boxcars 0.2.3 → 0.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ea9c5df0584f588d618c22fc44f8bba2638c0946ba32cea8487429ad6df694f5
-  data.tar.gz: a7cd6609da5d63c1b41763fc7c6e8b4e1c8df41992fd133d0bf359b28d50dd0c
+  metadata.gz: a3593a9df2d9d8a867729e0b6081b300125933566923ca905e2eefb16a933394
+  data.tar.gz: 90c03ea9b328b8cff10f828f8b9bf4375cce0fd574dd8a26c690776e58a58c1b
 SHA512:
-  metadata.gz: aac8bd34e6ddca629d26ff0cb892e46de30e1f20db188b56477422e5526e03c80a22e1b06ab7d8263e8db067db6ec1966f34450ab63e98cea3e857aa7eb27286
-  data.tar.gz: 10ce3be58a020a5de80c27fdf46cbd7811afc45ac28e0712479b113eb6a34ca6a2f7043711659bb4b0a152e0981ded5a8f76fe0704f1a89751b3c8ec0a843ea8
+  metadata.gz: 5de41be1f154b2c21fcd6602159a6428d8702dc318904e6e03db9de1b0ed1788b03aa10365203557b39fe268f04b4594cf6915faa941b2c64e475cd6cbb55d09
+  data.tar.gz: 2ad84e5f416b19759807d658d739d1abb8405ba6ded3b38bdf5ce9406efeadccbc2102b7b477a90df67beaa287a9810b09e59b5843090fbe4619b03500d0a4f4

data/CHANGELOG.md

@@ -1,8 +1,20 @@
 # Changelog
 
-## [Unreleased](https://github.com/BoxcarsAI/boxcars/tree/HEAD)
+## [v0.2.4](https://github.com/BoxcarsAI/boxcars/tree/v0.2.4) (2023-03-28)
 
-[Full Changelog](https://github.com/BoxcarsAI/boxcars/compare/v0.2.2...HEAD)
+[Full Changelog](https://github.com/BoxcarsAI/boxcars/compare/v0.2.3...v0.2.4)
+
+**Closed issues:**
+
+- security [\#40](https://github.com/BoxcarsAI/boxcars/issues/40)
+
+**Merged pull requests:**
+
+- Fix regex action input [\#41](https://github.com/BoxcarsAI/boxcars/pull/41) ([makevoid](https://github.com/makevoid))
+
+## [v0.2.3](https://github.com/BoxcarsAI/boxcars/tree/v0.2.3) (2023-03-20)
+
+[Full Changelog](https://github.com/BoxcarsAI/boxcars/compare/v0.2.2...v0.2.3)
 
