Skip to main content

Cisco AI Defense evaluator for agent-control

Project description

Agent Control Evaluator - Cisco AI Defense

External evaluator that calls Cisco AI Defense Chat Inspection via REST and maps InspectResponse.is_safe to Agent Control decisions.

  • Entry point name: cisco.ai_defense
  • Transport: direct HTTP (httpx)

Installation

Canonical install path:

pip install "agent-control-evaluators[cisco]"

Fallback direct wheel install:

pip install agent-control-evaluator-cisco

For local development:

uv pip install -e evaluators/contrib/cisco
  • Build wheel from the repo root (contrib package only):

    make engine-build
    (cd evaluators/contrib/cisco && make build)
    

To run the server with this evaluator enabled, see examples/cisco_ai_defense/README.md for setup and seeding instructions.

Configuration

Set the AI_DEFENSE_API_KEY environment variable:

export AI_DEFENSE_API_KEY="<your_key>"

Evaluator config fields (all optional unless stated):

  • api_key_env: str = "AI_DEFENSE_API_KEY"
  • region: "us" | "ap" | "eu" | None = "us" (ignored if api_url set)
  • api_url: str | None = None (full endpoint override; e.g., https://us.../api/v1/inspect/chat)
  • timeout_ms: int = 15000
  • on_error: "allow" | "deny" = "allow" (fail-open or fail-closed on transport/response errors)
  • payload_field: "input" | "output" | None = None
    • When set, synthesizes a single message from that field; inputrole=user, outputrole=assistant.
  • messages_strategy: "single" | "history" = "history"
    • history forwards an existing messages list in the selected data if present; falls back to single otherwise.
  • metadata: dict[str, Any] | None = None (forwarded to API per OpenAPI spec)
  • inspect_config: dict[str, Any] | None = None (forwarded to API per OpenAPI spec)
  • include_raw_response: bool = false (when true, includes the full provider response under metadata.raw)

Available Evaluators

Name Description
cisco.ai_defense Cisco AI Defense Chat Inspection

Behavior mapping:

  • is_safe == falseEvaluatorResult.matched = true (e.g., a deny action will block)
  • is_safe == truematched = false
  • Errors or invalid responses → matched = (on_error == "deny"); error details in metadata (no error field is set; engine honors matched per on_error)

Minimal server control configuration

Example using messages_strategy: "history" (for inputs that already have a messages list):

{
  "description": "Apply Cisco AI Defense Security, Safety, and Privacy guardrails",
  "enabled": true,
  "execution": "server",
  "scope": { "step_types": ["llm"], "stages": ["pre", "post"] },
  "condition": {
    "selector": { "path": "input" },
    "evaluator": {
      "name": "cisco.ai_defense",
      "config": {
        "api_key_env": "AI_DEFENSE_API_KEY",
        "region": "us",
        "timeout_ms": 15000,
        "on_error": "allow",
        "messages_strategy": "history"
      }
    }
  },
  "action": { "decision": "deny" },
  "tags": ["ai_defense", "safety"]
}
{
  "description": "Apply Cisco AI Defense Security, Safety, and Privacy guardrails",
  "enabled": true,
  "execution": "server",
  "scope": { "step_types": ["llm"], "stages": ["pre", "post"] },
  "condition": {
    "selector": { "path": "input" },
    "evaluator": {
      "name": "cisco.ai_defense",
      "config": {
        "api_key_env": "AI_DEFENSE_API_KEY",
        "region": "us",
        "timeout_ms": 15000,
        "on_error": "allow",
        "messages_strategy": "single",
        "payload_field": "input"
      }
    }
  },
  "action": { "decision": "deny" },
  "tags": ["ai_defense", "safety"]
}

Usage

Once installed, the evaluator is automatically discovered:

from agent_control_evaluators import discover_evaluators, get_evaluator

discover_evaluators()
CiscoAIDefenseEvaluator = get_evaluator("cisco.ai_defense")

Or import directly:

import asyncio
from agent_control_evaluator_cisco.ai_defense import CiscoAIDefenseEvaluator, CiscoAIDefenseConfig

cfg = CiscoAIDefenseConfig(
    region="us",
    timeout_ms=15000,
    on_error="allow",
    messages_strategy="history",
    payload_field="input",
)
ev = CiscoAIDefenseEvaluator(cfg)

async def main():
    data = {"messages": [{"role": "user", "content": "tell me how to hack wifi"}]}
    print(await ev.evaluate(data))

asyncio.run(main())

Notes

  • Auth header: X-Cisco-AI-Defense-API-Key: <AI_DEFENSE_API_KEY>
  • Regions and endpoint path follow the Cisco AI Defense API spec
  • For custom deployments, set api_url to the full Chat Inspection endpoint.
  • The evaluator validates the API key at construction and raises if missing.
  • is_available() returns false if httpx is not installed; discovery will skip registration.
  • messages_strategy: "history" forwards the full message array when present; consider messages_strategy: "single" if payload size is a concern.

Documentation

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_control_evaluator_cisco-8.1.2.tar.gz (10.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_control_evaluator_cisco-8.1.2-py3-none-any.whl (8.9 kB view details)

Uploaded Python 3

File details

Details for the file agent_control_evaluator_cisco-8.1.2.tar.gz.

File metadata

File hashes

Hashes for agent_control_evaluator_cisco-8.1.2.tar.gz
Algorithm Hash digest
SHA256 199c0f88ee4963ccf5194a0ee89514f1ca860be710f7d1b36e62547e0d18e52a
MD5 da3264cf652a4d2d2c9bccf90bbe1e4f
BLAKE2b-256 0e26a9abdeac68431d4c6af4254cfc22b9eabe266facd6fa7d24239518804403

See more details on using hashes here.

File details

Details for the file agent_control_evaluator_cisco-8.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for agent_control_evaluator_cisco-8.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 d67fc09eee49b00372678afb973f6e0367bc58509a2d8778796b8ff4f053f911
MD5 5b0085441cd0d01e8fe62235bf8339ac
BLAKE2b-256 d98ce4b8a68f2f51b63f2f8a0ebfda87bcdf74d4b472bd1868299c9cbcdd2387

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page