Skip to main content

Cisco AI Defense evaluator for agent-control

Project description

Agent Control Evaluator - Cisco AI Defense

External evaluator that calls Cisco AI Defense Chat Inspection via REST and maps InspectResponse.is_safe to Agent Control decisions.

  • Entry point name: cisco.ai_defense
  • Transport: direct HTTP (httpx)

Installation

Canonical install path:

pip install "agent-control-evaluators[cisco]"

Fallback direct wheel install:

pip install agent-control-evaluator-cisco

For local development:

uv pip install -e evaluators/contrib/cisco
  • Build wheel from the repo root (contrib package only):

    make engine-build
    (cd evaluators/contrib/cisco && make build)
    

To run the server with this evaluator enabled, see examples/cisco_ai_defense/README.md for setup and seeding instructions.

Configuration

Set the AI_DEFENSE_API_KEY environment variable:

export AI_DEFENSE_API_KEY="<your_key>"

Evaluator config fields (all optional unless stated):

  • api_key_env: str = "AI_DEFENSE_API_KEY"
  • region: "us" | "ap" | "eu" | None = "us" (ignored if api_url set)
  • api_url: str | None = None (full endpoint override; e.g., https://us.../api/v1/inspect/chat)
  • timeout_ms: int = 15000
  • on_error: "allow" | "deny" = "allow" (fail-open or fail-closed on transport/response errors)
  • payload_field: "input" | "output" | None = None
    • When set, synthesizes a single message from that field; inputrole=user, outputrole=assistant.
  • messages_strategy: "single" | "history" = "history"
    • history forwards an existing messages list in the selected data if present; falls back to single otherwise.
  • metadata: dict[str, Any] | None = None (forwarded to API per OpenAPI spec)
  • inspect_config: dict[str, Any] | None = None (forwarded to API per OpenAPI spec)
  • include_raw_response: bool = false (when true, includes the full provider response under metadata.raw)

Available Evaluators

Name Description
cisco.ai_defense Cisco AI Defense Chat Inspection

Behavior mapping:

  • is_safe == falseEvaluatorResult.matched = true (e.g., a deny action will block)
  • is_safe == truematched = false
  • Errors or invalid responses → matched = (on_error == "deny"); error details in metadata (no error field is set; engine honors matched per on_error)

Minimal server control configuration

Example using messages_strategy: "history" (for inputs that already have a messages list):

{
  "description": "Apply Cisco AI Defense Security, Safety, and Privacy guardrails",
  "enabled": true,
  "execution": "server",
  "scope": { "step_types": ["llm"], "stages": ["pre", "post"] },
  "condition": {
    "selector": { "path": "input" },
    "evaluator": {
      "name": "cisco.ai_defense",
      "config": {
        "api_key_env": "AI_DEFENSE_API_KEY",
        "region": "us",
        "timeout_ms": 15000,
        "on_error": "allow",
        "messages_strategy": "history"
      }
    }
  },
  "action": { "decision": "deny" },
  "tags": ["ai_defense", "safety"]
}
{
  "description": "Apply Cisco AI Defense Security, Safety, and Privacy guardrails",
  "enabled": true,
  "execution": "server",
  "scope": { "step_types": ["llm"], "stages": ["pre", "post"] },
  "condition": {
    "selector": { "path": "input" },
    "evaluator": {
      "name": "cisco.ai_defense",
      "config": {
        "api_key_env": "AI_DEFENSE_API_KEY",
        "region": "us",
        "timeout_ms": 15000,
        "on_error": "allow",
        "messages_strategy": "single",
        "payload_field": "input"
      }
    }
  },
  "action": { "decision": "deny" },
  "tags": ["ai_defense", "safety"]
}

Usage

Once installed, the evaluator is automatically discovered:

from agent_control_evaluators import discover_evaluators, get_evaluator

discover_evaluators()
CiscoAIDefenseEvaluator = get_evaluator("cisco.ai_defense")

Or import directly:

import asyncio
from agent_control_evaluator_cisco.ai_defense import CiscoAIDefenseEvaluator, CiscoAIDefenseConfig

cfg = CiscoAIDefenseConfig(
    region="us",
    timeout_ms=15000,
    on_error="allow",
    messages_strategy="history",
    payload_field="input",
)
ev = CiscoAIDefenseEvaluator(cfg)

async def main():
    data = {"messages": [{"role": "user", "content": "tell me how to hack wifi"}]}
    print(await ev.evaluate(data))

asyncio.run(main())

Notes

  • Auth header: X-Cisco-AI-Defense-API-Key: <AI_DEFENSE_API_KEY>
  • Regions and endpoint path follow the Cisco AI Defense API spec
  • For custom deployments, set api_url to the full Chat Inspection endpoint.
  • The evaluator validates the API key at construction and raises if missing.
  • is_available() returns false if httpx is not installed; discovery will skip registration.
  • messages_strategy: "history" forwards the full message array when present; consider messages_strategy: "single" if payload size is a concern.

Documentation

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_control_evaluator_cisco-8.1.0.tar.gz (10.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_control_evaluator_cisco-8.1.0-py3-none-any.whl (8.9 kB view details)

Uploaded Python 3

File details

Details for the file agent_control_evaluator_cisco-8.1.0.tar.gz.

File metadata

File hashes

Hashes for agent_control_evaluator_cisco-8.1.0.tar.gz
Algorithm Hash digest
SHA256 a63e2dedd48d9ef9556f4448af2ec1fe8586794eb0ba7428dd5c5f4d5c69ff7a
MD5 5844ccca52559494300092d7163f52cb
BLAKE2b-256 18cbf3278e81f03808e3009aef2a21571cb9617b80422e201895a8b5e246d466

See more details on using hashes here.

File details

Details for the file agent_control_evaluator_cisco-8.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for agent_control_evaluator_cisco-8.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 1d5b321414e23a3dd7a899a334d5ac8f4483f53525933e2c3f6d12e5e46f8452
MD5 7fe97f0bd4be71d3faf6e9e3ae3f81c4
BLAKE2b-256 d28319504594ea8c51a1feddda24bb51ba68d733e831241b8861528e14b529c9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page