How do you handle multi-modal assistants running amok?
I've been working on a slack bot using OpenAI's Assistant's API. So far it's pretty great, and it's really cool the things it can do. Before I get carried away with deeply integrating it with sensitive parts of our platform though, I've been putting some thought into how I want to make sure it's not going to do any damage.
The plan is (and I'll post an update this once I get around to executing it) the following:
- Person asks the slack bot to do something that could be destructive/sensitive
- The OpenAI assistant understands the message and makes a multi-modal function call request
- The Slack Bot sees the function request is flagged as sensitive and rather than performing the action initiates a confirmation flow, and begins waiting for a confirmation semaphore (since we're going to run the confirmation async)
- The slack bot checks if this slack ID has authenticated via Google lately, if not PM them to initiate that flow
- Once we're sure the slack ID belongs to who we thing, the slack bot posts a PM to the user with a confirm or cancel option. The PM contains the function to be called along with a summary of what that function does and the parameters the OpenAI assistant wanted to pass in
- When the bot gets the notification it unlocks the semaphore and the initial request completes
My main concern right now is that I'm running this stuff in Cloud Functions and so I'll either have to make some sort of pub/sub state preservation setup to keep things going, or just gracefully handle timeouts. Probably the second one?
Mainly this is a UX problem, I don't want it to feel onerous and janky, but I suspect it'll take a couple iterations to get there. We'll see!
xoxo, Shaun