100644 --- a/backend/sdk/src/main/resources/plugins/request-block/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/request-block/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: security name: request-block/v1 diff --git a/backend/sdk/src/main/resources/plugins/request-validation/spec.yaml b/backend/sdk/src/main/resources/plugins/request-validation/spec.yaml index a78c95a3..b62727f5 100644 --- a/backend/sdk/src/main/resources/plugins/request-validation/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/request-validation/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: oss category: traffic name: request-validation diff --git a/backend/sdk/src/main/resources/plugins/traffic-tag/spec.yaml b/backend/sdk/src/main/resources/plugins/traffic-tag/spec.yaml index d6558026..232d1b5f 100644 --- a/backend/sdk/src/main/resources/plugins/traffic-tag/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/traffic-tag/spec.yaml @@ -59,4 +59,4 @@ spec: - user - viewer - editor - \ No newline at end of file + diff --git a/backend/sdk/src/main/resources/plugins/transformer/spec.yaml b/backend/sdk/src/main/resources/plugins/transformer/spec.yaml index 295b6fdc..4960e399 100644 --- a/backend/sdk/src/main/resources/plugins/transformer/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/transformer/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "2.0.0" type: oss category: transformation name: transformer diff --git a/backend/sdk/src/main/resources/plugins/waf/spec.yaml b/backend/sdk/src/main/resources/plugins/waf/spec.yaml index 0af88b48..9e5ecf0d 100644 --- a/backend/sdk/src/main/resources/plugins/waf/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/waf/spec.yaml @@ -1,5 +1,6 @@ apiVersion: 1.0.0 info: + gatewayMinVersion: "" type: enterprise category: security name: waf/v1 @@ -10,7 +11,7 @@ info: x-description-i18n: zh-CN: 支持基于 OWASP ModSecurity Core Rule Set (CRS) 的 WAF 规则配置。 iconUrl: https://img.alicdn.com/imgextra/i1/O1CN01jKT9vC1O059vNaq5u_!!6000000001642-2-tps-42-42.png - version: 1.0.1 + version: 1.0.0 contact: name: Higress Team url: http://higress.io/