PyPI - pangea-sdk - Versions diffs - 5.5.1__py3-none-any.whl → 6.1.0__py3-none-any.whl - Mend

pangea-sdk 5.5.1py3-none-any.whl → 6.1.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

pangea/__init__.py +1 -1
pangea/asyncio/services/ai_guard.py +7 -56
pangea/asyncio/services/audit.py +0 -5
pangea/asyncio/services/authn.py +171 -14
pangea/asyncio/services/authz.py +28 -28
pangea/config.py +23 -25
pangea/request.py +6 -15
pangea/services/ai_guard.py +192 -58
pangea/services/audit/audit.py +0 -4
pangea/services/authn/authn.py +177 -18
pangea/services/authn/models.py +94 -0
pangea/services/authz.py +65 -30
pangea/services/redact.py +8 -3
pangea/tools.py +6 -9
{pangea_sdk-5.5.1.dist-info → pangea_sdk-6.1.0.dist-info}/METADATA +10 -11
{pangea_sdk-5.5.1.dist-info → pangea_sdk-6.1.0.dist-info}/RECORD +17 -17
{pangea_sdk-5.5.1.dist-info → pangea_sdk-6.1.0.dist-info}/WHEEL +1 -1

pangea/request.py CHANGED Viewed

@@ -14,6 +14,7 @@ from pydantic_core import to_jsonable_python
 from requests.adapters import HTTPAdapter, Retry
 from requests_toolbelt import MultipartDecoder  # type: ignore[import-untyped]
 from typing_extensions import TypeVar
+from yarl import URL
 import pangea
 import pangea.exceptions as pe
@@ -107,16 +108,8 @@ class PangeaRequestBase:
         return f"request/{request_id}"
     def _url(self, path: str) -> str:
-        if self.config.domain.startswith("http://") or self.config.domain.startswith("https://"):
-            # it's URL
-            url = f"{self.config.domain}/{path}"
-        else:
-            schema = "http://" if self.config.insecure else "https://"
-            domain = (
-                self.config.domain if self.config.environment == "local" else f"{self.service}.{self.config.domain}"
-            )
-            url = f"{schema}{domain}/{path}"
-        return url
+        url = URL(self.config.base_url_template.format(SERVICE_NAME=self.service))
+        return str(url / path)
     def _headers(self) -> dict:
         headers = {
@@ -124,7 +117,7 @@ class PangeaRequestBase:
             "Authorization": f"Bearer {self.token}",
         }
-        # We want to ignore previous headers if user tryed to set them, so we will overwrite them.
+        # We want to ignore previous headers if user tried to set them, so we will overwrite them.
         self._extra_headers.update(headers)
         return self._extra_headers
@@ -628,9 +621,7 @@ class PangeaRequest(PangeaRequestBase):
         adapter = HTTPAdapter(max_retries=retry_config)
         session = requests.Session()
-        if self.config.insecure:
-            session.mount("http://", adapter)
-        else:
-            session.mount("https://", adapter)
+        session.mount("http://", adapter)
+        session.mount("https://", adapter)
         return session