 **Merged pull requests:**
 

data/Gemfile.lock

@@ -1,19 +1,19 @@
 PATH
   remote: .
   specs:
-    boxcars (0.2.3)
+    boxcars (0.2.5)
       google_search_results (~> 2.2)
       ruby-openai (~> 3.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (7.0.4.2)
-      activesupport (= 7.0.4.2)
-    activerecord (7.0.4.2)
-      activemodel (= 7.0.4.2)
-      activesupport (= 7.0.4.2)
-    activesupport (7.0.4.2)
+    activemodel (7.0.4.3)
+      activesupport (= 7.0.4.3)
+    activerecord (7.0.4.3)
+      activemodel (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
+    activesupport (7.0.4.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -21,7 +21,7 @@ GEM
     addressable (2.8.1)
       public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
-    async (1.30.3)
+    async (1.31.0)
       console (~> 1.10)
       nio4r (~> 2.3)
       timers (~> 4.1)
@@ -38,14 +38,14 @@ GEM
       faraday
     async-io (1.34.3)
       async
-    async-pool (0.3.12)
+    async-pool (0.4.0)
       async (>= 1.25)
-    concurrent-ruby (1.2.0)
+    concurrent-ruby (1.2.2)
     console (1.16.2)
       fiber-local
     crack (0.4.5)
       rexml
-    debug (1.7.1)
+    debug (1.7.2)
       irb (>= 1.5.0)
       reline (>= 0.3.1)
     diff-lcs (1.5.0)
@@ -56,7 +56,7 @@ GEM
     faraday-http-cache (2.4.1)
       faraday (>= 0.8)
     faraday-net_http (3.0.2)
-    faraday-retry (2.0.0)
+    faraday-retry (2.1.0)
       faraday (~> 2.0)
     fiber-local (1.0.0)
     github_changelog_generator (1.16.4)
@@ -77,13 +77,13 @@ GEM
       concurrent-ruby (~> 1.0)
     io-console (0.6.0)
     io-console (0.6.0-java)
-    irb (1.6.2)
+    irb (1.6.3)
       reline (>= 0.3.0)
     json (2.6.3)
     json (2.6.3-java)
     mini_mime (1.1.2)
     mini_portile2 (2.8.1)
-    minitest (5.17.0)
+    minitest (5.18.0)
     multi_json (1.15.0)
     multi_xml (0.6.0)
     nio4r (2.5.8)
@@ -92,7 +92,7 @@ GEM
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
     parallel (1.22.1)
-    parser (3.2.1.0)
+    parser (3.2.1.1)
       ast (~> 2.4.1)
     protocol-hpack (1.4.2)
     protocol-http (0.24.1)
@@ -105,7 +105,7 @@ GEM
     rainbow (3.1.1)
     rake (13.0.6)
     regexp_parser (2.7.0)
-    reline (0.3.2)
+    reline (0.3.3)
       io-console (~> 0.5)
     rexml (3.2.5)
     rspec (3.12.0)
@@ -117,42 +117,42 @@ GEM
     rspec-expectations (3.12.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.3)
+    rspec-mocks (3.12.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
     rspec-support (3.12.0)
-    rubocop (1.45.1)
+    rubocop (1.48.1)
       json (~> 2.3)
       parallel (~> 1.10)
       parser (>= 3.2.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.24.1, < 2.0)
+      rubocop-ast (>= 1.26.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.26.0)
+    rubocop-ast (1.28.0)
       parser (>= 3.2.1.0)
     rubocop-capybara (2.17.1)
       rubocop (~> 1.41)
     rubocop-rake (0.6.0)
       rubocop (~> 1.0)
-    rubocop-rspec (2.18.1)
+    rubocop-rspec (2.19.0)
       rubocop (~> 1.33)
       rubocop-capybara (~> 2.17)
-    ruby-openai (3.5.0)
+    ruby-openai (3.7.0)
       httparty (>= 0.18.1)
-    ruby-progressbar (1.11.0)
+    ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     sawyer (0.9.2)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
-    sqlite3 (1.6.0)
+    sqlite3 (1.6.2)
       mini_portile2 (~> 2.8.0)
-    sqlite3 (1.6.0-x86_64-darwin)
-    sqlite3 (1.6.0-x86_64-linux)
+    sqlite3 (1.6.2-x86_64-darwin)
+    sqlite3 (1.6.2-x86_64-linux)
     timers (4.3.5)
-    traces (0.8.0)
+    traces (0.9.1)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.4.2)

data/README.md

@@ -11,7 +11,7 @@
   <a href="https://github.com/BoxcarsAI/boxcars/blob/main/LICENSE.txt"><img src="https://img.shields.io/badge/license-MIT-informational" alt="License"></a>
 </p>
 
-Boxcars is a gem that enables you to create new systems with AI composability, using various concepts such as OpenAI, Search, SQL, Rails Active Record and more. This can even be extended with your concepts as well.(including your concepts).
+Boxcars is a gem that enables you to create new systems with AI composability, using various concepts such as OpenAI, Search, SQL, Rails Active Record and more. This can even be extended with your concepts as well (including your concepts).
 
 This gem was inspired by the popular Python library Langchain. However, we wanted to give it a Ruby spin and make it more user-friendly for beginners to get started.
 
@@ -23,6 +23,11 @@ All of these concepts are in a module named Boxcars:
 - Prompt - used by an Engine to generate text results. Most of the Boxcars have built-in prompts, so you only need to worry about these if you are extending the system.
 - Engine - an entity that generates text from a Prompt. OpenAI's LLM text generator is the default Engine if no other is specified.
 
