[python] PoC: AI Guard test under INTEGRATION_FRAMEWORKS#7257
[python] PoC: AI Guard test under INTEGRATION_FRAMEWORKS#7257avara1986 wants to merge 13 commits into
Conversation
|
|
🎉 All green!❄️ No new flaky tests detected 🔗 Commit SHA: bc915c9 | Docs | Datadog PR Page | Give us feedback! |
78379f1 to
ca1a97f
Compare
…APPSEC-68977) Exercise the auto-instrumented AI Guard/OpenAI integration (ai_guard_listen) the way the LLM Obs suite does: call the OpenAI SDK directly through the existing /chat/completions weblog endpoint with DD_AI_GUARD_ENABLED=true, and assert an ai_guard span is emitted for before-model, after-model (streamed) and tool-call evaluation. The evaluation outcome (ALLOW/DENY/ABORT) stays covered by the dedicated AI_GUARD scenario and is not re-asserted here. The AI Guard endpoint is not yet wired into the INTEGRATION_FRAMEWORKS scenario (no DD_AI_GUARD_ENDPOINT / no aiguard VCR cassettes), so the integration path 500s for every language. Marked missing_feature for python, nodejs and java until the scenario wiring + cassettes land. Investigation task: APPSEC-68977 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ca1a97f to
4de1a84
Compare
library_env now injects real DD_API_KEY/DD_APP_KEY in --generate-cassettes mode (the AI Guard client calls the real API to record the aiguard cassette) and keeps mock keys on replay, where the VCR proxy matches on the request rather than auth. Investigation task: APPSEC-68977 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d95adff1f0
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
cbeauchesne
left a comment
There was a problem hiding this comment.
Framwork usage : all good
But I let someone familiar with the feature to do the real review.
christophe-papazian
left a comment
There was a problem hiding this comment.
Reviewed the AI Guard PoC. Four inline notes below (findings 1, 2, 4, 6), each with evidence to confirm. Two of these overlap with the resolved Codex-bot threads and, in my reading, are still substantive — flagging so they aren't lost when this moves from draft toward runnable.
…RKS AI Guard test - Keep DD_API_KEY/DD_APP_KEY out of library_env (report metadata) by injecting them via the scenario environment, and fail fast when they are missing during cassette generation instead of a silent xfail. - Assert the tool-call payload (assistant tool_calls) actually reached AI Guard. - Require an assistant message for the after-model eval and skip it until the after-model cassette is regenerated (APPSEC-68977). - Align the module docstring with what is actually asserted (no trace linkage). - Drop the redundant, out-of-scope ai_guard.event assertion from the standalone sampling test. APPSEC-68977 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Streamed after-model evaluation (DD_AI_GUARD_ANALYZE_STREAM_RESPONSES_ENABLED) is not implemented across the other tracer libraries yet, so the after-model test could never replay at cross-language parity and was a false positive (it passed on the before-model prompt span). Remove the test, the stream env var, and the two orphaned streaming cassettes; keep before-model and tool-call coverage. APPSEC-68977 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Update — Finding 1 resolved (commit bc915c9)Rather than re-recording the after-model cassette, we removed the streamed after-model test entirely: Changes:
Updated status table:
|
What
Proof-of-concept exploring whether AI Guard coverage can be consolidated under the
INTEGRATION_FRAMEWORKSscenario instead of the dedicatedAI_GUARDscenario.Adds
tests/integration_frameworks/llm/openai/test_openai_ai_guard.py, which drives AI Guard evaluation through the OpenAI framework weblog using thetest_client/test_agentfixtures, and asserts on theai_guardspan (meta.ai_guard.*,meta_struct.ai_guard) — reusing the payloads and span shape fromtests/ai_guard/test_ai_guard_sdk.py.Status: DRAFT / investigation
This is a scaffold for the investigation tracked in APPSEC-68977. It is not runnable yet — it depends on prerequisites still to be validated:
/ai_guard/evaluateendpoint inutils/build/docker/python/openai_app/openai.pythat calls the tracer's AI Guard client;/vcr/aiguardupstream (or reusing the standaloneVCRCassettesContainer);DD_AI_GUARD_ENABLED/DD_AI_GUARD_ENDPOINTwired intoIntegrationFrameworksScenario.Jira
Investigation task: https://datadoghq.atlassian.net/browse/APPSEC-68977 (under epic APPSEC-68823)
🤖 Generated with Claude Code