pangea/services/ai_guard.py CHANGED Viewed

@@ -1,11 +1,155 @@
 from __future__ import annotations
-from typing import Any, Dict, Generic, List, Optional, TypeVar, overload
+from typing import Any, Dict, Generic, List, Literal, Optional, TypeVar, overload
 from pangea.config import PangeaConfig
 from pangea.response import APIRequestModel, APIResponseModel, PangeaResponse, PangeaResponseResult
 from pangea.services.base import ServiceBase
+# This is named "prompt injection" in the API spec even though it is also used
+# for many other detectors.
+PromptInjectionAction = Literal["report", "block"]
+MaliciousEntityAction = Literal["report", "defang", "disabled", "block"]
+# This is named "PII entity" in the API spec even though it is also used for the
+# secrets detector.
+PiiEntityAction = Literal["disabled", "report", "block", "mask", "partial_masking", "replacement", "hash", "fpe"]
+class CodeDetectionOverride(APIRequestModel):
+    disabled: Optional[bool] = None
+    action: Optional[Literal["report", "block"]] = None
+class LanguageDetectionOverride(APIRequestModel):
+    disabled: Optional[bool] = None
+    allow: Optional[List[str]] = None
+    block: Optional[List[str]] = None
+    report: Optional[List[str]] = None
+class TopicDetectionOverride(APIRequestModel):
+    disabled: Optional[bool] = None
+    block: Optional[List[str]] = None
+class PromptInjectionOverride(APIRequestModel):
+    disabled: Optional[bool] = None
+    action: Optional[PromptInjectionAction] = None
+class SelfHarmOverride(APIRequestModel):
+    disabled: Optional[bool] = None
+    action: Optional[PromptInjectionAction] = None
+    threshold: Optional[float] = None
+class GibberishOverride(APIRequestModel):
+    disabled: Optional[bool] = None
+    action: Optional[PromptInjectionAction] = None
+class RoleplayOverride(APIRequestModel):
+    disabled: Optional[bool] = None
+    action: Optional[PromptInjectionAction] = None
+class SentimentOverride(APIRequestModel):
+    disabled: Optional[bool] = None
+    action: Optional[PromptInjectionAction] = None
+    threshold: Optional[float] = None
+class MaliciousEntityOverride(APIRequestModel):
+    disabled: Optional[bool] = None
+    ip_address: Optional[MaliciousEntityAction] = None
+    url: Optional[MaliciousEntityAction] = None
+    domain: Optional[MaliciousEntityAction] = None
+class CompetitorsOverride(APIRequestModel):
+    disabled: Optional[bool] = None
+    action: Optional[PromptInjectionAction] = None
+class PiiEntityOverride(APIRequestModel):
+    disabled: Optional[bool] = None
+    email_address: Optional[PiiEntityAction] = None
+    nrp: Optional[PiiEntityAction] = None
+    location: Optional[PiiEntityAction] = None
+    person: Optional[PiiEntityAction] = None
+    phone_number: Optional[PiiEntityAction] = None
+    date_time: Optional[PiiEntityAction] = None
+    ip_address: Optional[PiiEntityAction] = None
+    url: Optional[PiiEntityAction] = None
+    money: Optional[PiiEntityAction] = None
+    credit_card: Optional[PiiEntityAction] = None
+    crypto: Optional[PiiEntityAction] = None
+    iban_code: Optional[PiiEntityAction] = None
+    us_bank_number: Optional[PiiEntityAction] = None
+    nif: Optional[PiiEntityAction] = None
+    au_abn: Optional[PiiEntityAction] = None
+    au_acn: Optional[PiiEntityAction] = None
+    au_tfn: Optional[PiiEntityAction] = None
+    medical_license: Optional[PiiEntityAction] = None
+    uk_nhs: Optional[PiiEntityAction] = None
+    au_medicare: Optional[PiiEntityAction] = None
+    us_drivers_license: Optional[PiiEntityAction] = None
+    us_itin: Optional[PiiEntityAction] = None
+    us_passport: Optional[PiiEntityAction] = None
+    us_ssn: Optional[PiiEntityAction] = None
+class SecretsDetectionOverride(APIRequestModel):
+    disabled: Optional[bool] = None
+    slack_token: Optional[PiiEntityAction] = None
+    rsa_private_key: Optional[PiiEntityAction] = None
+    ssh_dsa_private_key: Optional[PiiEntityAction] = None
+    ssh_ec_private_key: Optional[PiiEntityAction] = None
+    pgp_private_key_block: Optional[PiiEntityAction] = None
+    amazon_aws_access_key_id: Optional[PiiEntityAction] = None
+    amazon_aws_secret_access_key: Optional[PiiEntityAction] = None
+    amazon_mws_auth_token: Optional[PiiEntityAction] = None
+    facebook_access_token: Optional[PiiEntityAction] = None
+    github_access_token: Optional[PiiEntityAction] = None
+    jwt_token: Optional[PiiEntityAction] = None
+    google_api_key: Optional[PiiEntityAction] = None
+    google_cloud_platform_api_key: Optional[PiiEntityAction] = None
+    google_drive_api_key: Optional[PiiEntityAction] = None
+    google_cloud_platform_service_account: Optional[PiiEntityAction] = None
+    google_gmail_api_key: Optional[PiiEntityAction] = None
+    youtube_api_key: Optional[PiiEntityAction] = None
+    mailchimp_api_key: Optional[PiiEntityAction] = None
+    mailgun_api_key: Optional[PiiEntityAction] = None
+    basic_auth: Optional[PiiEntityAction] = None
+    picatic_api_key: Optional[PiiEntityAction] = None
+    slack_webhook: Optional[PiiEntityAction] = None
+    stripe_api_key: Optional[PiiEntityAction] = None
+    stripe_restricted_api_key: Optional[PiiEntityAction] = None
+    square_access_token: Optional[PiiEntityAction] = None
+    square_oauth_secret: Optional[PiiEntityAction] = None
