Securing the Squid AI Agent
Use the @secureAiAgent decorator to designate a function as securing a given agent.
Securing your data is vital when using the Squid Client to create AI agents and enable chatting. The AI agent and the chats conducted with them can contain sensitive information, so it's crucial to restrict access and updates to prevent unauthorized usage or modification.
Unless an AI agent has been set to public, access will be restricted by default and won't work without explicit rules that set access permissions. (Feel free to try it!)
Squid provides a @secureAiAgent decorator that you can use to set security rules. These rules prevent unauthorized users from updating agents or conducting unauthorized chats, protecting the integrity of your data.
Before trying to secure the AI agent, make sure the public setting of the agent you want to secure is toggled to OFF and that you've set up your backend, as this will be required to set security rules for your AI agent.
Securing chats
To manage chat permissions, use the @secureAiAgent decorator. To open up chat for all users, add the following to your backend:
import { secureAiAgent, SquidService } from '@squidcloud/backend';
export class ExampleService extends SquidService {
@secureAiAgent('chat')
allowChat(): boolean {
return true;
}
}
To restrict chat only to authenticated users, use the Squid backend's isAuthenticated() method. This method returns a boolean indicating whether the client attempting to take an action is authenticated.
@secureAiAgent('chat')
allowChat(): boolean {
return this.isAuthenticated();
}
To secure a specific AI agent, add the AI agent's ID to the end of the parameters in the @secureAiAgent decorator:
@secureAiAgent('chat', 'AGENT_ID')
Securing profiles
While you may want to allow clients to chat with your AI agent, you most likely do not want them to take actions that make changes to its instructions or context. Instead, you should manage your AI agents in the Squid Backend or the Squid Console.
To prevent agent mutations, you can add the following security function to your Squid Backend:
@secureAiAgent('mutate')
allowMutations(): boolean {
return false;
}
To secure a specific AI agent, you can add the AI agent's ID to the decorator:
@secureAiAgent('mutate', 'AGENT_ID')
There may be some cases where you want to allow agent management from the client. For example, you might want to dynamically build a agent for each user. In that case, you can customize your AI agent's security function using the AiChatbotMutationContext as shown in the following example:
import { secureAiChatbot, SquidService, AiChatbotMutationContext } from '@squidcloud/backend';
@secureAiAgent('mutate')
async allowMutations(context: AiChatbotMutationContext): Promise<boolean> {
const userId = this.getUserAuth()?.userId;
if (context.profileId !== userId) return false;
if (context.resource === 'instruction') {
// Do not let users modify instructions.
return false;
} else if (context.resource === 'context') {
// Allow users to insert context.
return context.type === 'insert';
} else if (context.resource === 'profile') {
// Allow users to insert an agent, since we've verified the profileId matches the userId.
return context.type === 'insert';
}
return false;
}