Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 13 additions & 7 deletions nemoguardrails/library/sensitive_data_detection/actions.py
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@
"""Checks whether the provided text contains any sensitive data.

Args
source: The source for the text, i.e. "input", "output", "retrieval".
source: The source for the text, i.e. "input", "output", "retrieval", "tool_call", "tool_response".
text: The text to check.
config: The rails configuration object.

Expand All @@ -109,9 +109,12 @@
"""
# Based on the source of the data, we use the right options
sdd_config = config.rails.config.sensitive_data_detection
if source not in ["input", "output", "retrieval"]:
raise ValueError("source must be one of 'input', 'output', or 'retrieval'")
options: SensitiveDataDetectionOptions = getattr(sdd_config, source)
if source not in ["input", "output", "retrieval", "tool_call", "tool_response"]:
raise ValueError("source must be one of 'input', 'output', 'retrieval', 'tool_call', or 'tool_response'")

# Map tool_call and tool_response to output options as they follow similar validation patterns
source_key = source if source in ["input", "output", "retrieval"] else "output"
options: SensitiveDataDetectionOptions = getattr(sdd_config, source_key)
default_score_threshold = getattr(options, "score_threshold")

# If we don't have any entities specified, we stop
Expand All @@ -138,7 +141,7 @@
"""Checks whether the provided text contains any sensitive data.

Args
source: The source for the text, i.e. "input", "output", "retrieval".
source: The source for the text, i.e. "input", "output", "retrieval", "tool_call", "tool_response".
text: The text to check.
config: The rails configuration object.

Expand All @@ -147,8 +150,11 @@
"""
# Based on the source of the data, we use the right options
sdd_config = config.rails.config.sensitive_data_detection
assert source in ["input", "output", "retrieval"]
options: SensitiveDataDetectionOptions = getattr(sdd_config, source)
assert source in ["input", "output", "retrieval", "tool_call", "tool_response"]

Check notice

Code scanning / Bandit

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Note

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.

# Map tool_call and tool_response to output options as they follow similar validation patterns
source_key = source if source in ["input", "output", "retrieval"] else "output"
options: SensitiveDataDetectionOptions = getattr(sdd_config, source_key)

# If we don't have any entities specified, we stop
if len(options.entities) == 0:
Expand Down
39 changes: 39 additions & 0 deletions nemoguardrails/library/sensitive_data_detection/flows.co
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,42 @@ flow mask sensitive data on retrieval
"""Mask any sensitive data found in the relevant chunks from the knowledge base."""
global $relevant_chunks
$relevant_chunks = await MaskSensitiveDataAction(source="retrieval", text=$relevant_chunks)


# TOOL OUTPUT RAILS


flow detect sensitive data on tool call
"""Check if the tool calls contain any sensitive data in their parameters."""
$tool_calls_text = str($tool_calls)
$has_sensitive_data = await DetectSensitiveDataAction(source="tool_call", text=$tool_calls_text)

if $has_sensitive_data
bot inform answer unknown
abort


flow mask sensitive data on tool call
"""Mask any sensitive data found in the tool call parameters."""
global $tool_calls
$tool_calls_text = str($tool_calls)
$masked_text = await MaskSensitiveDataAction(source="tool_call", text=$tool_calls_text)
# Note: Masking tool calls requires careful handling to preserve structure


# TOOL INPUT RAILS


flow detect sensitive data on tool response
"""Check if the tool response contains any sensitive data."""
$has_sensitive_data = await DetectSensitiveDataAction(source="tool_response", text=$tool_message)

if $has_sensitive_data
bot inform answer unknown
abort


flow mask sensitive data on tool response
"""Mask any sensitive data found in the tool response."""
global $tool_message
$tool_message = await MaskSensitiveDataAction(source="tool_response", text=$tool_message)
39 changes: 38 additions & 1 deletion nemoguardrails/library/sensitive_data_detection/flows.v1.co
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ define subflow mask sensitive data on output
$bot_message = execute mask_sensitive_data(source="output", text=$bot_message)


# RETRIVAL RAILS
# RETRIEVAL RAILS


define subflow detect sensitive data on retrieval
Expand All @@ -46,3 +46,40 @@ define subflow detect sensitive data on retrieval
define subflow mask sensitive data on retrieval
"""Mask any sensitive data found in the relevant chunks from the knowledge base."""
$relevant_chunks = execute mask_sensitive_data(source="retrieval", text=$relevant_chunks)


# TOOL OUTPUT RAILS


define subflow detect sensitive data on tool call
"""Check if the tool calls contain any sensitive data in their parameters."""
$tool_calls_text = str($tool_calls)
$has_sensitive_data = execute detect_sensitive_data(source="tool_call", text=$tool_calls_text)

if $has_sensitive_data
bot inform answer unknown
stop


define subflow mask sensitive data on tool call
"""Mask any sensitive data found in the tool call parameters."""
$tool_calls_text = str($tool_calls)
$masked_text = execute mask_sensitive_data(source="tool_call", text=$tool_calls_text)
# Note: Masking tool calls requires careful handling to preserve structure


# TOOL INPUT RAILS


define subflow detect sensitive data on tool response
"""Check if the tool response contains any sensitive data."""
$has_sensitive_data = execute detect_sensitive_data(source="tool_response", text=$tool_message)

if $has_sensitive_data
bot inform answer unknown
stop


define subflow mask sensitive data on tool response
"""Mask any sensitive data found in the tool response."""
$tool_message = execute mask_sensitive_data(source="tool_response", text=$tool_message)
Loading