+    twilio_api_key: Optional[PiiEntityAction] = None
+    pangea_token: Optional[PiiEntityAction] = None
+class Overrides(APIRequestModel):
+    ignore_recipe: Optional[bool] = None
+    """Bypass existing Recipe content and create an on-the-fly Recipe."""
+    code_detection: Optional[CodeDetectionOverride] = None
+    competitors: Optional[CompetitorsOverride] = None
+    gibberish: Optional[GibberishOverride] = None
+    language_detection: Optional[LanguageDetectionOverride] = None
+    malicious_entity: Optional[MaliciousEntityOverride] = None
+    pii_entity: Optional[PiiEntityOverride] = None
+    prompt_injection: Optional[PromptInjectionOverride] = None
+    roleplay: Optional[RoleplayOverride] = None
+    secrets_detection: Optional[SecretsDetectionOverride] = None
+    selfharm: Optional[SelfHarmOverride] = None
+    sentiment: Optional[SentimentOverride] = None
+    topic_detection: Optional[TopicDetectionOverride] = None
 class LogFields(APIRequestModel):
     """Additional fields to include in activity log"""
@@ -33,6 +177,8 @@ class AnalyzerResponse(APIResponseModel):
 class PromptInjectionResult(APIResponseModel):
     action: str
+    """The action taken by this Detector"""
     analyzer_responses: List[AnalyzerResponse]
     """Triggered prompt injection analyzers."""
@@ -41,11 +187,13 @@ class PiiEntity(APIResponseModel):
     type: str
     value: str
     action: str
+    """The action taken on this Entity"""
     start_pos: Optional[int] = None
 class PiiEntityResult(APIResponseModel):
     entities: List[PiiEntity]
+    """Detected redaction rules."""
 class MaliciousEntity(APIResponseModel):
@@ -58,35 +206,59 @@ class MaliciousEntity(APIResponseModel):
 class MaliciousEntityResult(APIResponseModel):
     entities: List[MaliciousEntity]
+    """Detected harmful items."""
+class CustomEntity(APIResponseModel):
+    type: str
+    value: str
+    action: str
+    """The action taken on this Entity"""
+    start_pos: Optional[int] = None
+    raw: Optional[Dict[str, Any]] = None
+class CustomEntityResult(APIResponseModel):
+    entities: List[CustomEntity]
+    """Detected redaction rules."""
 class SecretsEntity(APIResponseModel):
     type: str
     value: str
     action: str
+    """The action taken on this Entity"""
     start_pos: Optional[int] = None
     redacted_value: Optional[str] = None
 class SecretsEntityResult(APIResponseModel):
     entities: List[SecretsEntity]
+    """Detected redaction rules."""
 class LanguageDetectionResult(APIResponseModel):
     language: str
     action: str
+    """The action taken by this Detector"""
+class TopicDetectionResult(APIResponseModel):
+    action: str
+    """The action taken by this Detector"""
 class CodeDetectionResult(APIResponseModel):
     language: str
     action: str
+    """The action taken by this Detector"""
 _T = TypeVar("_T")
 class TextGuardDetector(APIResponseModel, Generic[_T]):
-    detected: bool
+    detected: Optional[bool] = None
     data: Optional[_T] = None
@@ -94,10 +266,11 @@ class TextGuardDetectors(APIResponseModel):
     prompt_injection: Optional[TextGuardDetector[PromptInjectionResult]] = None
     pii_entity: Optional[TextGuardDetector[PiiEntityResult]] = None
     malicious_entity: Optional[TextGuardDetector[MaliciousEntityResult]] = None
+    custom_entity: Optional[TextGuardDetector[Any]] = None
     secrets_detection: Optional[TextGuardDetector[SecretsEntityResult]] = None
     profanity_and_toxicity: Optional[TextGuardDetector[Any]] = None
-    custom_entity: Optional[TextGuardDetector[Any]] = None
     language_detection: Optional[TextGuardDetector[LanguageDetectionResult]] = None
+    topic_detection: Optional[TextGuardDetector[TopicDetectionResult]] = None
     code_detection: Optional[TextGuardDetector[CodeDetectionResult]] = None
@@ -112,6 +285,16 @@ class TextGuardResult(PangeaResponseResult, Generic[_T]):
     """Updated structured prompt, if applicable."""
     blocked: bool
+    """Whether or not the prompt triggered a block detection."""
+    recipe: str
+    """The Recipe that was used."""
+    fpe_context: Optional[str] = None
+    """
+    If an FPE redaction method returned results, this will be the context passed
+    to unredact.
+    """
 class AIGuard(ServiceBase):
@@ -160,7 +343,7 @@ class AIGuard(ServiceBase):
         *,
         recipe: str | None = None,
         debug: bool | None = None,
-        llm_info: str | None = None,
+        overrides: Overrides | None = None,
         log_fields: LogFields | None = None,
     ) -> PangeaResponse[TextGuardResult[None]]:
         """
@@ -180,7 +363,6 @@ class AIGuard(ServiceBase):
                 are to be applied to the text, such as defang malicious URLs.
             debug: Setting this value to true will provide a detailed analysis
                 of the text data
-            llm_info: Short string hint for the LLM Provider information
             log_field: Additional fields to include in activity log
         Examples:
@@ -194,7 +376,7 @@ class AIGuard(ServiceBase):
         messages: _T,
         recipe: str | None = None,
         debug: bool | None = None,
-        llm_info: str | None = None,
+        overrides: Overrides | None = None,
         log_fields: LogFields | None = None,
     ) -> PangeaResponse[TextGuardResult[_T]]:
         """
@@ -215,59 +397,20 @@ class AIGuard(ServiceBase):
