|
| 1 | +# AI Features and Security Review |
| 2 | + |
| 3 | +## Summary |
| 4 | +This document summarizes the findings from a review of the ScriptureBot's AI features and security implementation. |
| 5 | + |
| 6 | +## AI Features |
| 7 | + |
| 8 | +### 1. Limited Access |
| 9 | +Currently, AI features (`/ask` command and context-aware queries) are strictly gated to the `TELEGRAM_ADMIN_ID`. Regular users cannot access these capabilities. |
| 10 | + |
| 11 | +### 2. Statelessness |
| 12 | +The AI interaction is largely stateless. While the `QueryContext` structure supports a `History` field, it is currently not populated with conversation history, meaning the AI treats each request in isolation. |
| 13 | + |
| 14 | +### 3. Basic Prompting |
| 15 | +The prompt sent to the AI is simply the user's raw message. There is no "System Prompt" or instruction tuning to guide the AI's persona, tone, or formatting, relying entirely on the model's default behavior. |
| 16 | + |
| 17 | +### 4. Natural Language Fallback |
| 18 | +The natural language processing pipeline (`ProcessNaturalLanguage`) has a "catch-all" case that currently does nothing for unrecognized inputs. This leaves users without feedback if their query doesn't match a specific pattern (like a Bible reference or search command). |
| 19 | + |
| 20 | +## Security Implementation |
| 21 | + |
| 22 | +### 1. Inefficient Secret Management |
| 23 | +The `pkg/secrets` package loads secrets (including making calls to Google Secret Manager) on every request in `main.go`. This is highly inefficient and could lead to API rate limiting and increased costs. |
| 24 | + |
| 25 | +### 2. Hardcoded Admin Checks |
| 26 | +The logic to check if a user is an admin (`env.User.Id == adminID`) is duplicated across multiple files (`pkg/app/admin.go`, `pkg/app/ask.go`, `pkg/app/natural_language.go`). This makes it difficult to maintain or modify admin permissions (e.g., adding multiple admins). |
| 27 | + |
| 28 | +### 3. HTML Sanitization |
| 29 | +The bot uses `ParseToTelegramHTML` to sanitize HTML output from the AI. This implementation appears robust, correctly escaping text content while allowing a safe subset of tags (`<b>`, `<i>`, etc.). |
| 30 | + |
| 31 | +### 4. Error Handling |
| 32 | +In some cases, raw API error messages might be returned to the user. While sensitive headers like `X-API-KEY` are handled separately, exposing internal error details is generally discouraged. |
| 33 | + |
| 34 | +## Recommendations |
| 35 | + |
| 36 | +1. **Refactor Secret Management:** Implement caching for secrets to prevent redundant external calls. |
| 37 | +2. **Centralize Admin Logic:** Create a `utils.IsAdmin(env)` helper to unify permission checks. |
| 38 | +3. **Enhance Natural Language Processing:** Provide a meaningful fallback response for unrecognized queries, and consider enabling AI features for all users (potentially with rate limits). |
| 39 | +4. **Improve AI Context:** populate the conversation history in `QueryContext` to enable multi-turn conversations. |
| 40 | +5. **Implement System Prompts:** Add a system prompt to guide the AI's behavior and ensure consistent, high-quality responses. |
0 commit comments