- 
                Notifications
    You must be signed in to change notification settings 
- Fork 314
Initial implementation of the AI Guard SDK #9628
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial implementation of the AI Guard SDK #9628
Conversation
| 🎯 Code Coverage 🔗 Commit SHA: 14397b2 | Docs | Was this helpful? Give us feedback! | 
| BenchmarksStartupParameters
 See matching parameters
 SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 57 metrics, 8 unstable metrics. Startup time reports for petclinicgantt
    title petclinic - global startup overhead: candidate=1.54.0-SNAPSHOT~14397b28ad, baseline=1.54.0-SNAPSHOT~6549d20548
    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.02 s) : 0, 1020475
Total [baseline] (10.823 s) : 0, 10823162
Agent [candidate] (1.021 s) : 0, 1021291
Total [candidate] (10.777 s) : 0, 10777266
section appsec
Agent [baseline] (1.197 s) : 0, 1197039
Total [baseline] (11.118 s) : 0, 11118292
Agent [candidate] (1.191 s) : 0, 1191472
Total [candidate] (10.96 s) : 0, 10960463
section iast
Agent [baseline] (1.151 s) : 0, 1150951
Total [baseline] (10.919 s) : 0, 10919109
Agent [candidate] (1.152 s) : 0, 1152092
Total [candidate] (10.872 s) : 0, 10872191
section profiling
Agent [baseline] (1.169 s) : 0, 1168669
Total [baseline] (11.084 s) : 0, 11083722
Agent [candidate] (1.172 s) : 0, 1171691
Total [candidate] (11.143 s) : 0, 11142661
 
 
 
 gantt
    title petclinic - break down per module: candidate=1.54.0-SNAPSHOT~14397b28ad, baseline=1.54.0-SNAPSHOT~6549d20548
    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.486 ms) : 0, 1486
crashtracking [candidate] (1.454 ms) : 0, 1454
BytebuddyAgent [baseline] (694.232 ms) : 0, 694232
BytebuddyAgent [candidate] (695.609 ms) : 0, 695609
GlobalTracer [baseline] (243.299 ms) : 0, 243299
GlobalTracer [candidate] (242.519 ms) : 0, 242519
AppSec [baseline] (32.335 ms) : 0, 32335
AppSec [candidate] (32.717 ms) : 0, 32717
Debugger [baseline] (6.308 ms) : 0, 6308
Debugger [candidate] (6.409 ms) : 0, 6409
Remote Config [baseline] (669.506 µs) : 0, 670
Remote Config [candidate] (682.635 µs) : 0, 683
Telemetry [baseline] (9.297 ms) : 0, 9297
Telemetry [candidate] (9.307 ms) : 0, 9307
Flare Poller [baseline] (11.549 ms) : 0, 11549
Flare Poller [candidate] (11.531 ms) : 0, 11531
section appsec
crashtracking [baseline] (1.467 ms) : 0, 1467
crashtracking [candidate] (1.456 ms) : 0, 1456
BytebuddyAgent [baseline] (719.044 ms) : 0, 719044
BytebuddyAgent [candidate] (715.947 ms) : 0, 715947
GlobalTracer [baseline] (236.316 ms) : 0, 236316
GlobalTracer [candidate] (233.584 ms) : 0, 233584
AppSec [baseline] (174.103 ms) : 0, 174103
AppSec [candidate] (173.177 ms) : 0, 173177
Debugger [baseline] (6.091 ms) : 0, 6091
Debugger [candidate] (6.134 ms) : 0, 6134
Remote Config [baseline] (639.566 µs) : 0, 640
Remote Config [candidate] (658.301 µs) : 0, 658
Telemetry [baseline] (9.277 ms) : 0, 9277
Telemetry [candidate] (9.246 ms) : 0, 9246
Flare Poller [baseline] (3.948 ms) : 0, 3948
Flare Poller [candidate] (5.556 ms) : 0, 5556
IAST [baseline] (24.957 ms) : 0, 24957
IAST [candidate] (24.734 ms) : 0, 24734
section iast
crashtracking [baseline] (1.462 ms) : 0, 1462
crashtracking [candidate] (1.465 ms) : 0, 1465
BytebuddyAgent [baseline] (813.904 ms) : 0, 813904
BytebuddyAgent [candidate] (815.578 ms) : 0, 815578
GlobalTracer [baseline] (233.143 ms) : 0, 233143
GlobalTracer [candidate] (232.397 ms) : 0, 232397
AppSec [baseline] (35.135 ms) : 0, 35135
AppSec [candidate] (35.321 ms) : 0, 35321
Debugger [baseline] (6.154 ms) : 0, 6154
Debugger [candidate] (6.049 ms) : 0, 6049
Remote Config [baseline] (589.227 µs) : 0, 589
Remote Config [candidate] (593.109 µs) : 0, 593
Telemetry [baseline] (8.558 ms) : 0, 8558
Telemetry [candidate] (8.443 ms) : 0, 8443
Flare Poller [baseline] (4.288 ms) : 0, 4288
Flare Poller [candidate] (4.208 ms) : 0, 4208
IAST [baseline] (26.407 ms) : 0, 26407
IAST [candidate] (26.818 ms) : 0, 26818
section profiling
ProfilingAgent [baseline] (108.192 ms) : 0, 108192
ProfilingAgent [candidate] (107.53 ms) : 0, 107530
crashtracking [baseline] (1.417 ms) : 0, 1417
crashtracking [candidate] (1.433 ms) : 0, 1433
BytebuddyAgent [baseline] (724.577 ms) : 0, 724577
BytebuddyAgent [candidate] (728.055 ms) : 0, 728055
GlobalTracer [baseline] (220.326 ms) : 0, 220326
GlobalTracer [candidate] (219.275 ms) : 0, 219275
AppSec [baseline] (33.011 ms) : 0, 33011
AppSec [candidate] (33.418 ms) : 0, 33418
Debugger [baseline] (7.341 ms) : 0, 7341
Debugger [candidate] (6.54 ms) : 0, 6540
Remote Config [baseline] (808.938 µs) : 0, 809
Remote Config [candidate] (705.54 µs) : 0, 706
Telemetry [baseline] (16.023 ms) : 0, 16023
Telemetry [candidate] (16.749 ms) : 0, 16749
Flare Poller [baseline] (4.159 ms) : 0, 4159
Flare Poller [candidate] (4.186 ms) : 0, 4186
Profiling [baseline] (109.118 ms) : 0, 109118
Profiling [candidate] (109.156 ms) : 0, 109156
Startup time reports for insecure-bankgantt
    title insecure-bank - global startup overhead: candidate=1.54.0-SNAPSHOT~14397b28ad, baseline=1.54.0-SNAPSHOT~6549d20548
    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.023 s) : 0, 1022639
Total [baseline] (8.687 s) : 0, 8686979
Agent [candidate] (1.018 s) : 0, 1017914
Total [candidate] (8.628 s) : 0, 8627802
section iast
Agent [baseline] (1.166 s) : 0, 1165790
Total [baseline] (9.285 s) : 0, 9284620
Agent [candidate] (1.151 s) : 0, 1150551
Total [candidate] (9.26 s) : 0, 9260143
 