+## Security
+Currently, our system is designed for individuals who already possess administrative privileges for their project. It is likely possible to manipulate the system's prompts to carry out malicious actions, but if you already have administrative access, you can perform such actions without requiring boxcars in the first place.
+
+*Note:* We are actively seeking ways to improve our system's ability to identify and prevent any nefarious attempts from occurring. If you have any suggestions or recommendations, please feel free to share them with us by either finding an existing issue or creating a new one and providing us with your feedback.
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -66,10 +71,10 @@ Produces:
 ```text
 > Entering Calculator#run
 what is pi to the forth power divided by 22.1?
-RubyREPL: puts(Math::PI**4 / 22.1)
+RubyREPL: puts (Math::PI**4)/22.1
 Answer: 4.407651178009159
 
-4.407651178009159
+{"status":"ok","answer":"4.407651178009159","explanation":"Answer: 4.407651178009159","code":"puts (Math::PI**4)/22.1"}
 < Exiting Calculator#run
 4.407651178009159
 ```
@@ -94,27 +99,34 @@ Here is what we have so far, but please put up a PR with your new ideas.
 # run a Train for a calculator, and search using default Engine
 boxcars = [Boxcars::Calculator.new, Boxcars::Serp.new]
 train = Boxcars.train.new(boxcars: boxcars)
-puts train.run "What is pi times the square root of the average temperature in Austin TX in January?"
+train.run "What is pi times the square root of the average temperature in Austin TX in January?"
 ```
 Produces:
 ```text
 > Entering Zero Shot#run
 What is pi times the square root of the average temperature in Austin TX in January?
+Thought: We need to find the average temperature in Austin TX in January and then multiply it by pi and the square root of that value. We can use a search engine to find the average temperature and a calculator to perform the multiplication. 
 Question: Average temperature in Austin TX in January
 Answer: increase from 62°F to 64°F
-#Observation: increase from 62°F to 64°F
+Observation: increase from 62°F to 64°F
+Thought: The average temperature in Austin TX in January is around 63°F.
 > Entering Calculator#run
-64°F x pi
-RubyREPL: puts (64 * Math::PI).round(2)
-Answer: 201.06
+pi * sqrt(63)
+RubyREPL: puts(Math::PI * Math.sqrt(63))
+Answer: 24.935618646198247
 
