Implemented guardrail service with APIs to effectively manage guardrails in the system #160 #165

vinayakbagal7 · 2024-12-20T12:41:05Z

Change Description

Implemented guardrail service with APIs to effectively manage guardrails in the system

Added APIs to handle all CRUD operations for guardrail connections.

Example payload -

{
   "name": "gr_connection_1",
   "description": "test description",
   "guardrailsProvider": "AWS",
   "connectionDetails": {
       "access_key": "<aws_access_key>",
       "secret_key": "<aws_secret_ky>",
       "session_token": "<aws_session_token>"
   },
   "encryptFields": ["secret_key", "session_token"]
}

API to test connections to external services with the same payload as above.
APIs to handle all CRUD operations for guardrails.
Handled different types of configurations below in the guardrail.

Content Moderation

Off Topics filters

Denied Terms

Sensitive Data Filtering

Prompt Safety

Example payload for guardrail -

{
   "name": "test_gr_1",
   "description": "test guardrail 1",
   "version": 1,
   "applicationKeys": [
       "632bc4a449580d9766f5845179bb8b6e",
       "6b2d2f21acdac859d3fb3804484b99a7",
       "5c4c5df2daca1210f34120af6c689187"
   ],
   "guardrailConnectionName": "gr_connection_1",
   "guardrailProvider": "AWS",
   "guardrailConfigs": [
       {
           "configType": "CONTENT_MODERATION",
           "responseMessage": "I couldn't respond to that message.",
           "configData": {
               "configs": [
                   {
                       "category": "Hate",
                       "filterStrengthPrompt": "high",
                       "filterStrengthResponse": "medium"
                   },
                   {
                       "category": "Insults",
                       "filterStrengthPrompt": "high",
                       "filterStrengthResponse": "medium"
                   }
               ]
           }
       },
       {
           "configType": "SENSITIVE_DATA",
           "responseMessage": "I couldn't respond to that message.",
           "configData": {
               "configs": [
                   {
                       "category": "EMAIL",
                       "action": "DENY"
                   },
                   {
                       "category": "USERNAME",
                       "action": "ALLOW"
                   },
                   {
                       "category": "PASSWORD",
                       "action": "REDACT"
                   },
                   {
                       "type": "regex",
                       "name": "email_regex",
                       "description": "email_regex",
                       "pattern": "test_pattern",
                       "action": "REDACT"
                   }
               ]
           }
       },
       {
           "configType": "OFF_TOPIC",
           "responseMessage": "I couldn't respond to that message.",
           "configData": {
               "configs": [
                   {
                       "topic": "Sports",
                       "definition": "Sports Definition",
                       "samplePhrases": [
                           "Who's playing NFL tonight ?",
                           "Who's leading tonight ?"
                       ],
                       "action": "DENY"
                   }
               ]
           }
       },
       {
           "configType": "DENIED_TERMS",
           "responseMessage": "I couldn't respond to that message.",
           "configData": {
               "configs": [
                   {
                       "type": "PROFANITY",
                       "value": true
                   },
                   {
                       "term": "Violance",
                       "keywords": [
                           "Violent Bahaviour",
                           "Physical Assault"
                       ]
                   }
               ]
           }
       },
       {
           "configType": "PROMPT_SAFETY",
           "responseMessage": "I couldn't respond to that message.",
           "configData": {
               "configs": [
                   {
                       "category": "PROMPT_ATTACK",
                       "filterStrengthPrompt": "HIGH"
                   }
               ]
           }
       }
   ]
}

CRUD API to manage response message templates.
"Get Guardrail" API specifically for the shield service based on lastKnownVersion.
Example response -

{
   "applicationKey": "632bc4a449580d9766f5845179bb8b6e",
   "version": 3,
   "guardrails": [
       {
           "id": 1,
           "status": 1,
           "createTime": "2024-12-20T08:46:36.899617",
           "updateTime": "2024-12-20T08:52:36.900342",
           "name": "test_gr_1",
           "description": "test guardrail 1",
           "version": 6,
           "guardrailProvider": "AWS",
           "guardrailConnectionName": "gr_connection_1",
           "guardrailConfigs": [
               {
                   ...
               }
           ],
           "guardrailProviderResponse": {
               "success": true,
               "response": {
                   "guardrailId": "j0vwca4b8swg",
                   "guardrailArn": "arn:aws:bedrock:us-east-1:404161567776:guardrail/j0vwca4b8swg",
                   "version": "DRAFT"
               }
           },
           "guardrailConnectionDetails": {
               "access_key": "<aws_secret_key>",
               "secret_key": "<aws_secret_key_encrypted>",
               "session_token": "<aws_session_token_encrypted>",
               "encryption_key_id": <id>
           }
       }
   ]
}