 
 
 gantt
    title insecure-bank - break down per module: candidate=1.54.0-SNAPSHOT~14397b28ad, baseline=1.54.0-SNAPSHOT~6549d20548
    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.472 ms) : 0, 1472
crashtracking [candidate] (1.468 ms) : 0, 1468
BytebuddyAgent [baseline] (696.436 ms) : 0, 696436
BytebuddyAgent [candidate] (693.954 ms) : 0, 693954
GlobalTracer [baseline] (243.753 ms) : 0, 243753
GlobalTracer [candidate] (241.575 ms) : 0, 241575
AppSec [baseline] (32.523 ms) : 0, 32523
AppSec [candidate] (32.786 ms) : 0, 32786
Debugger [baseline] (6.345 ms) : 0, 6345
Debugger [candidate] (6.408 ms) : 0, 6408
Remote Config [baseline] (674.138 µs) : 0, 674
Remote Config [candidate] (681.542 µs) : 0, 682
Telemetry [baseline] (9.436 ms) : 0, 9436
Telemetry [candidate] (9.192 ms) : 0, 9192
Flare Poller [baseline] (10.793 ms) : 0, 10793
Flare Poller [candidate] (10.761 ms) : 0, 10761
section iast
crashtracking [baseline] (1.489 ms) : 0, 1489
crashtracking [candidate] (1.459 ms) : 0, 1459
BytebuddyAgent [baseline] (826.052 ms) : 0, 826052
BytebuddyAgent [candidate] (814.508 ms) : 0, 814508
GlobalTracer [baseline] (235.04 ms) : 0, 235040
GlobalTracer [candidate] (232.337 ms) : 0, 232337
AppSec [baseline] (35.365 ms) : 0, 35365
AppSec [candidate] (35.097 ms) : 0, 35097
Debugger [baseline] (6.27 ms) : 0, 6270
Debugger [candidate] (6.067 ms) : 0, 6067
Remote Config [baseline] (614.683 µs) : 0, 615
Remote Config [candidate] (596.509 µs) : 0, 597
Telemetry [baseline] (8.689 ms) : 0, 8689
Telemetry [candidate] (8.428 ms) : 0, 8428
Flare Poller [baseline] (4.288 ms) : 0, 4288
Flare Poller [candidate] (4.159 ms) : 0, 4159
IAST [baseline] (26.606 ms) : 0, 26606
IAST [candidate] (26.816 ms) : 0, 26816
LoadParameters
 See matching parameters
 SummaryFound 2 performance improvements and 2 performance regressions! Performance is the same for 8 metrics, 12 unstable metrics. 
 Request duration reports for insecure-bankgantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.54.0-SNAPSHOT~14397b28ad, baseline=1.54.0-SNAPSHOT~6549d20548
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.426 ms) : 4375, 4478
.   : milestone, 4426,
iast (9.82 ms) : 9657, 9983
.   : milestone, 9820,
iast_FULL (14.251 ms) : 13968, 14533
.   : milestone, 14251,
iast_GLOBAL (10.675 ms) : 10486, 10865
.   : milestone, 10675,
profiling (8.727 ms) : 8569, 8885
.   : milestone, 8727,
tracing (7.606 ms) : 7501, 7712
.   : milestone, 7606,
section candidate
no_agent (4.274 ms) : 4224, 4323
.   : milestone, 4274,
iast (10.457 ms) : 10270, 10644
.   : milestone, 10457,
iast_FULL (14.06 ms) : 13787, 14333
.   : milestone, 14060,
iast_GLOBAL (10.806 ms) : 10615, 10998
.   : milestone, 10806,
profiling (8.838 ms) : 8701, 8974
.   : milestone, 8838,
tracing (7.622 ms) : 7508, 7736
.   : milestone, 7622,
 
