feat: add standalone guardrail methods and enforce strict model validation

[abhijitjavelin]

No description provided.

[gemini-code-assist]

Hello @abhijitjavelin, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

This pull request introduces standalone guardrail methods to the Javelin SDK and enforces stricter model validation. It adds a new GuardrailsService with methods for applying trust/safety and prompt injection detection, as well as a general apply_guardrails method for applying multiple guardrails at once. It also includes a method for listing available guardrails. The changes also include updates to the Request model to support guardrail-related parameters and modifications to the ProviderService, RouteService, SecretService, and TemplateService to enforce model validation when creating or updating resources.

Highlights

• Guardrails Service: A new GuardrailsService is added, providing methods to apply trust/safety checks, prompt injection detection, and a general guardrails application, along with a method to list available guardrails.
• Standalone Guardrail Methods: Standalone methods apply_trustsafety, apply_promptinjectiondetection, apply_guardrails, and list_guardrails are added to the JavelinClient for easier access to guardrail functionalities.
• Model Validation: Model validation is enforced in ProviderService, RouteService, SecretService, and TemplateService when creating or updating resources, ensuring that input data conforms to the expected model schema.
• Request Model Updates: The Request model is updated to include parameters for guardrail-related requests, such as specifying a guardrail to apply or listing available guardrails.

Changelog

Click here to see the changelog

• examples/guardrails/test_guardrails.py
  • A new example file is added to demonstrate the usage of the new guardrail methods, including applying trust/safety checks, prompt injection detection, applying multiple guardrails, and listing available guardrails.
• javelin_sdk/client.py
  • The GuardrailsService is imported and initialized within the JavelinClient.
  • The _construct_url method is updated to handle guardrail-related endpoints.
  • Standalone guardrail methods (apply_trustsafety, apply_promptinjectiondetection, apply_guardrails, list_guardrails) are added to the JavelinClient as lambda functions calling the corresponding methods in GuardrailsService.
  • The set_headers method is updated to include the new guardrail methods.
• javelin_sdk/models.py
  • The RouteConfig model is modified to remove the budget field (line 145).
  • The Request model is updated to include guardrail and list_guardrails parameters (lines 483, 484, 502, 503).
• javelin_sdk/services/guardrails_service.py
  • A new GuardrailsService is created, containing methods for applying trust/safety checks, prompt injection detection, applying multiple guardrails, and listing available guardrails.
  • Includes error handling for guardrail responses.
• javelin_sdk/services/provider_service.py
  • Model validation is enforced in create_provider, acreate_provider, update_provider, and aupdate_provider methods by using Provider.model_validate to ensure the input data conforms to the Provider model schema (lines 63, 75, 126, 136).
• javelin_sdk/services/route_service.py
  • Model validation is enforced in create_route, acreate_route, update_route, and aupdate_route methods by using Route.model_validate to ensure the input data conforms to the Route model schema (lines 67, 76, 125, 135).
• javelin_sdk/services/secret_service.py
  • Model validation is enforced in create_secret, acreate_secret, update_secret, and aupdate_secret methods by using Secret.model_validate to ensure the input data conforms to the Secret model schema (lines 46, 54, 101, 138).
  • Restricted fields are checked during secret updates to prevent modification of api_key.
• javelin_sdk/services/template_service.py
  • Model validation is enforced in create_template, acreate_template, update_template, and aupdate_template methods by using Template.model_validate to ensure the input data conforms to the Template model schema (lines 46, 57, 106, 115).

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

A new guardrail's in place,
Protecting text with grace,
Injection's denied,
Trust and safety applied,
Making the digital space safe.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request introduces standalone guardrail methods and enforces strict model validation. The addition of guardrail functionalities is a valuable enhancement to the Javelin SDK. However, there are a few areas that could benefit from further refinement to ensure robustness and maintainability.

Summary of Findings

• Missing Error Handling in Guardrails Service: The _handle_guardrails_response method in GuardrailsService only handles specific HTTP error codes (400, 401, 403, 429) and raises exceptions. It should also include a generic error handling for other 4xx errors to provide more informative feedback to the user.
• Inconsistent Validation Approach: The create_provider, acreate_provider, update_provider, aupdate_provider, create_route, acreate_route, update_route, aupdate_route, create_secret, acreate_secret, update_secret, aupdate_secret, create_template, acreate_template, update_template, and aupdate_template methods in various services now accept both dict and Model instances, and use model_validate for dict inputs. This approach is good, but should be applied consistently across all similar methods to ensure a uniform API.
• Duplicated Guardrails Methods: The guardrails methods (apply_trustsafety, apply_promptinjectiondetection, apply_guardrails, list_guardrails) are defined twice in JavelinClient, once within the class and again within the set_headers method. This duplication should be removed to avoid confusion and potential maintenance issues.

Merge Readiness

The pull request introduces important functionality, but there are some issues that should be addressed before merging. Specifically, the error handling in GuardrailsService should be improved, and the duplicated guardrails methods in JavelinClient should be removed. I am unable to approve this pull request, and recommend that it not be merged until these issues are addressed. Users should have others review and approve this code before merging.

bot