Add AWS Comprehend prompt redaction utility#482
Conversation
|
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅ |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 38a49ee7d6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const canonicalHeaders = `content-type:application/x-amz-json-1.1\nhost:${host}\nx-amz-date:${amzDate}\nx-amz-target:${target}\n`; | ||
| const signedHeaders = "content-type;host;x-amz-date;x-amz-target"; |
There was a problem hiding this comment.
When temporary AWS credentials are used (AWS_SESSION_TOKEN/sessionToken), this signer adds X-Amz-Security-Token to the outbound headers later but does not include it in canonicalHeaders/signedHeaders, so the computed signature no longer matches the actual request headers. In IAM role-based environments (Lambda/ECS/EKS/SSO), Comprehend calls can fail with signature/auth errors, which breaks redaction entirely for those deployments.
Useful? React with 👍 / 👎.
josemariano-hub
force-pushed
the
aws-comprehend-redaction
branch
from
38a49ee to
672198b
Compare
|
I have read the Arakoo CLA Document and I hereby sign the CLA |
josemariano-hub
force-pushed
the
aws-comprehend-redaction
branch
from
672198b to
6d78117
Compare
|
recheck |
|
Updated the PR to include AWS session tokens in the SigV4 canonical/signed headers when temporary credentials are used.\n\nVerification after the update:\n- npx vitest run awsComprehendRedactor.test.ts\n- npm run build\n- GitHub checks: CLAAssistant, changes, and js passing |
|
Added the requested short demo video for the AWS Comprehend redaction flow:\n\nhttps://raw.githubusercontent.com/josemariano-hub/edgechains-demo-assets/main/edgechains-aws-comprehend-demo.mp4\n\nIt shows:\n- |
2 participants
Summary\n- add AwsComprehendRedactor for AWS Comprehend DetectPiiEntities without adding AWS SDK dependencies\n- expose helpers to redact raw prompts and chat options before chaining into existing AI endpoint calls\n- add unit coverage with mocked Comprehend responses\n- add a Jsonnet-based example showing PII redaction before an OpenAI call\n\n/claim #290\n\nCloses #290\n\n## Demo\n- https://raw.githubusercontent.com/josemariano-hub/edgechains-demo-assets/main/edgechains-aws-comprehend-demo.mp4\n\n## Verification\n- npx vitest run awsComprehendRedactor.test.ts\n- npm run build