                 are to be applied to the text, such as defang malicious URLs.
             debug: Setting this value to true will provide a detailed analysis
                 of the text data
-            llm_info: Short string hint for the LLM Provider information
             log_field: Additional fields to include in activity log
         Examples:
             response = ai_guard.guard_text(messages=[{"role": "user", "content": "hello world"}])
         """
-    @overload
-    def guard_text(
-        self,
-        *,
-        llm_input: _T,
-        recipe: str | None = None,
-        debug: bool | None = None,
-        llm_info: str | None = None,
-        log_fields: LogFields | None = None,
-    ) -> PangeaResponse[TextGuardResult[_T]]:
-        """
-        Text Guard for scanning LLM inputs and outputs
-        Analyze and redact text to avoid manipulation of the model, addition of
-        malicious content, and other undesirable data transfers.
-        OperationId: ai_guard_post_v1_text_guard
-        Args:
-            llm_input: Structured full llm payload data to be scanned by AI
-                Guard for PII, sensitive data, malicious content, and other data
-                types defined by the configuration. Supports processing up to
-                10KB of JSON text
-            recipe: Recipe key of a configuration of data types and settings
-                defined in the Pangea User Console. It specifies the rules that
-                are to be applied to the text, such as defang malicious URLs.
-            debug: Setting this value to true will provide a detailed analysis
-                of the text data
-            llm_info: Short string hint for the LLM Provider information
-            log_field: Additional fields to include in activity log
-        Examples:
-            response = ai_guard.guard_text(
-                llm_input={"model": "gpt-4o", "messages": [{"role": "user", "content": "hello world"}]}
-            )
-        """
     def guard_text(  # type: ignore[misc]
         self,
         text: str | None = None,
         *,
         messages: _T | None = None,
-        llm_input: _T | None = None,
         recipe: str | None = None,
         debug: bool | None = None,
-        llm_info: str | None = None,
+        overrides: Overrides | None = None,
         log_fields: LogFields | None = None,
     ) -> PangeaResponse[TextGuardResult[None]]:
         """
@@ -286,27 +429,19 @@ class AIGuard(ServiceBase):
                 PII, sensitive data, malicious content, and other data types
                 defined by the configuration. Supports processing up to 10KB of
                 JSON text
-            llm_input: Structured full llm payload data to be scanned by AI
-                Guard for PII, sensitive data, malicious content, and other data
-                types defined by the configuration. Supports processing up to
-                10KB of JSON text
             recipe: Recipe key of a configuration of data types and settings
                 defined in the Pangea User Console. It specifies the rules that
                 are to be applied to the text, such as defang malicious URLs.
             debug: Setting this value to true will provide a detailed analysis
                 of the text data
-            llm_info: Short string hint for the LLM Provider information
             log_field: Additional fields to include in activity log
         Examples:
             response = ai_guard.guard_text("text")
         """
-        if not any((text, messages, llm_input)):
-            raise ValueError("At least one of `text`, `messages`, or `llm_input` must be given")
-        if sum((text is not None, messages is not None, llm_input is not None)) > 1:
-            raise ValueError("Only one of `text`, `messages`, or `llm_input` can be given at once")
+        if text is not None and messages is not None:
+            raise ValueError("Exactly one of `text` or `messages` must be given")
         return self.request.post(
             "v1/text/guard",
@@ -314,10 +449,9 @@ class AIGuard(ServiceBase):
             data={
                 "text": text,
                 "messages": messages,
-                "llm_input": llm_input,
                 "recipe": recipe,
                 "debug": debug,
-                "llm_info": llm_info,
+                "overrides": overrides,
                 "log_fields": log_fields,
             },
         )

pangea/services/audit/audit.py CHANGED Viewed

@@ -408,10 +408,6 @@ class Audit(ServiceBase, AuditBase):
              config = PangeaConfig(domain="pangea_domain")
              audit = Audit(token="pangea_token", config=config)
         """
-        # FIXME: Temporary check to deprecate config_id from PangeaConfig.
-        # Delete it when deprecate PangeaConfig.config_id
-        if config_id and config is not None and config.config_id is not None:
-            config_id = config.config_id
         ServiceBase.__init__(self, token, config=config, logger_name=logger_name, config_id=config_id)
         AuditBase.__init__(
             self, private_key_file=private_key_file, public_key_info=public_key_info, tenant_id=tenant_id

pangea-sdk 5.5.1__py3-none-any.whl → 6.1.0__py3-none-any.whl

pangea-sdk 5.5.1py3-none-any.whl → 6.1.0py3-none-any.whl