Skip to main content

Cisco AI Defense evaluator for agent-control

Project description

Agent Control Evaluator - Cisco AI Defense

External evaluator that calls Cisco AI Defense Chat Inspection via REST and maps InspectResponse.is_safe to Agent Control decisions.

  • Entry point name: cisco.ai_defense
  • Transport: direct HTTP (httpx)

Installation

Canonical install path:

pip install "agent-control-evaluators[cisco]"

Fallback direct wheel install:

pip install agent-control-evaluator-cisco

For local development:

uv pip install -e evaluators/contrib/cisco
  • Build wheel from the repo root (contrib package only):

    make engine-build
    (cd evaluators/contrib/cisco && make build)
    

To run the server with this evaluator enabled, see examples/cisco_ai_defense/README.md for setup and seeding instructions.

Configuration

Set the AI_DEFENSE_API_KEY environment variable:

export AI_DEFENSE_API_KEY="<your_key>"

Evaluator config fields (all optional unless stated):

  • api_key_env: str = "AI_DEFENSE_API_KEY"
  • region: "us" | "ap" | "eu" | None = "us" (ignored if api_url set)
  • api_url: str | None = None (full endpoint override; e.g., https://us.../api/v1/inspect/chat)
  • timeout_ms: int = 15000
  • on_error: "allow" | "deny" = "allow" (fail-open or fail-closed on transport/response errors)
  • payload_field: "input" | "output" | None = None
    • When set, synthesizes a single message from that field; inputrole=user, outputrole=assistant.
  • messages_strategy: "single" | "history" = "history"
    • history forwards an existing messages list in the selected data if present; falls back to single otherwise.
  • metadata: dict[str, Any] | None = None (forwarded to API per OpenAPI spec)
  • inspect_config: dict[str, Any] | None = None (forwarded to API per OpenAPI spec)
  • include_raw_response: bool = false (when true, includes the full provider response under metadata.raw)

Available Evaluators

Name Description
cisco.ai_defense Cisco AI Defense Chat Inspection

Behavior mapping:

  • is_safe == falseEvaluatorResult.matched = true (e.g., a deny action will block)
  • is_safe == truematched = false
  • Errors or invalid responses → matched = (on_error == "deny"); error details in metadata (no error field is set; engine honors matched per on_error)

Minimal server control configuration

Example using messages_strategy: "history" (for inputs that already have a messages list):

{
  "description": "Apply Cisco AI Defense Security, Safety, and Privacy guardrails",
  "enabled": true,
  "execution": "server",
  "scope": { "step_types": ["llm"], "stages": ["pre", "post"] },
  "condition": {
    "selector": { "path": "input" },
    "evaluator": {
      "name": "cisco.ai_defense",
      "config": {
        "api_key_env": "AI_DEFENSE_API_KEY",
        "region": "us",
        "timeout_ms": 15000,
        "on_error": "allow",
        "messages_strategy": "history"
      }
    }
  },
  "action": { "decision": "deny" },
  "tags": ["ai_defense", "safety"]
}
{
  "description": "Apply Cisco AI Defense Security, Safety, and Privacy guardrails",
  "enabled": true,
  "execution": "server",
  "scope": { "step_types": ["llm"], "stages": ["pre", "post"] },
  "condition": {
    "selector": { "path": "input" },
    "evaluator": {
      "name": "cisco.ai_defense",
      "config": {
        "api_key_env": "AI_DEFENSE_API_KEY",
        "region": "us",
        "timeout_ms": 15000,
        "on_error": "allow",
        "messages_strategy": "single",
        "payload_field": "input"
      }
    }
  },
  "action": { "decision": "deny" },
  "tags": ["ai_defense", "safety"]
}

Usage

Once installed, the evaluator is automatically discovered:

from agent_control_evaluators import discover_evaluators, get_evaluator

discover_evaluators()
CiscoAIDefenseEvaluator = get_evaluator("cisco.ai_defense")

Or import directly:

import asyncio
from agent_control_evaluator_cisco.ai_defense import CiscoAIDefenseEvaluator, CiscoAIDefenseConfig

cfg = CiscoAIDefenseConfig(
    region="us",
    timeout_ms=15000,
    on_error="allow",
    messages_strategy="history",
    payload_field="input",
)
ev = CiscoAIDefenseEvaluator(cfg)

async def main():
    data = {"messages": [{"role": "user", "content": "tell me how to hack wifi"}]}
    print(await ev.evaluate(data))

asyncio.run(main())

Notes

  • Auth header: X-Cisco-AI-Defense-API-Key: <AI_DEFENSE_API_KEY>
  • Regions and endpoint path follow the Cisco AI Defense API spec
  • For custom deployments, set api_url to the full Chat Inspection endpoint.
  • The evaluator validates the API key at construction and raises if missing.
  • is_available() returns false if httpx is not installed; discovery will skip registration.
  • messages_strategy: "history" forwards the full message array when present; consider messages_strategy: "single" if payload size is a concern.

Documentation

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_control_evaluator_cisco-8.2.0.tar.gz (10.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_control_evaluator_cisco-8.2.0-py3-none-any.whl (8.9 kB view details)

Uploaded Python 3

File details

Details for the file agent_control_evaluator_cisco-8.2.0.tar.gz.

File metadata

File hashes

Hashes for agent_control_evaluator_cisco-8.2.0.tar.gz
Algorithm Hash digest
SHA256 9df4566693be6ba5e26155e47410abde8753ec4d48c2bf213f986df576cf6011
MD5 aaadcff3b21039c21228d2ed05b11546
BLAKE2b-256 193425a81cd43812a2c611df51c661ef69602e0d356919c4b2f498e66913901e

See more details on using hashes here.

File details

Details for the file agent_control_evaluator_cisco-8.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for agent_control_evaluator_cisco-8.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 fc6a59d8942f23b1967e4289c8cb578c16b39e1e7be759ca62b6267e677ff376
MD5 c2646c18a2ca2b2a3a4974271b575c8d
BLAKE2b-256 8f8140adfa1570510d0aa4e9dfead7c1b959fcdd09723feea3ba37a5fa1d73c3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page