Skip to content

feat: Generic LlamaIndex Reader Plugin with security hardening#390

Open
evanerwee wants to merge 2 commits into
awslabs:mainfrom
evanerwee:feat/generic-llama-index-reader-plugin
Open

feat: Generic LlamaIndex Reader Plugin with security hardening#390
evanerwee wants to merge 2 commits into
awslabs:mainfrom
evanerwee:feat/generic-llama-index-reader-plugin

Conversation

@evanerwee

Copy link
Copy Markdown
Contributor

Summary

Generic LlamaIndex reader plugin that wraps any reader via configuration — no bespoke provider file needed per data source.

Security Hardening (addresses review on #384)

All 7 items from @mykola-pereyma's feedback implemented:

  1. Namespace allowlist — validates module path before import (prevents arbitrary code exec)
  2. Interface validation before instantiation — checks callable + has load_data before constructor
  3. Restrict load_method — only load_data, lazy_load, aload_data allowed
  4. Env var resolution — $VAR_NAME in init_args/load_args resolved from environment
  5. Credential logging test — secrets never appear in logs
  6. Default fail_on_error=True — silent data loss is opt-in
  7. Package name validation — only suggests pip install for valid llama-index patterns

Tests

46 tests passing (30 original + 16 new security tests).

Closes #384

evanerwee added 2 commits July 6, 2026 19:05
Adds LlamaIndexPluginReaderProvider that dynamically loads any LlamaIndex
reader package (Confluence, Notion, Slack, Jira, etc.) with just
configuration — no bespoke provider code needed per reader.

Features:
- Dynamic import of any llama-index-readers-* package
- Configurable timeout (prevents hangs on unresponsive APIs)
- Retry with exponential backoff on transient errors (429, 503)
- Auth failure detection (401/403 — never retried)
- Graceful degradation (fail_on_error=False returns [] instead of raising)
- input_source flexibility (auto-fallback if reader doesn't accept it)
- Generator/iterator result handling
- Document validation and metadata enrichment
- 30 unit tests covering all error paths

Usage:
    config = LlamaIndexPluginReaderConfig(
        package='llama-index-readers-confluence',
        module_path='llama_index.readers.confluence',
        reader_class='ConfluenceReader',
        init_args={'base_url': 'https://...', 'token': '...'},
        load_args={'space_key': 'ENG'},
        timeout_seconds=60,
        max_retries=2,
    )
    provider = LlamaIndexPluginReaderProvider(config)
    docs = provider.read()
1. Namespace allowlist (ALLOWED_MODULE_PREFIXES) — prevents arbitrary module loading
2. Interface validation before instantiation — checks callable + has load_data/lazy_load
3. Restrict load_method (ALLOWED_LOAD_METHODS) — only load_data, lazy_load, aload_data
4. Environment variable resolution ($VAR_NAME in init_args/load_args)
5. Credential logging test — asserts secrets never appear in logs
6. Default fail_on_error=True — explicit opt-in for graceful degradation
7. Package name validation in error messages — only suggest pip install for valid patterns

16 new security tests added (46 total, all passing).
All items directly address mykola-pereyma's review on awslabs#384.

@mykola-pereyma mykola-pereyma left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing the hardening feedback from #384. This PR includes unrelated content that makes it difficult to review. Could you please open a new PR or update existing with only the reader plugin files? That would be:

  • providers/__init__.py
  • providers/llama_index_plugin_reader_provider.py
  • reader_provider_config.py
  • test_llama_index_plugin_reader_provider.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Feature: Generic LlamaIndex Reader Plugin — wrap any reader via config

2 participants