-201.06
+{"status":"ok","answer":"24.935618646198247","explanation":"Answer: 24.935618646198247","code":"puts(Math::PI * Math.sqrt(63))"}
 < Exiting Calculator#run
-#Observation: 201.06
-I now know the final answer
-Final Answer: 201.06
+Observation: 24.935618646198247
+The result of pi times the square root of the average temperature in Austin TX in January is approximately 24.94.
+
+Final Answer: 24.94
+
+Next Actions:
+1. What is the average temperature in Austin TX in July?
+2. What is the formula for calculating the area of a circle?
+3. What is the value of pi to 10 decimal places?
 < Exiting Zero Shot#run
-201.06
 ```
 ### More Examples
 See [this](https://github.com/BoxcarsAI/boxcars/blob/main/notebooks/boxcars_examples.ipynb) Jupyter Notebook for more examples.

data/lib/boxcars/boxcar/active_record.rb

@@ -76,7 +76,7 @@ module Boxcars
       ::ActiveRecord::Base.transaction do
         begin
           result = yield
-        rescue ::NameError, ::Error => e
+        rescue SecurityError, ::NameError, ::Error => e
           Boxcars.error("Error while running code: #{e.message[0..60]} ...", :red)
           runtime_exception = e
         end
@@ -93,13 +93,20 @@ module Boxcars
       bad_words = %w[commit drop_constraint drop_constraint! drop_extension drop_extension! drop_foreign_key drop_foreign_key! \
                      drop_index drop_index! drop_join_table drop_join_table! drop_materialized_view drop_materialized_view! \
                      drop_partition drop_partition! drop_schema drop_schema! drop_table drop_table! drop_trigger drop_trigger! \
-                     drop_view drop_view! eval execute reset revoke rollback truncate].freeze
+                     drop_view drop_view! eval instance_eval send system execute reset revoke rollback truncate \
+                     encrypted_password].freeze
       without_strings = code.gsub(/('([^'\\]*(\\.[^'\\]*)*)'|"([^"\\]*(\\.[^"\\]*)*"))/, 'XX')
-      word_list = without_strings.split(/[.,()]/)
+
+      if without_strings.include?("`")
+        Boxcars.info "code included possibly destructive backticks #{code}", :red
+        return false
+      end
+
+      word_list = without_strings.split(/[.,() :\[\]]/)
 
       bad_words.each do |w|
         if word_list.include?(w)
-          Boxcars.info "code included destructive instruction: #{w} #{code}", :red
+          Boxcars.info "code included possibly destructive instruction: '#{w}' in #{code}", :red
           return false
         end
       end
@@ -107,12 +114,24 @@ module Boxcars
       true
     end
 
+    # run the code in a safe environment
+    # @param code [String] The code to run
+    # @return [Object] The result of the code
+    def eval_safe_wrapper(code)
+      # if the code used ActiveRecord, we need to add :: in front of it to escape the module
+      new_code = code.gsub(/(\W)ActiveRecord::/, '\1::ActiveRecord::')
+      proc do
+        $SAFE = 4
+        # rubocop:disable Security/Eval
+        eval new_code
+        # rubocop:enable Security/Eval
+      end.call
+    end
+
     def evaluate_input(code)
       raise SecurityError, "Found unsafe code while evaluating: #{code}" unless safe_to_run?(code)
 
-      # rubocop:disable Security/Eval
-      eval code
-      # rubocop:enable Security/Eval
+      eval_safe_wrapper code
     end
 
     def change_count(changes_code)
@@ -176,7 +195,7 @@ module Boxcars
       have_approval = false
       begin
         have_approval = approved?(changes_code, code)
-      rescue NameError, ::Error => e
+      rescue NameError, Error => e
         return Result.new(status: :error, explanation: error_message(e, "ARChanges"), changes_code: changes_code)
       end
 
@@ -185,7 +204,9 @@ module Boxcars
       begin
         output = clean_up_output(run_active_record_code(code))
         Result.new(status: :ok, answer: output, explanation: "Answer: #{output.to_json}", code: code)
-      rescue NameError, ::Error => e
+      rescue SecurityError => e
+        raise e
+      rescue ::StandardError => e
         Result.new(status: :error, answer: nil, explanation: error_message(e, "ARCode"), code: code)
       end
     end
@@ -220,7 +241,8 @@ module Boxcars
            "Only use the following Active Record models: %<model_info>s\n",
            "Pay attention to use only the attribute names that you can see in the model description.\n",
            "Do not make up variable or attribute names, and do not share variables between the code in ARChanges and ARCode\n",
-           "Be careful to not query for attributes that do not exist, and to use the format specified above.\n"
+           "Be careful to not query for attributes that do not exist, and to use the format specified above.\n",
+           "Finally, do not use print or puts in your code."
           ),
       user("Question: %<question>s")
     ].freeze

data/lib/boxcars/boxcar/engine_boxcar.rb

@@ -100,7 +100,7 @@ module Boxcars
       end
       Boxcars.error answer.to_json, :red
       { output_key => "Error: #{answer}" }
-    rescue Boxcars::ConfigurationError => e
+    rescue Boxcars::ConfigurationError, Boxcars::SecurityError => e
       raise e
     rescue Boxcars::Error => e
       Boxcars.error e.message, :red

data/lib/boxcars/boxcar/google_search.rb

@@ -49,8 +49,8 @@ module Boxcars
       [:answer_box, :snippet_highlighted_words, 0],
       %i[sports_results game_spotlight],
       %i[knowledge_graph description],
-      [:organic_results, 0, :snippet_highlighted_words, 0],
-      [:organic_results, 0, :snippet]
+      [:organic_results, 0, :snippet],
+      [:organic_results, 0, :snippet_highlighted_words, 0]
     ].freeze
 
     def find_answer(res)

data/lib/boxcars/train/zero_shot.rb

@@ -50,7 +50,7 @@ module Boxcars
         # the thought should be the frist line here if it doesn't start with "Action:"
         thought = engine_output.split(/\n+/).reject(&:empty?).first
         Boxcars.debug("Thought: #{thought}", :yellow)
-        regex = /Action: (?<action>.*)\n+Action Input: (?<action_input>.*)/
+        regex = /Action(?<extra>[\s\d]*): (?<action>.+?)\n+Action Input:(?<action_input>.+)/m
         match = regex.match(engine_output)
 
         # we have an unexpected output from the engine

data/lib/boxcars/train.rb

@@ -196,6 +196,8 @@ module Boxcars
           begin
             observation = boxcar.run(output.boxcar_input)
             return_direct = boxcar.return_direct
+          rescue Boxcars::ConfigurationError, Boxcars::SecurityError => e
+            raise e
           rescue StandardError => e
             Boxcars.error "Error in #{boxcar.name} boxcar#call: #{e}", :red
             observation = "Error - #{e}, correct and try again."

data/lib/boxcars/version.rb

@@ -2,5 +2,5 @@
 
 module Boxcars
   # The current version of the gem.
-  VERSION = "0.2.3"
+  VERSION = "0.2.5"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: boxcars
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.2.5
 platform: ruby
 authors:
 - Francis Sullivan
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-03-20 00:00:00.000000000 Z
+date: 2023-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: debug