From d81e3c0a144178b60faad7874c83744706f18b2b Mon Sep 17 00:00:00 2001
From: moying2026 <moying2026@gmail.com>
Date: Thu, 21 May 2026 03:08:23 +0800
Subject: [PATCH 1/2] docs: sign Digest header in hmac-auth body validation
 example (#13395)

---
 docs/en/latest/plugins/hmac-auth.md | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/docs/en/latest/plugins/hmac-auth.md b/docs/en/latest/plugins/hmac-auth.md
index 6319ce23f64f..33e3dc2cf717 100644
--- a/docs/en/latest/plugins/hmac-auth.md
+++ b/docs/en/latest/plugins/hmac-auth.md
@@ -887,6 +887,10 @@ body = '{"name": "world"}'          # example request body
 # skew to prolong the validity within the advised security boundary
 gmt_time = datetime.now(timezone.utc).strftime('%a, %d %b %Y %H:%M:%S GMT')
 
+# create the SHA-256 digest of the request body and base64 encode it first
+body_digest = hashlib.sha256(body.encode('utf-8')).digest()
+body_digest_base64 = base64.b64encode(body_digest).decode('utf-8')
+
 # construct the signing string (ordered)
 # the date and any subsequent custom headers should be lowercased and separated by a
 # single space character, i.e. `<key>:<space><value>`
@@ -895,23 +899,20 @@ signing_string = (
     f"{key_id}\n"
     f"{request_method} {request_path}\n"
     f"date: {gmt_time}\n"
+    f"digest: SHA-256={body_digest_base64}\n"
 )
 
 # create signature
 signature = hmac.new(secret_key, signing_string.encode('utf-8'), hashlib.sha256).digest()
 signature_base64 = base64.b64encode(signature).decode('utf-8')
 
-# create the SHA-256 digest of the request body and base64 encode it
-body_digest = hashlib.sha256(body.encode('utf-8')).digest()
-body_digest_base64 = base64.b64encode(body_digest).decode('utf-8')
-
 # construct the request headers
 headers = {
     "Date": gmt_time,
     "Digest": f"SHA-256={body_digest_base64}",
     "Authorization": (
         f'Signature keyId="{key_id}",algorithm="hmac-sha256",'
-        f'headers="@request-target date",'
+        f'headers="@request-target date digest",'
         f'signature="{signature_base64}"'
     )
 }

From 29ad13c393aa2e990f011e4a967db6a8ff77d617 Mon Sep 17 00:00:00 2001
From: moying2026 <moying2026@gmail.com>
Date: Thu, 21 May 2026 15:43:18 +0800
Subject: [PATCH 2/2] docs: add missing AI plugins and fix ordering in
 config.yaml.example (#13108)

- Add ai-request-rewrite (priority 1073)
- Add ai-aliyun-content-moderation (priority 1029)
- Reorder AI plugins by descending priority
---
 conf/config.yaml.example | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/conf/config.yaml.example b/conf/config.yaml.example
index 482eb13be273..8f729811ada3 100644
--- a/conf/config.yaml.example
+++ b/conf/config.yaml.example
@@ -518,14 +518,16 @@ plugins:                           # plugin list (sorted by priority)
   #- error-log-logger              # priority: 1091
   - proxy-cache                    # priority: 1085
   - body-transformer               # priority: 1080
+  - ai-request-rewrite             # priority: 1073
+  - ai-prompt-guard                # priority: 1072
   - ai-prompt-template             # priority: 1071
   - ai-prompt-decorator            # priority: 1070
-  - ai-prompt-guard                # priority: 1072
   - ai-rag                         # priority: 1060
   - ai-aws-content-moderation      # priority: 1050
   - ai-proxy-multi                 # priority: 1041
   - ai-proxy                       # priority: 1040
   - ai-rate-limiting               # priority: 1030
+  - ai-aliyun-content-moderation   # priority: 1029
   - proxy-mirror                   # priority: 1010
   - proxy-rewrite                  # priority: 1008
   - workflow                       # priority: 1006