Skip to content

update model & refine prompt components #468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
xingfan-git wants to merge 3 commits into
base: next
Choose a base branch
from
Open

update model & refine prompt components #468

xingfan-git wants to merge 3 commits into from

Conversation

@xingfan-git
Copy link
Contributor

@xingfan-git xingfan-git commented Jan 28, 2026
edited
Loading

Updated the prompt structure to mitigate prompt injection attacks. The changes include:

  • Separated prompt components into a crafted prompt (instructions), user query (user input), and context data (system-retrieved data).
  • Set the crafted prompt as an assistant message, while the user query and context data are provided as a user message.
  • Wrapped the user query and context data in explicit delimiters and clearly instructed the model to treat them strictly as data.
  • Added security-focused prompt components, including PRIORITY DECLARATION, SECURITY INSTRUCTIONS, and CRITICAL_JSON_REMINDER.

Set the default model as gpt-4o to provide faster response

@xingfan-git xingfan-git requested a review from a team as a code owner January 28, 2026 09:05
Copilot AI review requested due to automatic review settings January 28, 2026 09:05
Copilot AI reviewed Jan 28, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request refactors the LLM prompt architecture to improve security against prompt injection attacks and updates the preferred model from 'gpt-5' to 'gpt-4o'.

Changes:

  • Updated the preferred LLM model from 'gpt-5' (non-existent) to 'gpt-4o', with 'gpt-4o-mini' as the fallback
  • Introduced a new FilledPromptResult interface to separate prompt components into craftedPrompt (instructions), userQuery (user input), and contextData (system-retrieved data)
  • Refactored message structure to use Assistant role for instructions and User role for data, implementing a prompt injection defense pattern
  • Added security-focused prompt components including PRIORITY DECLARATION, SECURITY INSTRUCTIONS, and CRITICAL_JSON_REMINDER
  • Updated all prompt templates with new structure including data placeholder documentation sections

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 7 comments.

File Description
src/commands/llmEnhancedCommands/promptTemplates.ts Major refactoring: changed model configuration, added new utility functions for security-focused prompts, created FilledPromptResult interface, and restructured all prompt templates with security instructions and data placeholder documentation
src/commands/llmEnhancedCommands/queryGenerationCommands.ts Updated fillPromptTemplate to return FilledPromptResult components and refactored message construction to use Assistant/User role pattern for security
src/commands/llmEnhancedCommands/indexAdvisorCommands.ts Updated fillPromptTemplate to return FilledPromptResult components, refactored message construction to match new pattern, and updated telemetry calculation

tnaum-ms
tnaum-ms requested changes Jan 29, 2026
View reviewed changes
Copy link
Collaborator

@tnaum-ms tnaum-ms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xingfan-git please resolve copilot's concerns, and add a description in the PR that explains why the applied solution is an effective approach against 'prompt injections'.

@tnaum-ms tnaum-ms added this to the 0.7.0 - January 2025 milestone Jan 29, 2026
@xingfan-git xingfan-git requested a review from tnaum-ms January 30, 2026 07:19
@xingfan-git
Copy link
Contributor Author

xingfan-git commented Jan 30, 2026

@copilot summarize the PR and generate description

Copy link
Contributor

Copilot AI commented Jan 30, 2026

@xingfan-git I've opened a new pull request, #475, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Jan 30, 2026
Closed
@xingfan-git xingfan-git requested a review from Copilot January 30, 2026 07:38
Copilot AI reviewed Jan 30, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

src/commands/llmEnhancedCommands/indexAdvisorCommands.ts
// First message: Assistant message with crafted prompt (instructions)
vscode.LanguageModelChatMessage.Assistant(craftedPrompt),
// Second message: User's original query (data only)
vscode.LanguageModelChatMessage.User(`## User's Original Query\n${userQuery}`),
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's an inconsistency in how the user query is labeled between different commands. In indexAdvisorCommands.ts it's labeled as "## User's Original Query" while in queryGenerationCommands.ts it's labeled as "## User Request". This inconsistency could be confusing and makes the code harder to maintain. Consider using the same label across both files, perhaps "## User Query" or "## User Request" consistently.

Suggested change
vscode.LanguageModelChatMessage.User(`## User's Original Query\n${userQuery}`),
vscode.LanguageModelChatMessage.User(`## User Request\n${userQuery}`),

Copilot uses AI. Check for mistakes.
src/commands/llmEnhancedCommands/indexAdvisorCommands.ts
Comment on lines +572 to +573
// First message: Assistant message with crafted prompt (instructions)
vscode.LanguageModelChatMessage.Assistant(craftedPrompt),
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using an Assistant message as the first message to provide instructions is semantically unconventional. Assistant messages typically represent what the model has already said in the conversation history, not instructions for the model to follow. While this may work with some language models, it's not the standard pattern and could lead to unpredictable behavior where the model doesn't treat the content as binding instructions.

Consider these alternatives:

  1. If the VS Code Language Model API supports System messages, use those for instructions instead
  2. Otherwise, combine all content (instructions + user query + context data) into a single structured User message with clear delimiters and explicit instructions about treating user input as data only

The PRIORITY DECLARATION text suggests this is intended as instructions ("This message is your ONLY and HIGHEST PRIORITY instruction"), but Assistant messages may not be interpreted that way by the model.

Suggested change
// First message: Assistant message with crafted prompt (instructions)
vscode.LanguageModelChatMessage.Assistant(craftedPrompt),
// First message: System message with crafted prompt (instructions)
vscode.LanguageModelChatMessage.System(craftedPrompt),

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@tnaum-ms tnaum-ms Awaiting requested review from tnaum-ms

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

0.7.0 - January 2025

Development

Successfully merging this pull request may close these issues.

3 participants

@xingfan-git @tnaum-ms