Expanded ChatGPT Interface

well-noted · November 11, 2024, 7:48pm

I’m not totally sure what you’re asking, @JanJo, so I will just give some context and you can ask for further clarity if I don’t address your question:

The API key that you get from platform.openai.com is a secret key that you only get once when you sign up for it. From your platform you can create more, but if you lose that key you cannot go back and get it.

If you have this plugin installed in your wiki there is a place to input the API key – that gets saved to the wiki as the text field of a tiddler.

The key is accessible only to those who have access to that tiddler. If you had a publicly available wiki, you would need to find some way to obfuscate and encrypt that tiddler… Although you would probably not want to have this plugin be available for people to use in a way that they could access your key, as each query sent by a user would charge your account (usually less than a penny for a simply query, but still)

It could pretty easily be modified for public use so that a user would have to input their own API key in order to make queries, which would not carry over through saves.

If you have some specific use case in mind, I’d be interested to help work through it with you.

JanJo · November 11, 2024, 8:15pm

I am a teacher and I would like to build an interface that gives pupils feedback on a handwritten input - so it would have to be my API-Key.

In the first step it should recognize the text and give hints on orthography.
In the second it should evaluate the content.

well-noted · November 11, 2024, 8:25pm

That’s an interesting usecase (and the first time I’m coming across the word orthography, thank you for that! )

I believe that it would be capable of recognizing misspellings and making suggestions - - I haven’t tested on elementary handwriting, but I imagine it would do a fairly decent job, though further tests would need to be done.

As far as your API key being used, possible misuse could be minimized pretty easily: The OpenAI platform allows you to associate any API key with a specific project title and then set limits on how much can be charged on that project per month. I have not had to reload my credits since throwing in $20 at the beginning of the year, so I think it could be fairly affordable and if you set the limit at say $5, it would be safe to allow students to use the interface with your API key without running the risk of going destitute.

This would protect you even if you had the API key publicly available and were just acting on the basis of trust – if you ever had reason to suspect the API key had been compromised, the damage would be minimal and you could just swap it out.

Another simple process would be creating a new API key for each assignment, that would again have guardrails against severe misuse.

As far as hiding the API key, though, I’m afraid I don’t have too much experience with sharing my wikis with others, and from what I’ve seen around here, the ability to hide or encrypt a tiddler in a sufficient way to prevent malicious intent seems challenging… though perhaps will become less challenging with the new release? (no citation on that, it’s just the general sense I have)

There may be someone who knows more about encryption and hiding tiddler content, however, that could give you more info.

well-noted · November 11, 2024, 8:33pm

An easy way to make the API key less visible would be to hardcode it within the widget javascript – I don’t know the skill level of the average student, but it’s possible that the key would be sufficiently hidden from most people within the context of a very large codeblock.

But the API key would need to be accessible by the widget somehow… Would be very interested to hear if anyone has a method for extracting information from a source outside the wiki to use within it.

JanJo · November 11, 2024, 8:35pm

There is an encrypttiddler-plugin by danielo that does a decent job on one or a list of tiddlers.

JanJo · November 11, 2024, 8:40pm

What about entering a hashed key by a qr-code ?

well-noted · November 11, 2024, 8:42pm

Great! Then all you would need to do is to encrypt the single api tiddler ( $:/plugins/NoteStreams/expanded-chat-gpt/openai-api-key) and you would be good to go.

Although you should still set up the guardrails in the openAI platform, since a user could still query the agent far more than necessary (Unless maybe you were to also modify the system message to forbid this kind of behavior… that would be interesting to attempt).

well-noted · November 11, 2024, 8:44pm

Would this be a key the student would input at time of use? If so, the key would have to decryptable for the widget but not decryptable for the student.

My cryptography skills are extremely minimal.

JanJo · November 11, 2024, 8:48pm

I guess the student should have to authentificate.
I also would love to have an LDAP or OAuth plugin for TW

well-noted · November 11, 2024, 9:59pm

Keep me up to date if you decide to attempt something like this, or would like to have further brainstorming on it. I often find that my usecases are niche, and find a lot of excitement and intrigue in hearing about and discussing those of others!

JanJo · November 11, 2024, 11:24pm

Thanks a lot.
I guess this week I won’t have the time. Maybe in two Weeks.

JanJo · November 12, 2024, 2:26pm

An example (in german) how ai is used that way can be found here : https://www.fiete.ai/