Skip to content

feat(ai_guard): honor in-app blocking settings by default#16756

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit intomainfrom
smola/ai-guard-default-block-ui
Mar 16, 2026
Merged

feat(ai_guard): honor in-app blocking settings by default#16756
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit intomainfrom
smola/ai-guard-default-block-ui

Conversation

@smola
Copy link
Copy Markdown
Member

@smola smola commented Mar 5, 2026
edited by atlassian bot
Loading

Description

Set block=True by default on AI Guard's evaluate. This makes the AI Guard SDK block requests if blocking is enabled for the service in-app. To override the in-app settings programatically, block=False can be set.

Testing

Risks

Additional Notes

APPSEC-61436

@cit-pr-commenter-54b7da
Copy link
Copy Markdown

cit-pr-commenter-54b7da bot commented Mar 5, 2026
edited
Loading

Codeowners resolved as

ddtrace/appsec/ai_guard/_api_client.py                                  @DataDog/asm-python
releasenotes/notes/ai-guard-default-block-ui-37ad8475fdc6ac27.yaml      @DataDog/apm-python
tests/appsec/ai_guard/api/test_api_client.py                            @DataDog/asm-python

@smola
Copy link
Copy Markdown
Member Author

smola commented Mar 5, 2026

@cursor review

@smola smola marked this pull request as ready for review March 9, 2026 10:35
@smola smola requested a review from a team as a code owner March 9, 2026 10:35
@pr-commenter
Copy link
Copy Markdown

pr-commenter bot commented Mar 9, 2026
edited
Loading

Performance SLOs

Comparing candidate smola/ai-guard-default-block-ui (406c477) with baseline main (304595c)

