From e62c66a7fb624ecee1aeea2bb04243832485af5f Mon Sep 17 00:00:00 2001 From: Nicolas Vuillamy Date: Sun, 12 Jan 2025 20:27:02 +0100 Subject: [PATCH] Add AI security considerations in documentation --- CHANGELOG.md | 2 ++ docs/salesforce-ai-setup.md | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 330e814c0..16d84f66a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ Note: Can be used with `sfdx plugins:install sfdx-hardis@beta` and docker image `hardisgroupcom/sfdx-hardis@beta` +- Add AI security considerations in documentation + ## [5.15.1] 2025-01-12 - Improve prompt templates diff --git a/docs/salesforce-ai-setup.md b/docs/salesforce-ai-setup.md index f95bbb383..2cece8891 100644 --- a/docs/salesforce-ai-setup.md +++ b/docs/salesforce-ai-setup.md @@ -6,6 +6,16 @@ description: Learn how to use AI to supercharge sfdx-hardis deployments # Setup AI for sfdx-hardis +## Security considerations + +sfdx-hardis uses **prompt via API** to collect analysis: only **Metadata XML** or **JSON deployment errors** are sent in the prompts. + +If you follow Flows best practices and **do not hardcode credentials / tokens in variables**, there is no serious risk to send metadata XML to an external LLM (**but be aware that you do !**) + +You can see the prompts content if you set env variable `DEBUG_PROMPTS=true`. + +The list of prompts used by sfdx-hardis is defined in [this source file](https://github.com/hardisgroupcom/sfdx-hardis/blob/main/src/common/aiProvider/promptTemplates.ts). + ## Main configuration You need to define at least env variable OPENAI_API_KEY and make it available to your CI/CD workflow.