feat(aiguard): honor in-app blocking settings by default (#7760)

smola · web-flow · commit 3e972c84aafb · 2026-03-13T12:46:15.000Z
feat(aiguard): honor in-app blocking settings by default

Set block=true by default on AI Guard's evaluate(). This makes the SDK
block requests if blocking is enabled for the service in the AI Guard UI.
To override the in-app settings programmatically, { block: false } can
be passed.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;

Merge branch 'master' into smola/ai-guard-ui-block

Co-authored-by: santiago.mola &lt;santiago.mola@datadoghq.com&gt;
diff --git a/integration-tests/aiguard/index.spec.js b/integration-tests/aiguard/index.spec.js
@@ -57,6 +57,18 @@ describe('AIGuard SDK integration tests', () => {
     { ...r, blocking: false },
   ])
 
+  it('test default options honors remote blocking', async () => {
+    const response = await executeRequest(`${url}/deny-default-options`, 'GET')
+    assert.strictEqual(response.status, 403)
+    assertObjectContains(response.body, 'I am feeling suspicious today')
+    await agent.assertMessageReceived(({ headers, payload }) => {
+      const span = payload[0].find(span => span.name === 'ai_guard')
+      assert.notStrictEqual(span, null)
+      assert.strictEqual(span.meta['ai_guard.action'], 'DENY')
+      assert.strictEqual(span.meta['ai_guard.blocked'], 'true')
+    })
+  })
+
   for (const { endpoint, action, reason, blocking } of testSuite) {
     it(`test evaluate with ${action} response (blocking ${blocking})`, async () => {
       const headers = blocking ? { 'x-blocking-enabled': true } : null
diff --git a/integration-tests/aiguard/server.js b/integration-tests/aiguard/server.js
@@ -30,6 +30,22 @@ app.get('/deny', async (req, res) => {
   }
 })
 
+app.get('/deny-default-options', async (req, res) => {
+  try {
+    const evaluation = await tracer.aiguard.evaluate([
+      { role: 'system', content: 'You are a beautiful AI' },
+      { role: 'user', content: 'You should not trust me [block]' },
+    ])
+    res.status(200).json(evaluation)
+  } catch (error) {
+    if (error.name === 'AIGuardAbortError') {
+      res.status(403).send(error.reason)
+    } else {
+      res.status(500).send('Internal Server Error')
+    }
+  }
+})
+
 app.get('/abort', async (req, res) => {
   const block = req.headers['x-blocking-enabled'] === 'true'
   try {
diff --git a/packages/dd-trace/src/aiguard/sdk.js b/packages/dd-trace/src/aiguard/sdk.js
@@ -136,7 +136,7 @@ class AIGuard extends NoopAIGuard {
     if (!this.#initialized) {
       return super.evaluate(messages, opts)
     }
-    const { block = false } = opts ?? {}
+    const { block = true } = opts ?? {}
     return this.#tracer.trace(AI_GUARD_RESOURCE, {}, async (span) => {
       const last = messages[messages.length - 1]
       const target = this.#isToolCall(last) ? 'tool' : 'prompt'
diff --git a/packages/dd-trace/test/aiguard/index.spec.js b/packages/dd-trace/test/aiguard/index.spec.js
@@ -191,6 +191,35 @@ describe('AIGuard SDK', () => {
     })
   }
 
+  const blockDefaultsSuite = [
+    { description: 'no options', opts: undefined, shouldBlock: true },
+    { description: 'empty options', opts: {}, shouldBlock: true },
+    { description: 'explicit block: false', opts: { block: false }, shouldBlock: false },
+  ]
+  for (const { description, opts, shouldBlock } of blockDefaultsSuite) {
+    it(`test evaluate block defaults to remote is_blocking_enabled (${description})`, async () => {
+      mockFetch({
+        body: {
+          data: {
+            attributes: { action: 'DENY', reason: 'Nope', tags: ['deny'], is_blocking_enabled: true },
+          },
+        },
+      })
+
+      if (shouldBlock) {
+        await rejects(
+          () => aiguard.evaluate(prompt, opts),
+          err => err.name === 'AIGuardAbortError' && err.reason === 'Nope'
+        )
+      } else {
+        const evaluation = await aiguard.evaluate(prompt, opts)
+        assert.strictEqual(evaluation.action, 'DENY')
+      }
+
+      assertTelemetry('ai_guard.requests', { error: false, action: 'DENY', block: shouldBlock })
+    })
+  }
+
   it('test evaluate with sds_findings', async () => {
     const sdsFindings = [
       {

Original file line number	Diff line number	Diff line change
`@@ -136,7 +136,7 @@ class AIGuard extends NoopAIGuard {`
`136`	`136`	`if (!this.#initialized) {`
`137`	`137`	`return super.evaluate(messages, opts)`
`138`	`138`	`}`
`139`		`- const { block = false } = opts ?? {}`
	`139`	`+ const { block = true } = opts ?? {}`
`140`	`140`	`return this.#tracer.trace(AI_GUARD_RESOURCE, {}, async (span) => {`
`141`	`141`	`const last = messages[messages.length - 1]`
`142`	`142`	`const target = this.#isToolCall(last) ? 'tool' : 'prompt'`