📈 Performance Regressions (1 suite)
📈 iastaspectsospath - 24/24

✅ ospathbasename_aspect

Time: ✅ 519.929µs (SLO: <700.000µs 📉 -25.7%) vs baseline: 📈 +24.3%

Memory: ✅ 43.607MB (SLO: <46.000MB -5.2%) vs baseline: +4.9%

✅ ospathbasename_noaspect

Time: ✅ 432.745µs (SLO: <700.000µs 📉 -38.2%) vs baseline: +1.8%

Memory: ✅ 43.566MB (SLO: <46.000MB -5.3%) vs baseline: +5.0%

✅ ospathjoin_aspect

Time: ✅ 630.305µs (SLO: <700.000µs -10.0%) vs baseline: +1.3%

Memory: ✅ 43.650MB (SLO: <46.000MB -5.1%) vs baseline: +5.2%

✅ ospathjoin_noaspect

Time: ✅ 637.151µs (SLO: <700.000µs -9.0%) vs baseline: +1.3%

Memory: ✅ 43.629MB (SLO: <46.000MB -5.2%) vs baseline: +5.2%

✅ ospathnormcase_aspect

Time: ✅ 353.898µs (SLO: <700.000µs 📉 -49.4%) vs baseline: +2.1%

Memory: ✅ 43.652MB (SLO: <46.000MB -5.1%) vs baseline: +5.4%

✅ ospathnormcase_noaspect

Time: ✅ 359.937µs (SLO: <700.000µs 📉 -48.6%) vs baseline: +2.5%

Memory: ✅ 43.572MB (SLO: <46.000MB -5.3%) vs baseline: +5.0%

✅ ospathsplit_aspect

Time: ✅ 489.573µs (SLO: <700.000µs 📉 -30.1%) vs baseline: +0.8%

Memory: ✅ 43.591MB (SLO: <46.000MB -5.2%) vs baseline: +5.2%

✅ ospathsplit_noaspect

Time: ✅ 498.959µs (SLO: <700.000µs 📉 -28.7%) vs baseline: +1.2%

Memory: ✅ 43.696MB (SLO: <46.000MB -5.0%) vs baseline: +5.4%

✅ ospathsplitdrive_aspect

Time: ✅ 376.025µs (SLO: <700.000µs 📉 -46.3%) vs baseline: +2.2%

Memory: ✅ 43.668MB (SLO: <46.000MB -5.1%) vs baseline: +5.3%

✅ ospathsplitdrive_noaspect

Time: ✅ 73.645µs (SLO: <700.000µs 📉 -89.5%) vs baseline: +0.4%

Memory: ✅ 43.696MB (SLO: <46.000MB -5.0%) vs baseline: +5.4%

✅ ospathsplitext_aspect

Time: ✅ 458.940µs (SLO: <700.000µs 📉 -34.4%) vs baseline: +0.6%

Memory: ✅ 43.632MB (SLO: <46.000MB -5.1%) vs baseline: +5.3%

✅ ospathsplitext_noaspect

Time: ✅ 466.939µs (SLO: <700.000µs 📉 -33.3%) vs baseline: +1.6%

Memory: ✅ 43.526MB (SLO: <46.000MB -5.4%) vs baseline: +5.0%

✅ All Tests Passing (2 suites)
iastaspectssplit - 12/12

✅ rsplit_aspect

Time: ✅ 158.040µs (SLO: <250.000µs 📉 -36.8%) vs baseline: +9.5%

Memory: ✅ 43.569MB (SLO: <46.000MB -5.3%) vs baseline: +5.3%

✅ rsplit_noaspect

Time: ✅ 155.209µs (SLO: <250.000µs 📉 -37.9%) vs baseline: +3.9%

Memory: ✅ 43.549MB (SLO: <46.000MB -5.3%) vs baseline: +5.1%

✅ split_aspect

Time: ✅ 148.266µs (SLO: <250.000µs 📉 -40.7%) vs baseline: +1.1%

Memory: ✅ 43.584MB (SLO: <46.000MB -5.3%) vs baseline: +5.1%

✅ split_noaspect

Time: ✅ 154.486µs (SLO: <250.000µs 📉 -38.2%) vs baseline: +3.2%

Memory: ✅ 43.531MB (SLO: <46.000MB -5.4%) vs baseline: +5.1%

✅ splitlines_aspect

Time: ✅ 143.941µs (SLO: <250.000µs 📉 -42.4%) vs baseline: -0.3%

Memory: ✅ 43.633MB (SLO: <46.000MB -5.1%) vs baseline: +5.0%

✅ splitlines_noaspect

Time: ✅ 151.177µs (SLO: <250.000µs 📉 -39.5%) vs baseline: +1.4%

Memory: ✅ 43.630MB (SLO: <46.000MB -5.2%) vs baseline: +5.1%

iastpropagation - 8/8

✅ no-propagation

Time: ✅ 48.751µs (SLO: <60.000µs 📉 -18.7%) vs baseline: -0.9%

Memory: ✅ 39.656MB (SLO: <42.000MB -5.6%) vs baseline: +5.2%

✅ propagation_enabled

Time: ✅ 135.820µs (SLO: <190.000µs 📉 -28.5%) vs baseline: -2.2%

Memory: ✅ 39.754MB (SLO: <42.000MB -5.3%) vs baseline: +5.1%

✅ propagation_enabled_100

Time: ✅ 1.560ms (SLO: <2.300ms 📉 -32.2%) vs baseline: -1.7%

Memory: ✅ 39.793MB (SLO: <42.000MB -5.3%) vs baseline: +5.4%

✅ propagation_enabled_1000

Time: ✅ 29.084ms (SLO: <34.550ms 📉 -15.8%) vs baseline: +0.1%

Memory: ✅ 40.108MB (SLO: <42.000MB -4.5%) vs baseline: +6.1%

ℹ️ Scenarios Missing SLO Configuration (20 scenarios)

The following scenarios exist in candidate data but have no SLO thresholds configured:

  • iast_aspects-re_expand_aspect
  • iast_aspects-re_expand_noaspect
  • iast_aspects-re_findall_aspect
  • iast_aspects-re_findall_noaspect
  • iast_aspects-re_finditer_aspect
  • iast_aspects-re_finditer_noaspect
  • iast_aspects-re_fullmatch_aspect
  • iast_aspects-re_fullmatch_noaspect
  • iast_aspects-re_group_aspect
  • iast_aspects-re_group_noaspect
  • iast_aspects-re_groups_aspect
  • iast_aspects-re_groups_noaspect
  • iast_aspects-re_match_aspect
  • iast_aspects-re_match_noaspect
  • iast_aspects-re_search_aspect
  • iast_aspects-re_search_noaspect
  • iast_aspects-re_sub_aspect
  • iast_aspects-re_sub_noaspect
  • iast_aspects-re_subn_aspect
  • iast_aspects-re_subn_noaspect

@smola smola force-pushed the smola/ai-guard-default-block-ui branch from a0e5ad5 to 406c477 Compare March 10, 2026 11:19
@smola smola requested a review from a team as a code owner March 10, 2026 11:19
@avara1986
Copy link
Copy Markdown
Member

avara1986 commented Mar 11, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link
Copy Markdown

gh-worker-devflow-routing-ef8351 bot commented Mar 11, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-03-11 14:30:24 UTC ℹ️ Start processing command /merge

2026-03-11 14:30:28 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 3h (p90).

2026-03-11 17:27:51 UTCMergeQueue: The checks failed on this merge request

Tests failed on this commit ecb917d:

What to do next?

  • Investigate the failures and when ready, re-add your pull request to the queue!
  • If your PR checks are green, try to rebase/merge. It might be because the CI run is a bit old.
  • Any question, go check the FAQ.

This was referenced Mar 12, 2026
Merged
Merged
@avara1986
Copy link
Copy Markdown
Member

avara1986 commented Mar 16, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link
Copy Markdown

gh-worker-devflow-routing-ef8351 bot commented Mar 16, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-03-16 09:30:20 UTC ℹ️ Start processing command /merge

2026-03-16 09:30:25 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 3h (p90).

2026-03-16 10:25:48 UTC ℹ️ MergeQueue: This merge request was merged

KowalskiThomas
KowalskiThomas approved these changes Mar 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@KowalskiThomas KowalskiThomas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Release notes OK.

manuel-alvarez-alvarez
manuel-alvarez-alvarez approved these changes Mar 16, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@manuel-alvarez-alvarez manuel-alvarez-alvarez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d bot merged commit 41c1643 into main Mar 16, 2026
591 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d bot deleted the smola/ai-guard-default-block-ui branch March 16, 2026 10:25
mabdinur pushed a commit that referenced this pull request Mar 23, 2026
@smola @avara1986 @mabdinur
feat(ai_guard): honor in-app blocking settings by default (#16756)
d9f8c55 
## Description

Set `block=True` by default on AI Guard's `evaluate`. This makes the AI Guard SDK block requests if blocking is enabled for the service in-app. To override the in-app settings programatically, `block=False` can be set.

## Testing

<!-- Describe your testing strategy or note what tests are included -->

## Risks

<!-- Note any risks associated with this change, or "None" if no risks -->

## Additional Notes

[APPSEC-61436](https://datadoghq.atlassian.net/browse/APPSEC-61436)


[APPSEC-61436]: https://datadoghq.atlassian.net/browse/APPSEC-61436?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

Co-authored-by: alberto.vara <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@avara1986 avara1986 avara1986 approved these changes

@KowalskiThomas KowalskiThomas KowalskiThomas approved these changes

@Kyle-Verhoog Kyle-Verhoog Awaiting requested review from Kyle-Verhoog Kyle-Verhoog is a code owner automatically assigned from DataDog/apm-python

@taegyunkim taegyunkim Awaiting requested review from taegyunkim taegyunkim is a code owner automatically assigned from DataDog/apm-python

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@smola @avara1986 @manuel-alvarez-alvarez @KowalskiThomas