 
 
 Request duration reports for petclinicgantt
    title petclinic - request duration [CI 0.99] : candidate=1.54.0-SNAPSHOT~14397b28ad, baseline=1.54.0-SNAPSHOT~6549d20548
    dateFormat X
    axisFormat %s
section baseline
no_agent (37.765 ms) : 37465, 38065
.   : milestone, 37765,
appsec (47.543 ms) : 47114, 47973
.   : milestone, 47543,
code_origins (44.526 ms) : 44147, 44906
.   : milestone, 44526,
iast (43.734 ms) : 43354, 44114
.   : milestone, 43734,
profiling (50.542 ms) : 50067, 51018
.   : milestone, 50542,
tracing (46.143 ms) : 45737, 46549
.   : milestone, 46143,
section candidate
no_agent (37.454 ms) : 37152, 37756
.   : milestone, 37454,
appsec (46.35 ms) : 45959, 46742
.   : milestone, 46350,
code_origins (43.439 ms) : 43070, 43807
.   : milestone, 43439,
iast (45.623 ms) : 45234, 46011
.   : milestone, 45623,
profiling (47.617 ms) : 47201, 48033
.   : milestone, 47617,
tracing (45.326 ms) : 44938, 45715
.   : milestone, 45326,
 
 
 
 DacapoParameters
 See matching parameters
 SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 2 unstable metrics. Execution time for tomcatgantt
    title tomcat - execution time [CI 0.99] : candidate=1.54.0-SNAPSHOT~14397b28ad, baseline=1.54.0-SNAPSHOT~6549d20548
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.477 ms) : 1465, 1488
.   : milestone, 1477,
appsec (3.667 ms) : 3453, 3880
.   : milestone, 3667,
iast (2.209 ms) : 2146, 2273
.   : milestone, 2209,
iast_GLOBAL (2.251 ms) : 2186, 2315
.   : milestone, 2251,
profiling (2.081 ms) : 2028, 2134
.   : milestone, 2081,
tracing (2.028 ms) : 1978, 2078
.   : milestone, 2028,
section candidate
no_agent (1.474 ms) : 1463, 1486
.   : milestone, 1474,
appsec (3.664 ms) : 3450, 3879
.   : milestone, 3664,
iast (2.216 ms) : 2152, 2280
.   : milestone, 2216,
iast_GLOBAL (2.251 ms) : 2187, 2315
.   : milestone, 2251,
profiling (2.508 ms) : 2340, 2677
.   : milestone, 2508,
tracing (2.03 ms) : 1980, 2080
.   : milestone, 2030,
 
 
 
 Execution time for biojavagantt
    title biojava - execution time [CI 0.99] : candidate=1.54.0-SNAPSHOT~14397b28ad, baseline=1.54.0-SNAPSHOT~6549d20548
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.945 s) : 14945000, 14945000
.   : milestone, 14945000,
appsec (14.967 s) : 14967000, 14967000
.   : milestone, 14967000,
iast (18.637 s) : 18637000, 18637000
.   : milestone, 18637000,
iast_GLOBAL (18.051 s) : 18051000, 18051000
.   : milestone, 18051000,
profiling (15.461 s) : 15461000, 15461000
.   : milestone, 15461000,
tracing (15.162 s) : 15162000, 15162000
.   : milestone, 15162000,
section candidate
no_agent (15.018 s) : 15018000, 15018000
.   : milestone, 15018000,
appsec (14.927 s) : 14927000, 14927000
.   : milestone, 14927000,
iast (18.287 s) : 18287000, 18287000
.   : milestone, 18287000,
iast_GLOBAL (18.133 s) : 18133000, 18133000
.   : milestone, 18133000,
profiling (15.886 s) : 15886000, 15886000
.   : milestone, 15886000,
tracing (15.356 s) : 15356000, 15356000
.   : milestone, 15356000,
 
