feat(ai-security-guard): add Embedding API content detection support (#3895)

Signed-off-by: root <jianwei.wjw@alibaba-inc.com>
2026-06-05 10:37:28 +08:00 · 2026-06-02 12:11:00 +08:00
parent a45b1dde6c
commit 58ffdae6ba
5 changed files with 818 additions and 2 deletions
--- a/plugins/wasm-go/extensions/ai-security-guard/main.go
+++ b/plugins/wasm-go/extensions/ai-security-guard/main.go
@@ -61,7 +61,9 @@ func onHttpResponseHeaders(ctx wrapper.HttpContext, config cfg.AISecurityConfig)
 		return types.ActionContinue
 	}
 	statusCode, _ := proxywasm.GetHttpResponseHeader(":status")
-	if statusCode != "200" {
+	// For embedding API, we need to check error.message in non-200 responses
+	// so we don't skip response body check for embedding apiType
+	if statusCode != "200" && config.ApiType != cfg.ApiEmbedding {
 		log.Debugf("response is not 200, skip response body check")
 		ctx.DontReadResponseBody()
 		return types.ActionContinue