79966a6a6d
Add voice intent classification for hands-free tracking
...
CI/CD Pipeline / Lint and Test (push) Has been cancelled
CI/CD Pipeline / E2E Tests (push) Has been cancelled
CI/CD Pipeline / Build Application (push) Has been cancelled
Implemented comprehensive voice command understanding system:
**Intent Classification:**
- Feeding intent (bottle, breastfeeding, solid food)
- Sleep intent (naps, nighttime sleep)
- Diaper intent (wet, dirty, both, dry)
- Unknown intent handling
**Entity Extraction:**
- Amounts with units (ml, oz, tbsp): "120 ml", "4 ounces"
- Durations in minutes: "15 minutes", "for 20 mins"
- Time expressions: "at 3:30 pm", "30 minutes ago", "just now"
- Breast feeding side: "left", "right", "both"
- Diaper types: "wet", "dirty", "both"
- Sleep types: "nap", "night"
**Structured Data Output:**
- FeedingData: type, amount, unit, duration, side, timestamps
- SleepData: type, duration, start/end times
- DiaperData: type, timestamp
- Ready for direct activity creation
**Pattern Matching:**
- 15+ feeding patterns (bottle, breast, solid)
- 8+ sleep patterns (nap, sleep, woke up)
- 8+ diaper patterns (wet, dirty, bowel movement)
- Robust keyword detection with variations
**Confidence Scoring:**
- High: >= 0.8 (strong match)
- Medium: 0.5-0.79 (probable match)
- Low: < 0.5 (uncertain)
- Minimum threshold: 0.3 for validation
**API Endpoint:**
- POST /api/voice/transcribe - Classify text or audio
- GET /api/voice/transcribe - Get supported commands
- JSON response with intent, confidence, entities, structured data
- Audio transcription placeholder (Whisper integration ready)
**Implementation Files:**
- lib/voice/intentClassifier.ts - Core classification (600+ lines)
- app/api/voice/transcribe/route.ts - API endpoint
- scripts/test-voice-intent.mjs - Test suite (25 tests)
- lib/voice/README.md - Complete documentation
**Test Coverage:** 25 tests, 100% pass rate
✅ Bottle feeding (3 tests)
✅ Breastfeeding (3 tests)
✅ Solid food (2 tests)
✅ Sleep tracking (6 tests)
✅ Diaper changes (7 tests)
✅ Edge cases (4 tests)
**Example Commands:**
- "Fed baby 120 ml" → bottle, 120ml
- "Nursed on left breast for 15 minutes" → breast_left, 15min
- "Changed wet and dirty diaper" → both
- "Napped for 45 minutes" → nap, 45min
System converts natural language to structured tracking data with
high accuracy for common parenting voice commands.
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-10-01 20:20:07 +00:00
f640e091ce
Add prompt injection protection for AI endpoints
...
CI/CD Pipeline / Build Application (push) Has been cancelled
CI/CD Pipeline / Lint and Test (push) Has been cancelled
CI/CD Pipeline / E2E Tests (push) Has been cancelled
Implemented comprehensive security against prompt injection attacks:
**Detection Patterns:**
- System prompt manipulation (ignore/disregard/forget instructions)
- Role manipulation (pretend to be, act as)
- Data exfiltration (show system prompt, list users)
- Command injection (execute code, run command)
- Jailbreak attempts (DAN mode, developer mode, admin mode)
**Input Validation:**
- Maximum length: 2,000 characters
- Maximum line length: 500 characters
- Maximum repeated characters: 20 consecutive
- Special character ratio limit: 30%
- HTML/JavaScript injection blocking
**Sanitization:**
- HTML tag removal
- Zero-width character stripping
- Control character removal
- Whitespace normalization
**Rate Limiting:**
- 5 suspicious attempts per minute per user
- Automatic clearing on successful validation
- Per-user tracking with session storage
**Context Awareness:**
- Parenting keyword validation
- Domain-appropriate scope checking
- Lenient validation for short prompts
**Implementation:**
- lib/security/promptSecurity.ts - Core validation logic
- app/api/ai/chat/route.ts - Integrated validation
- scripts/test-prompt-injection.mjs - 19 test cases (all passing)
- lib/security/README.md - Documentation
**Test Coverage:**
✅ Valid parenting questions (2 tests)
✅ System manipulation attempts (4 tests)
✅ Role manipulation (1 test)
✅ Data exfiltration (3 tests)
✅ Command injection (2 tests)
✅ Jailbreak techniques (2 tests)
✅ Length attacks (2 tests)
✅ Character encoding attacks (2 tests)
✅ Edge cases (1 test)
All suspicious attempts are logged with user ID, reason, risk level,
and timestamp for security monitoring.
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-10-01 20:15:11 +00:00
8e3567e3d6
Add rate limiting to API endpoints
...
CI/CD Pipeline / Lint and Test (push) Has been cancelled
CI/CD Pipeline / E2E Tests (push) Has been cancelled
CI/CD Pipeline / Build Application (push) Has been cancelled
Implemented comprehensive rate limiting for API security:
- Created custom Next.js-native rate limiter using in-memory store
- Added 5 rate limit configurations:
- authLimiter: 5 requests/15min for login/register/password-reset
- aiLimiter: 10 requests/hour for AI assistant queries
- trackingLimiter: 30 requests/min for activity tracking
- readLimiter: 100 requests/min for read-only endpoints
- sensitiveLimiter: 3 requests/hour for sensitive operations
- Applied rate limiting to endpoints:
- /api/auth/login, /api/auth/register, /api/auth/password-reset
- /api/ai/chat
- /api/tracking/feeding (GET and POST)
- Rate limit responses include standard headers:
- RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset
- Retry-After header with seconds until reset
- Tested with 7 sequential requests - first 5 passed, last 2 blocked with 429
Note: Current implementation uses in-memory store. For production with
multiple instances, migrate to Redis-backed storage for distributed
rate limiting.
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-10-01 20:08:28 +00:00
