feat(ai_guard): implement AI Guard SDK (#6486)

feat(ai_guard): implement AI Guard SDK

Author: manuel-alvarez-alvarez

.github/workflows/aiguard.yml

@@ -0,0 +1,65 @@
+name: AI Guard
+
+on:
+  pull_request:
+  push:
+    branches: [master]
+  schedule:
+    - cron: 0 4 * * *
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
+  cancel-in-progress: true
+
+env:
+  MOCHA_OPTIONS: ${{ github.ref == 'refs/heads/master' && '--retries 1' || '' }}
+
+jobs:
+
+  macos:
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: ./.github/actions/node/latest
+      - uses: ./.github/actions/install
+      - run: yarn test:aiguard:ci
+      - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+
+  ubuntu:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: ./.github/actions/node/oldest-maintenance-lts
+      - uses: ./.github/actions/install
+      - run: yarn test:aiguard:ci
+      - uses: ./.github/actions/node/newest-maintenance-lts
+      - run: yarn test:aiguard:ci
+      - uses: ./.github/actions/node/active-lts
+      - run: yarn test:aiguard:ci
+      - uses: ./.github/actions/node/latest
+      - run: yarn test:aiguard:ci
+      - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+
+  windows:
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: ./.github/actions/node/latest
+      - uses: ./.github/actions/install
+        with:
+          cache: 'true'
+      - run: yarn test:aiguard:ci
+      - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+
+  integration:
+    strategy:
+      matrix:
+        version: [maintenance, active, latest]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: ./.github/actions/install
+      - uses: ./.github/actions/node
+        with:
+          version: ${{ matrix.version }}
+      - run: yarn test:integration:aiguard

CODEOWNERS

@@ -3,6 +3,10 @@
 /packages/dd-trace/src/appsec/ @DataDog/asm-js
 /packages/dd-trace/test/appsec/ @DataDog/asm-js
 
+/integration-tests/aiguard/ @DataDog/asm-js
+/packages/dd-trace/src/aiguard/ @DataDog/asm-js
+/packages/dd-trace/test/aiguard/ @DataDog/asm-js
+
 /integration-tests/debugger/ @DataDog/dd-trace-js @DataDog/debugger
 /packages/datadog-code-origin/ @DataDog/dd-trace-js @DataDog/debugger
 /packages/datadog-plugin-*/**/code_origin.* @DataDog/dd-trace-js @DataDog/debugger
@@ -93,6 +97,7 @@
 # CI
 /.github/workflows/apm-capabilities.yml @DataDog/apm-sdk-capabilities-js
 /.github/workflows/apm-integrations.yml @Datadog/apm-idm-js
+/.github/workflows/aiguard.yml @DataDog/asm-js
 /.github/workflows/appsec.yml @DataDog/asm-js
 /.github/workflows/codeql-analysis.yml @DataDog/dd-trace-js
 /.github/workflows/debugger.yml @DataDog/debugger

docs/test.ts

@@ -686,3 +686,46 @@ llmobs.annotate(span, {
 
 // flush
 llmobs.flush()
+
+
+// AI Guard typings tests
+
+tracer.init({
+  experimental: {
+    aiguard: {
+      enabled: true,
+      endpoint: 'http://localhost',
+      maxMessagesLength: 22,
+      maxContentSize: 1024,
+      timeout: 1000
+    }
+  }
+})
+
+const aiguard = tracer.aiguard
+
+aiguard.evaluate([
+  { role: 'user', content: 'What is 2 + 2' },
+]).then(result => {
+  result.action && result.reason
+})
+
+aiguard.evaluate([
+  {
+    role: 'assistant',
+    tool_calls: [
+      {
+        id: 'call_1',
+        function: { name: 'calc', arguments: '{ "operator": "+", "args": [2, 2] }' }
+      },
+    ],
+  }
+]).then(result => {
+  result.action && result.reason
+})
+
+aiguard.evaluate([
+  { role: 'tool', tool_call_id: 'call_1', content: '5' },
+]).then(result => {
+  result.action && result.reason
+})

index.d.ts

@@ -139,6 +139,11 @@ interface Tracer extends opentracing.Tracer {
    */
   llmobs: tracer.llmobs.LLMObs;
 
+  /**
+   * AI Guard SDK
+   */
+  aiguard: tracer.aiguard.AIGuard;
+
   /**
    * @experimental
    * Provide same functionality as OpenTelemetry Baggage:
@@ -593,6 +598,29 @@ declare namespace tracer {
            */
           enabled?: boolean
         }
+      },
+
+      aiguard?: {
+        /**
+         * Set to `true` to enable the SDK.
+         */
+        enabled?: boolean,
+        /**
+         * URL of the AI Guard REST API.
+         */
+        endpoint?: string,
+        /**
+         * Timeout used in calls to the AI Guard REST API in milliseconds (default 5000)
+         */
+        timeout?: number,
+        /**
+         * Maximum number of conversational messages allowed to be set in the meta-struct
+         */
+        maxMessagesLength?: number,
+        /**
+         * Max size of the content property set in the meta-struct
+         */
+        maxContentSize?: number
       }
     };
 
