Skip to content

feat: add AI category suggestions with security hardening#71

Merged
viperrcrypto merged 1 commit intomainfrom
fix/ai-category-suggestions
Apr 8, 2026
Merged

feat: add AI category suggestions with security hardening#71
viperrcrypto merged 1 commit intomainfrom
fix/ai-category-suggestions

Conversation

@viperrcrypto
Copy link
Copy Markdown
Owner

@viperrcrypto viperrcrypto commented Apr 8, 2026

Summary

Security fixes from original PR #46

  • Prompt injection protection: tweet content sanitized (XML tags stripped), wrapped in <tweet> delimiters, model instructed to ignore embedded instructions
  • Rate limiting: POST capped at 20 categories per request
  • Input validation: slug format validated, name/description truncated, confidence clamped
  • Error handling: internal SDK errors not leaked to client

Other fixes

  • useEffect missing dependencies fixed (fetchSuggestions, suggestions.length)
  • Duplicate color in CATEGORY_COLORS array fixed

Test plan

  • Type check passes
  • All 30 tests pass
  • Click AI Assistant on categories page
  • Verify suggestions load and display with confidence scores
  • Select/deselect categories, create selected ones
  • Verify created categories appear in the list

Co-Authored-By: Microck 45483921+Microck@users.noreply.github.com

🤖 Generated with Claude Code

@viperrcrypto @Microck @claude
feat: add AI category suggestions with security hardening
c9e6c5d 
Based on PR #46 by Microck, rebased onto current main with fixes:
- Add prompt injection protection: sanitize tweet content in prompts,
  use XML delimiters, instruct model to ignore embedded instructions
- Cap POST at 20 categories per request to prevent abuse
- Validate suggestion fields before creating categories
- Fix useEffect missing dependencies (fetchSuggestions, suggestions.length)
- Truncate/clamp name, description, confidence values
- Validate slug format before DB insert
- Don't leak internal error messages from SDK failures

Co-Authored-By: Microck <45483921+Microck@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@viperrcrypto viperrcrypto merged commit fb718c4 into main Apr 8, 2026
1 check failed
@viperrcrypto viperrcrypto mentioned this pull request Apr 8, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@viperrcrypto