 
 
 | 
5abaeca    to
    657b1e1      
    Compare
  
    There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❔ question: Quick question about design. Why AI guard is an agent module rather than an internal lib with a public API?
Is it expected to interact with some instrumentations later?
| 
 Yes—for example, in Python it’s already being used with LangChain. Here, we could apply it to spring-ai or other frameworks. Let me know if you’d prefer that I move this to internal and set up the module once we have the instrumentations ready. | 
    
      
        1 similar comment
      
    
  
    | 
 Yes—for example, in Python it’s already being used with LangChain. Here, we could apply it to spring-ai or other frameworks. Let me know if you’d prefer that I move this to internal and set up the module once we have the instrumentations ready. | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me know if you’d prefer that I move this to internal and set up the module once we have the instrumentations ready.
Nope, I just wanted to make sure about the design as I can't see all the pieces from this PR 😅 So far it makes sense so let's go with agent module then!
        
          
                dd-java-agent/agent-aiguard/src/main/java/com/datadog/aiguard/AIGuardInternal.java
              
                Outdated
          
            Show resolved
            Hide resolved
        
              
          
                dd-java-agent/agent-aiguard/src/main/java/com/datadog/aiguard/AIGuardInternal.java
          
            Show resolved
            Hide resolved
        
              
          
                dd-java-agent/agent-aiguard/src/main/java/com/datadog/aiguard/AIGuardInternal.java
              
                Outdated
          
            Show resolved
            Hide resolved
        
              
          
                dd-java-agent/agent-aiguard/src/main/java/com/datadog/aiguard/AIGuardInternal.java
              
                Outdated
          
            Show resolved
            Hide resolved
        
              
          
                dd-java-agent/agent-aiguard/src/main/java/com/datadog/aiguard/AIGuardInternal.java
              
                Outdated
          
            Show resolved
            Hide resolved
        
              
          
                dd-java-agent/agent-aiguard/src/main/java/com/datadog/aiguard/AIGuardInternal.java
              
                Outdated
          
            Show resolved
            Hide resolved
        
              
          
                dd-java-agent/agent-aiguard/src/main/java/com/datadog/aiguard/AIGuardInternal.java
              
                Outdated
          
            Show resolved
            Hide resolved
        
      657b1e1    to
    ab39800      
    Compare
  
            
          
                dd-java-agent/agent-aiguard/src/main/java/com/datadog/aiguard/AIGuardInternal.java
          
            Show resolved
            Hide resolved
        
              
          
                dd-java-agent/agent-aiguard/src/main/java/com/datadog/aiguard/AIGuardInternal.java
              
                Outdated
          
            Show resolved
            Hide resolved
        
              
          
                dd-java-agent/agent-aiguard/src/main/java/com/datadog/aiguard/AIGuardInternal.java
              
                Outdated
          
            Show resolved
            Hide resolved
        
              
          
                dd-java-agent/agent-aiguard/src/main/java/com/datadog/aiguard/AIGuardInternal.java
              
                Outdated
          
            Show resolved
            Hide resolved
        
              
          
                dd-java-agent/agent-aiguard/src/main/java/com/datadog/aiguard/AIGuardInternal.java
              
                Outdated
          
            Show resolved
            Hide resolved
        
              
          
                dd-trace-api/src/main/java/datadog/trace/api/aiguard/noop/NoOpEvaluator.java
          
            Show resolved
            Hide resolved
        
              
          
                dd-trace-api/src/main/java/datadog/trace/api/aiguard/AIGuard.java
              
                Outdated
          
            Show resolved
            Hide resolved
        
      ad15637    to
    5eff509      
    Compare
  
    There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, left minor comment.
014704f    to
    32abc6f      
    Compare
  
    32abc6f    to
    4a9b722      
    Compare
  
    
What Does This Do
This is the first version of the AI Guard Java SDK. It serves as a lightweight wrapper around the AI Guard public REST API, providing a more convenient and java oriented interface for interacting with the service.
More information about the API here
Motivation
We have design partners interested in a Java SDK to test AI Guard.
Additional Notes
Contributor Checklist
type:and (comp:orinst:) labels in addition to any useful labelsclose,fixor any linking keywords when referencing an issue.Use
solvesinstead, and assign the PR milestone to the issueJira ticket: APPSEC-58926