Add foundational documentation templates to support product design and architecture planning, including ADR, archetypes, LLM systems, dev setup, and shared modules.
This commit is contained in:
olekhondera
@@ -40,6 +40,27 @@
|
||||
## 6. LLM Safety
|
||||
- All LLM calls go through a single helper; centralize redaction, logging, and parameter control.
|
||||
- Strip/obfuscate sensitive fields before sending to LLM; log only references in traces.
|
||||
- Detailed LLM safety and `reasoning_trace` policy live in `/docs/llm/safety.md`.
|
||||
|
||||
### 6.1 AI‑Specific Threats & Controls (summary)
|
||||
These apply to any archetype that uses LLMs or RAG.
|
||||
|
||||
- **Prompt injection / jailbreak**
|
||||
- Treat all user input and retrieved content as **untrusted**.
|
||||
- Delimit untrusted blocks explicitly and never allow them to override system constraints.
|
||||
- Detect injection patterns; on suspicion → refuse or route to human review.
|
||||
- **Outbound‑data policy**
|
||||
- Use **allowlists** for what may be sent to the model.
|
||||
- Mandatory redaction pipeline before every LLM call (PII/PHI/PCI/secrets).
|
||||
- Never send cross‑tenant data; never send raw billing/auth secrets.
|
||||
- **Output validation**
|
||||
- Validate model outputs against strict schemas (types, enums, bounds).
|
||||
- Reject/repair invalid outputs; fall back to safe defaults or human checkpoints for high‑risk actions.
|
||||
- For agentic tools: validate tool arguments and enforce per‑tool scopes.
|
||||
- **Trusted vs untrusted context (RAG)**
|
||||
- Retrieved documents are untrusted unless curated.
|
||||
- Keep retrieval tenant‑scoped; record only doc IDs in traces.
|
||||
- If grounding is required and context is insufficient → ask user or defer.
|
||||
|
||||
## 7. Audit & Events
|
||||
- Log domain events to `EventLog` with `source_agent`; include user ID, tenant, timestamps, and relevant context.
|
||||
|
||||
Reference in New Issue
Block a user