Issue reference

This PR fixes issue #160

Checklist

I have reviewed the contribution guidelines
My code includes unit tests
All unit tests and lint checks pass locally
My PR contains documentation updates/additions if required

…ication names

… fixed login user issue

…ail api issues

…quent db calls

…ication versioning

…eparate app and clients

…into aws format

paig-server/backend/paig/api/guardrails/api_schemas/guardrail.py

paig-server/backend/paig/api/guardrails/controllers/gr_connection_controller.py

paig-server/backend/paig/api/guardrails/controllers/guardrail_controller.py

paig-server/backend/paig/api/guardrails/database/db_models/guardrail_model.py

paig-server/backend/paig/api/guardrails/database/db_operations/response_template_repository.py

paig-server/backend/paig/api/guardrails/services/guardrails_service.py

akshayr-privacera-github

Lets do the required changes

vinayakbagal and others added 30 commits December 5, 2024 11:35

PAIG-2210 Guardrail service implementation

6dd6729

PAIG-2210 Fixed get guardrail by id api response

dd40566

PAIG-2210 Code refactor

4365e25

PAIG-2210 Create update delete api for guardrail with associated appl…

9d17f7f

…ication names

PAIG-2210 Added some fixes in validations

834f831

PAIG-2210 Corrected version type, moved get_auth_user in root router,…

c5639f4

… fixed login user issue

PAIG-2210 Added get guardrail api by app name and fixed update guardr…

a5a71c0

…ail api issues

PAIG-2210 Updated guardrail api to use app key for association

8bc27fb

PAIG-2210 Added bedrock backend implemetation with abstract classes

0239c0e

PAIG-2210 Added support for version and lastKnownVersion to avoid fre…

198cb8b

…quent db calls

PAIG-2210 Simplified approach for storing and fetching guardrail appl…

f27e264

…ication versioning

PAIG-2210 Added integration with AWS bedrock guardrails

653b9ea

PAIG-2210 Added unit tests for guardrail providers

6926a72

PAIG-2210 Fixed verify connections method

3bbc3c4

PAIG-2210 Fixed maxResults key

2a0c27c

PAIG-2210 Fixed issues in integration with AWS bedrock guardrails

a2629b1

PAIG-2210 Added junit code coverage for guardrail connection classes

6c55e01

PAIG-2210 Removed unused code and updated test file naming

9330a42

PAIG-2210 Added junit for guardrail classes

a0dad22

PAIG-2210 Added junit test cases for guardrail service

a25651b

PAIG-2210 fixed unit tests

1c3d518

PAIG-2210 Fixed router tests with error 'no such table' by creating s…

a38b104

…eparate app and clients

PAIG-2210 Fixed Controller testcases failing due to transactional block

daad529

PAIG-2210 Fixed autherizer router test cases

cd6897d

PAIG-2210 Fixed the update guardrail api issue

17936bb

Updated bedrock backend as per new implementation

982b78c

Updated test cases for providers and bedrock as per new implementation

6f12da6

Added PROMPT_ATTACK to the example bedrock guardrail

c9abf99

Refactored GuardrailConfigType class name

1ded2a9

[PAIG-2210] Added transformer for converting paig guardrail policies …

555259c

…into aws format

vinayakbagal7 force-pushed the PAIG-2210 branch from 0d90766 to 28ea4e1 Compare January 2, 2025 12:29

vinayakbagal added 3 commits January 2, 2025 18:27

PAIG-2210 Added validation for delete connection

1cc4084

PAIG-2210 Added fix for regex description when not passed

9679a63

PAIG-2210 Fixed connection deletion validation error

2316805

vinayakbagal7 force-pushed the PAIG-2210 branch from ed8f72b to 2316805 Compare January 8, 2025 10:53

PAIG-2210 Added code for guardrail validation error handling

31b29a9