Skip to main content

Cisco AI Defense evaluator for agent-control

Project description

Agent Control Evaluator - Cisco AI Defense

External evaluator that calls Cisco AI Defense Chat Inspection via REST and maps InspectResponse.is_safe to Agent Control decisions.

  • Entry point name: cisco.ai_defense
  • Transport: direct HTTP (httpx)

Installation

Canonical install path:

pip install "agent-control-evaluators[cisco]"

Fallback direct wheel install:

pip install agent-control-evaluator-cisco

For local development:

uv pip install -e evaluators/contrib/cisco
  • Build wheel from the repo root (contrib package only):

    make engine-build
    (cd evaluators/contrib/cisco && make build)
    

To run the server with this evaluator enabled, see examples/cisco_ai_defense/README.md for setup and seeding instructions.

Configuration

Set the AI_DEFENSE_API_KEY environment variable:

export AI_DEFENSE_API_KEY="<your_key>"

Evaluator config fields (all optional unless stated):

  • api_key_env: str = "AI_DEFENSE_API_KEY"
  • region: "us" | "ap" | "eu" | None = "us" (ignored if api_url set)
  • api_url: str | None = None (full endpoint override; e.g., https://us.../api/v1/inspect/chat)
  • timeout_ms: int = 15000
  • on_error: "allow" | "deny" = "allow" (fail-open or fail-closed on transport/response errors)
  • payload_field: "input" | "output" | None = None
    • When set, synthesizes a single message from that field; inputrole=user, outputrole=assistant.
  • messages_strategy: "single" | "history" = "history"
    • history forwards an existing messages list in the selected data if present; falls back to single otherwise.
  • metadata: dict[str, Any] | None = None (forwarded to API per OpenAPI spec)
  • inspect_config: dict[str, Any] | None = None (forwarded to API per OpenAPI spec)
  • include_raw_response: bool = false (when true, includes the full provider response under metadata.raw)

Available Evaluators

Name Description
cisco.ai_defense Cisco AI Defense Chat Inspection

Behavior mapping:

  • is_safe == falseEvaluatorResult.matched = true (e.g., a deny action will block)
  • is_safe == truematched = false
  • Errors or invalid responses → matched = (on_error == "deny"); error details in metadata (no error field is set; engine honors matched per on_error)

Minimal server control configuration

Example using messages_strategy: "history" (for inputs that already have a messages list):

{
  "description": "Apply Cisco AI Defense Security, Safety, and Privacy guardrails",
  "enabled": true,
  "execution": "server",
  "scope": { "step_types": ["llm"], "stages": ["pre", "post"] },
  "condition": {
    "selector": { "path": "input" },
    "evaluator": {
      "name": "cisco.ai_defense",
      "config": {
        "api_key_env": "AI_DEFENSE_API_KEY",
        "region": "us",
        "timeout_ms": 15000,
        "on_error": "allow",
        "messages_strategy": "history"
      }
    }
  },
  "action": { "decision": "deny" },
  "tags": ["ai_defense", "safety"]
}
{
  "description": "Apply Cisco AI Defense Security, Safety, and Privacy guardrails",
  "enabled": true,
  "execution": "server",
  "scope": { "step_types": ["llm"], "stages": ["pre", "post"] },
  "condition": {
    "selector": { "path": "input" },
    "evaluator": {
      "name": "cisco.ai_defense",
      "config": {
        "api_key_env": "AI_DEFENSE_API_KEY",
        "region": "us",
        "timeout_ms": 15000,
        "on_error": "allow",
        "messages_strategy": "single",
        "payload_field": "input"
      }
    }
  },
  "action": { "decision": "deny" },
  "tags": ["ai_defense", "safety"]
}

Usage

Once installed, the evaluator is automatically discovered:

from agent_control_evaluators import discover_evaluators, get_evaluator

discover_evaluators()
CiscoAIDefenseEvaluator = get_evaluator("cisco.ai_defense")

Or import directly:

import asyncio
from agent_control_evaluator_cisco.ai_defense import CiscoAIDefenseEvaluator, CiscoAIDefenseConfig

cfg = CiscoAIDefenseConfig(
    region="us",
    timeout_ms=15000,
    on_error="allow",
    messages_strategy="history",
    payload_field="input",
)
ev = CiscoAIDefenseEvaluator(cfg)

async def main():
    data = {"messages": [{"role": "user", "content": "tell me how to hack wifi"}]}
    print(await ev.evaluate(data))

asyncio.run(main())

Notes

  • Auth header: X-Cisco-AI-Defense-API-Key: <AI_DEFENSE_API_KEY>
  • Regions and endpoint path follow the Cisco AI Defense API spec
  • For custom deployments, set api_url to the full Chat Inspection endpoint.
  • The evaluator validates the API key at construction and raises if missing.
  • is_available() returns false if httpx is not installed; discovery will skip registration.
  • messages_strategy: "history" forwards the full message array when present; consider messages_strategy: "single" if payload size is a concern.

Documentation

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_control_evaluator_cisco-8.1.1.tar.gz (10.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_control_evaluator_cisco-8.1.1-py3-none-any.whl (8.9 kB view details)

Uploaded Python 3

File details

Details for the file agent_control_evaluator_cisco-8.1.1.tar.gz.

File metadata

File hashes

Hashes for agent_control_evaluator_cisco-8.1.1.tar.gz
Algorithm Hash digest
SHA256 8b85dbd1c3a40fdddd8ed169c27c1ddd47ba5e964f5ff79e0c9181a3000d2984
MD5 13d35320f1aa13f42002586b18ff1b2b
BLAKE2b-256 46cba9ac12e6a431d6bbfbcc91c84504b2ba772db2c43f54be399557b947407e

See more details on using hashes here.

File details

Details for the file agent_control_evaluator_cisco-8.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for agent_control_evaluator_cisco-8.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 36c4475ecdccedee77f4383f7213b5957394759e58fb252a868364d93be04592
MD5 9a61f43f6931aec2701646aa598c3f75
BLAKE2b-256 d19f8880e441b6226fe0179820209693d1a0981db504de9f40bfc9a895a2918c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page