feat: ai-content-moderation plugin

[shreemaan-abhishek]

Description

The content-moderation plugin processes the request body to check for toxicity and rejects the request if it exceeds the configured threshold.

In later PRs, other plugins like ai-prompt-decorator and ai-prompt-template can use function from this plugin to ensure content moderation in requests proxying LLMs.

Checklist

• I have explained the need for this PR and the problem it solves
• I have explained the changes or the new features added to this PR
• I have added tests corresponding to this change
• I have updated the documentation to reflect this change
• I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

[shreemaan-abhishek]

ai-proxy PR also has this code so later we can merge from master after ai-proxy is merged.

[zhoujiexiong]

note that the name of the method there changed :D

[kayx23]

Just routes? no services?

Or do you just want to stress the upstream should be LLM providers.

[kayx23]

on routes?

[shreemaan-abhishek]

Or do you just want to stress the upstream should be LLM providers.

this.

[kayx23]

In that case I actually think this sentence is redundant. how about just mention It is used when integrating with LLMs. in the paragraph above?

[kayx23]

Suggested change

	"Authorization": "Bearer token"
	"Authorization": "Bearer <your-api-token>"

or

 "Authorization": "Bearer '"$OPENAI_API_KEY"'"

this takes env var

[kayx23]

Is this a dummy? Shouldn't the format to OpenAI be something like this?

    "messages": [
      { "role": "system", "content": "system prompt goes here" },
      { "role": "user", "content": "offensive user prompts" }
    ]

[kayx23]

Suggested change

	Send a request with normal request body:
	Send a request with compliant content in the request body:

[kayx23]

The opening paragraph says This plugin must be used in routes that proxy requests to LLMs only yet the example does not involve proxying to LLM. It feels a bit self-conflicting.

The example demonstrates exactly the integration could be used for general purpose and checking requests NOT proxying to LLM.

[kayx23]

Suggested change

	| moderation_categories | No | Object | Configuration for moderation categories. Must be one of: PROFANITY, HATE_SPEECH, INSULT, HARASSMENT_OR_ABUSE, SEXUAL, VIOLENCE_OR_THREAT |
	| moderation_categories | No | Object | Key-value pairs of moderation category and their score. In each pair, the key should be one of the `PROFANITY`, `HATE_SPEECH`, `INSULT`, `HARASSMENT_OR_ABUSE`, `SEXUAL`, or `VIOLENCE_OR_THREAT`; and the value should be between 0 and 1 (inclusive). |

[kayx23]

Suggested change

	| toxicity_level | No | Number | Threshold for overall toxicity detection. Range: 0 - 1. Default: 0.5 |
	| toxicity_level | No | Number | The degree to which content is harmful, offensive, or inappropriate. A higher value indicates more toxic content allowed. Range: 0 - 1. Default: 0.5 |

[kayx23]

Suggested change

	**_As of now only the AWS Comprehend service is supported for content moderation, PRs for introducing support for other service providers are welcome._**
	**_As of now, the plugin only supports the integration with [AWS Comprehend](https://aws.amazon.com/comprehend/) for content moderation. PRs for introducing support for other service providers are welcomed._**

[zhoujiexiong]

Two blank lines between functions?

[shreemaan-abhishek]

fixed.

[zhoujiexiong]

Suggested change

	type = "object",
	type = "object",
	maxProperties = 1,

To make sure next(conf.provider) always returns aws_comprehend

[shreemaan-abhishek]

done

[zhoujiexiong]

The current schema definition does not seem to be able to prevent multiple properties from being entered incorrectly. It is recommended that you consider adding a maxProperties = 1 constraint to the schema.

[zhoujiexiong]

LGTM