Administrators of Qoder CN Enterprise Dedicated Edition and organization-wide administrators can configure security filters for AI chat, code completion, and knowledge base uploads.
In the Enterprise Dedicated Edition, Qoder CN administrators and global administrators can configure knowledge base upload filters. After configuration, knowledge base files are reviewed before upload.
Click Save Configuration to save your filter settings. The filter takes effect immediately after saving.
Your enterprise must provide a third-party scanning service that accepts POST requests. Only scanned content can be uploaded. The service interface must meet these requirements:
Request example:
The interface must return HTTP status code 200 and the following response body format.
| Applicable editions | Enterprise Dedicated Edition |
|---|
Access the feature
- Log in to the Qoder CN console as a Qoder CN administrator or an organization-wide administrator (Enterprise Dedicated Edition only). In the left navigation pane, choose Policy Configuration Filter Configuration.
- At the top of the page, select a tab based on the scenario where you want to apply the filter: AI Chat, Inline Code Generation, or Knowledge Base Upload (Enterprise Dedicated Edition only).
-
Enable the switch for each filter and configure its parameters. The following table lists the supported filter types:
Scenario
Filter type
Description
AI Chat
AI Chat pre-filter
When you use the AI Chat feature of Qoder CN, user input sent to the Large Language Model (LLM) passes through the pre-filter. LLM output passes through the post-filter.
AI Chat post-filter
Inline Code Generation
Inline Code Generation pre-filter
When you use the Inline Code Generation feature of Qoder CN, user input sent to the LLM passes through the pre-filter. LLM output passes through the post-filter.
Inline Code Generation post-filter
Knowledge Base Upload
Knowledge Base Upload pre-filter
Files uploaded to the Qoder CN knowledge base must pass this filter before upload succeeds.
Configure pre-filters for AI Chat and Inline Code Generation
- Method 1: Configure with regular expressions
- Method 2: Configure with custom scripts (Enterprise Dedicated Edition only)
Thoroughly test regular expressions before deployment to avoid performance issues in IDE extensions.
- Processing method: Configure filters using regular expressions. Three modes are supported. | No action on match | Take no action when a match occurs. | |---|---| | Block on match | Block the request and stop the model call when a match occurs. | | Replace on match | Replace content according to the configuration when a match occurs. |
- Notification: Enable notifications to send alerts to your preferred messaging platform using webhooks.
- Execution order: Filters run in the order you configure them.
- Maximum number of regular expressions: You can add up to 10 expressions.
- Regular expression standard: Expressions follow the ECMAScript standard. Common flags such as i (case-insensitive), g (global), and s (DOTALL) are supported.
- Example configurations: | Rule name | Regular expression | Replacement | Original text | Replaced text | |---|---|---|---|---| | ID number | (?<pre>.*)(\d{15})((\d{2})([0-9Xx]))(?<post>.*) | <pre>***<post> | ID number: 330204197709022312. | ID number: ***. | | Email address | \w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)* | *** | My email is lin***@aliyunmail.com | My email is *** | | Password | (.*password=)([\w\d]+)(.*) | 1***3 | {password=1213213} | {password=***} |
Configure post-filters for AI Chat and Inline Code Generation
- Method 1: Configure with regular expressions
- Method 2: Configure with custom scripts (Enterprise Dedicated Edition only)
Thoroughly test regular expressions before deployment to avoid performance issues in IDE extensions.
- Processing method: Configure filters using regular expressions. Only one mode is supported: | No action on match | Take no action when a match occurs. | |---|---|
- Notification: Enable notifications to send alerts to your preferred messaging platform using webhooks.
- Execution order: Filters run in the order you configure them.
- Maximum number of regular expressions: You can add up to 10 expressions.
- Regular expression standard: Expressions follow the ECMAScript standard. Common flags such as i (case-insensitive), g (global), and s (DOTALL) are supported.
- Example configurations: | Rule name | Regular expression | Original text | |---|---|---| | ID number | (?<pre>.*)(\d{15})((\d{2})([0-9Xx]))(?<post>.*) | ID number: 330204197709022312. | | Email address | \w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)* | My email is lin***@aliyunmail.com | | Password | (.*password=)([\w\d]+)(.*) | {password=1213213} |
Configure Knowledge Base Upload Filters (Enterprise Dedicated Edition only)
In the Enterprise Dedicated Edition, Qoder CN administrators and global administrators can configure knowledge base upload filters. After configuration, knowledge base files are reviewed before upload.
Configuration steps
Step 1: Enable and edit the knowledge base filter
- In the left navigation pane, click Policy Configuration. On the right, click the Knowledge Base Filter tab.
- In the Knowledge Base Filter configuration page, turn on the Enable or disable knowledge base upload pre-filter switch to edit parameters. | URL | Required | Endpoint for your third-party scanning service. The service must accept POST requests. | |---|---|---| | Token field name | Required | Name of the header field used to store the token. | | Secret key | Required | Secret key used to generate the access token. The token is placed in the specified header field to verify request legitimacy. See the Secure Token section. |
Step 2: Test connectivity
- After entering the correct information, click Test Connection. The test succeeds if the third-party filter returns an HTTP 2xx status code.
- If another status code is returned, the test fails. Check your entries and try again.
Step 3: Save the knowledge base filter
Click Save Configuration to save your filter settings. The filter takes effect immediately after saving.
Third-party scanning service API
Your enterprise must provide a third-party scanning service that accepts POST requests. Only scanned content can be uploaded. The service interface must meet these requirements:
Request headers
| Parameter name | Required | Description | Parameter examples |
|---|---|---|---|
| X-Auth-Raw | Yes | Authentication parameter. The parameter name matches the Token field name configured in the filter. The value is the token generated from the secret key using the encryption algorithm. See the Secure Token section for details. | 6c3baa76c62550eab864e6f75c4bb |
| Content-Type | Yes | Media type for the request and response. | multipart/form-data |
- Secure Token: A secure signature designed by Alibaba Cloud to prevent malicious attackers from hijacking your cloud service permissions. Generating a token requires a secret key, current timestamp, additional data, and an encryption algorithm.
-
Token generation: When Qoder CN calls the third-party scanning service, it includes the secure token in the request header for authentication. Compute the token using these parameters:
| method | POST method. | |---|---| | url | URL of the scanning service endpoint you entered in the knowledge base filter configuration. | | timestamp | Current timestamp. | | tokenSecret | Secret key you entered in the knowledge base filter configuration. | | timestampHex | Timestamp converted to hexadecimal. |
- Token verification: Your third-party scanning service can use the following code to validate the token.
Request parameters
| Parameter name | Type | Required | Description | Parameter Example |
|---|---|---|---|---|
| metadata | string | Yes | Business metadata. Content-Type: application/json | {"user": "user0000001","queryId": "cd2fd109-c4d4-489f-9b27-53752f7827d6"} |
| file | file | Yes | File to scan |
Response structure
The interface must return HTTP status code 200 and the following response body format.
| Parameter name | Type | Required | Description | Parameter Example |
|---|---|---|---|---|
| forbidden | boolean | Yes | Security check result. true means the check failed. | false |
| errorMsg | string | No | Error message explaining why the check failed. | "File contains malicious content. Modify and re-upload." |
| queryId | string | No | Request ID. Must match the queryId field in the request metadata. | "cd2fd109-c4d4-489f-9b27-53752f7827d6" |
| user | string | No | User ID. Must match the user field in the request metadata. | "user0001" |