@@ -907,7 +935,7 @@ declare namespace tracer {
     scope?: string,
 
     /**
-     * Custom fields to attach to the user (RBAC, Oauth, etc…).
+     * Custom fields to attach to the user (RBAC, Oauth, etc...).
      */
     [key: string]: string | undefined
   }
@@ -1059,6 +1087,170 @@ declare namespace tracer {
     eventTrackingV2: EventTrackingV2
   }
 
+  export namespace aiguard {
+
+    /**
+     * Represents a tool call made by an AI assistant in an agentic workflow.
+     */
+    export interface ToolCall {
+      /**
+       * Unique identifier for this specific tool call instance used to correlate the call with its response.
+       */
+      id: string;
+      /**
+       * Details about the function being invoked.
+       */
+      function: {
+        /**
+         * The name of the tool/function to be called.
+         */
+        name: string;
+        /**
+         * String containing the arguments to pass to the tool.
+         */
+        arguments: string;
+      };
+    }
+
+    /**
+     * A standard conversational message exchanged with a Large Language Model (LLM).
+     */
+    export interface TextMessage {
+      /**
+       * The role of the message sender in the conversation (e.g.: 'system', 'user', 'assistant').
+       */
+      role: string;
+      /**
+       * The textual content of the message.
+       */
+      content: string;
+    }
+
+    /**
+     * A message from an AI assistant containing only textual content.
+     */
+    export interface AssistantTextMessage {
+      /**
+       * The role identifier, always set to 'assistant'
+       */
+      role: "assistant";
+      /**
+       * The textual response content from the assistant.
+       */
+      content: string;
+      /**
+       * Explicitly excluded when content is present to maintain type safety.
+       */
+      tool_calls?: never;
+    }
+
+    /**
+     * A message from an AI assistant that initiates one or more tool calls.
+     */
+    export interface AssistantToolCallMessage {
+      /**
+       * The role identifier, always set to 'assistant'
+       */
+      role: "assistant";
+      /**
+       * Array of tool calls that the assistant wants to execute.
+       */
+      tool_calls: ToolCall[];
+      /**
+       * Explicitly excluded when tool calls are present to maintain type safety.
+       */
+      content?: never;
+    }
+
+    /**
+     * A message containing the result of a tool invocation.
+     */
+    export interface ToolMessage {
+      /**
+       * The role identifier, always set to 'tool' for tool execution results.
+       */
+      role: "tool";
+      /**
+       * The unique identifier linking this result to the original tool call.
+       * Must correspond to a ToolCall.id from a previous AssistantToolCallMessage.
+       */
+      tool_call_id: string;
+      /**
+       * The output returned by the tool execution.
+       */
+      content: string;
+    }
+
+    export type Message =
+      | TextMessage
+      | AssistantTextMessage
+      | AssistantToolCallMessage
+      | ToolMessage;
+
+    /**
+     * The result returned by AI Guard after evaluating a conversation.
+     */
+    export interface Evaluation {
+      /**
+       * The security action determined by AI Guard:
+       * - 'ALLOW': The conversation is safe to proceed
+       * - 'DENY': The current conversation exchange should be blocked
+       * - 'ABORT': The full workflow should be terminated immediately
+       */
+      action: 'ALLOW' | 'DENY' | 'ABORT';
+      /**
+       * Human-readable explanation for why this action was chosen.
+       */
+      reason: string;
+    }
+
+    /**
+     * Error thrown when AI Guard evaluation determines that a conversation should be blocked
+     * and the client is configured to enforce blocking mode.
+     */
+    export interface AIGuardAbortError extends Error {
+      /**
+       * Human-readable explanation from AI Guard describing why the conversation was blocked.
+       */
+      reason: string;
+    }
+
+    /**
+     * Error thrown when the AI Guard SDK encounters communication failures or API errors while attempting to
+     * evaluate conversations.
+     */
+    export interface AIGuardClientError extends Error {
+      /**
+       * Detailed error information returned by the AI Guard API, formatted according to the JSON:API error
+       * specification.
+       */
+      errors?: unknown[];
+      /**
+       * The underlying error that caused the communication failure, such as network timeouts, connection refused,
+       * or JSON parsing errors.
+       */
+      cause?: Error;
+    }
+
+    /**
+     * AI Guard security client for evaluating AI conversations.
+     */
+    export interface AIGuard {
+      /**
+       * Evaluates a conversation thread.
+       *
+       * @param messages - Array of conversation messages
+       * @param opts - Optional configuration object:
+       *   - `block`: When true, throws an exception if evaluation result is not 'ALLOW'
+       *              and the AI Guard service has blocking mode enabled (default: false).
+       * @returns Promise resolving to an Evaluation with the security decision and reasoning.
+       *          The promise rejects with AIGuardAbortError when `opts.block` is true and the evaluation result would block the request.
+       *          The promise rejects with AIGuardClientError when communication with the AI Guard service fails.
+       */
+      evaluate (messages: Message[], opts?: { block?: boolean }): Promise<Evaluation>;
+    }
+  }
+
   /** @hidden */
   type anyObject = {
     [key: string]: any;