Integrate OpenAI moderation endpoint (conflict-clean)

src/worker/comments.ts

@@ -7,7 +7,7 @@ import {
 } from "./identity";
 import { slugify } from "./slug";
 import { rateLimit, clientIp } from "./ratelimit";
-import { moderateCommentNow } from "./moderation";
+import { moderateCommentNow, openaiModerate } from "./moderation";
 import { requireHuman, challengeResponse } from "./turnstile";
 
 export interface CommentsEnv {
@@ -17,6 +17,7 @@ export interface CommentsEnv {
   OPENROUTER_MODEL: string;
   OPENROUTER_MODERATION_MODEL?: string;
   IDENT_PER_IP_PER_HOUR?: string;
+  OPENAI_API_KEY?: string;
   // Forwarded so turnstile.requireHuman can read its config. Optional;
   // missing values fall open (no gating).
   TURNSTILE_SITE_KEY?: string;
@@ -466,6 +467,14 @@ export function createCommentsApp() {
       throw e;
     }
 
+    // Pre-save moderation
+    if (c.env.OPENAI_API_KEY) {
+      const flagged = await openaiModerate(body, c.env.OPENAI_API_KEY);
+      if (flagged) {
+        return c.json({ error: "comment was flagged by moderation" }, 400);
+      }
+    }
+
     const id = crypto.randomUUID();
     const created_at = Date.now();
 

src/worker/index.ts

@@ -14,9 +14,11 @@ import { isLikelyVpn } from "./vpn";
 import { isPermanentlyBlockedSlug } from "./blocklist";
 import { loadHints, saveHints } from "./hints";
 import {
+  banSlugNow,
   countRecentBansByIp,
   enqueueArticleForModeration,
   isSlugBanned,
+  openaiModerate,
   runSweep,
 } from "./moderation";
 import { createAdminApp } from "./admin";
@@ -47,6 +49,9 @@ export interface Env {
   SEARCH_PER_IP_PER_HOUR?: string;
   // Single Durable Object tracking live readers per slug. See presence.ts.
   PRESENCE: DurableObjectNamespace;
+  // Optional: OpenAI API key for synchronous pre-generation moderation.
+  // Set via: pnpm wrangler secret put OPENAI_API_KEY
+  OPENAI_API_KEY?: string;
   // Admin accounts live in D1 (`admins` table). No env-based password.
   //
   // Turnstile bot gating. Public site key + secret key from Cloudflare,
@@ -614,6 +619,23 @@ app.get("/api/page/:slug", async (c) => {
 
   const title = slugToTitle(slug);
 
+  // Check title against OpenAI Moderation API before spending LLM tokens
+  if (c.env.OPENAI_API_KEY) {
+    const flagged = await openaiModerate(title, c.env.OPENAI_API_KEY);
+    if (flagged) {
+      c.executionCtx.waitUntil(
+        banSlugNow(slug, c.env).catch((e) =>
+          console.error("banSlugNow failed", e)
+        )
+      );
+      return c.json(
+        { error: "this entry has been removed by moderation", banned: true },
+        404,
+        { "x-robots-tag": "noindex" }
+      );
+    }
+  }
+
   // Pull every prior link-context blurb other articles have written about
   // this slug. These become CANON the LLM must respect.
   let priorHints: string[] = [];

src/worker/moderation.ts

@@ -21,6 +21,66 @@ export interface ModerationEnv {
   OPENROUTER_API_KEY: string;
   OPENROUTER_MODEL: string;
   OPENROUTER_MODERATION_MODEL?: string;
+  OPENAI_API_KEY?: string;
+}
+
+/**
+ * Call the OpenAI Moderation API and return true if the text was flagged.
+ * If this fails, the async sweep can still catch stragglers.
+ */
+export async function openaiModerate(
+  text: string,
+  apiKey: string
+): Promise<boolean> {
+  const controller = new AbortController();
+  const timeout = setTimeout(() => {
+    controller.abort();
+  }, 4000);
+
+  try {
+    const res = await fetch("https://api.openai.com/v1/moderations", {
+      method: "POST",
+      signal: controller.signal,
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${apiKey}`,
+      },
+      body: JSON.stringify({ model: "omni-moderation-latest", input: text }),
+    });
+    if (!res.ok) return false;
+    const json: any = await res.json();
+    return json?.results?.[0]?.flagged === true;
+  } catch {
+    return false;
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+
+/**
+ * Immediately mark slug as banned in DB and delete it from KV.
+ * Used when the pre-check flags a slug before generation starts.
+ */
+export async function banSlugNow(
+  slug: string,
+  env: ModerationEnv
+): Promise<void> {
+  const now = Date.now();
+  try {
+    await env.ARTICLES.delete(slug);
+  } catch {}
+  try {
+    await env.DB
+      .prepare(
+        `INSERT INTO article_moderation (slug, status, reason, enqueued_at, checked_at)
+         VALUES (?, 'banned', ?, ?, ?)
+         ON CONFLICT(slug) DO UPDATE SET status='banned', reason=excluded.reason, checked_at=excluded.checked_at`
+      )
+      .bind(slug, "openai-moderation-precheck", now, now)
+      .run();
+  } catch (e) {
+    console.error("banSlugNow: DB write failed", slug, e);
+  }
 }
 
 const BATCH_SIZE = 30;

wrangler.toml

@@ -81,3 +81,8 @@ class_name = "PresenceDO"
 [[migrations]]
 tag = "v1"
 new_sqlite_classes = ["PresenceDO"]
+# Enable OpenAI Moderation API for slugs and comments
+# pnpm wrangler secret put OPENAI_API_KEY
+
+# Enable OpenAI Moderation API for slugs and comments
+# pnpm wrangler secret put OPENAI_API_KEY