LCORE-849: Shields implementation using Moderations API

docker-compose-library.yaml

@@ -18,7 +18,7 @@ services:
       - TAVILY_SEARCH_API_KEY=${TAVILY_SEARCH_API_KEY:-}
       # OpenAI
       - OPENAI_API_KEY=${OPENAI_API_KEY}
-      - E2E_OPENAI_MODEL=${E2E_OPENAI_MODEL:-gpt-4-turbo}
+      - E2E_OPENAI_MODEL=${E2E_OPENAI_MODEL:-gpt-4o-mini}
       # Azure
       - AZURE_API_KEY=${AZURE_API_KEY:-}
       # RHAIIS

docker-compose.yaml

@@ -16,7 +16,7 @@ services:
       - TAVILY_SEARCH_API_KEY=${TAVILY_SEARCH_API_KEY:-}
       # OpenAI
       - OPENAI_API_KEY=${OPENAI_API_KEY}
-      - E2E_OPENAI_MODEL=${E2E_OPENAI_MODEL}
+      - E2E_OPENAI_MODEL=${E2E_OPENAI_MODEL:-gpt-4o-mini}
       # Azure
       - AZURE_API_KEY=${AZURE_API_KEY}
       # RHAIIS

run.yaml

@@ -131,8 +131,15 @@ storage:
       namespace: prompts
       backend: kv_default
 registered_resources:
-  models: []
-  shields: []
+  models:
+  - model_id: gpt-4o-mini
+    provider_id: openai
+    model_type: llm
+    provider_model_id: gpt-4o-mini
+  shields:
+  - shield_id: llama-guard
+    provider_id: llama-guard
+    provider_shield_id: openai/gpt-4o-mini
   vector_dbs: []
   datasets: []
   scoring_fns: []

src/app/endpoints/query.py

@@ -8,11 +8,11 @@
 from typing import Annotated, Any, Optional, cast
 
 from fastapi import APIRouter, Depends, HTTPException, Request
-from litellm.exceptions import RateLimitError
 from llama_stack_client import (
     APIConnectionError,
     APIStatusError,
-    AsyncLlamaStackClient,  # type: ignore
+    AsyncLlamaStackClient,
+    RateLimitError,  # type: ignore
 )
 from llama_stack_client.types import Shield, UserMessage  # type: ignore
 from llama_stack_client.types.alpha.agents.turn import Turn

src/app/endpoints/query_v2.py

@@ -10,7 +10,7 @@
 from llama_stack.apis.agents.openai_responses import (
     OpenAIResponseObject,
 )
-from llama_stack_client import AsyncLlamaStackClient  # type: ignore
+from llama_stack_client import AsyncLlamaStackClient
 
 import metrics
 from app.endpoints.query import (
@@ -42,7 +42,10 @@
 )
 from utils.mcp_headers import mcp_headers_dependency
 from utils.responses import extract_text_from_response_output_item
-from utils.shields import detect_shield_violations, get_available_shields
+from utils.shields import (
+    append_turn_to_conversation,
+    run_shield_moderation,
+)
 from utils.suid import normalize_conversation_id, to_llama_stack_conversation_id
 from utils.token_counter import TokenCounter
 from utils.types import RAGChunk, ToolCallSummary, ToolResultSummary, TurnSummary
@@ -322,9 +325,6 @@ async def retrieve_response(  # pylint: disable=too-many-locals,too-many-branche
         and the conversation ID, the list of parsed referenced documents,
         and token usage information.
     """
-    # List available shields for Responses API
-    available_shields = await get_available_shields(client)
-
     # use system prompt from request or default one
     system_prompt = get_system_prompt(query_request, configuration)
     logger.debug("Using system prompt: %s", system_prompt)
@@ -370,6 +370,26 @@ async def retrieve_response(  # pylint: disable=too-many-locals,too-many-branche
             conversation_id,
         )
 
+    # Run shield moderation before calling LLM
+    moderation_result = await run_shield_moderation(client, input_text)
+    if moderation_result.blocked:
+        violation_message = moderation_result.message or ""
+        await append_turn_to_conversation(
+            client, llama_stack_conv_id, input_text, violation_message
+        )
+        summary = TurnSummary(
+            llm_response=violation_message,
+            tool_calls=[],
+            tool_results=[],
+            rag_chunks=[],
+        )
+        return (
+            summary,
+            normalize_conversation_id(conversation_id),
+            [],
+            TokenCounter(),
+        )
+
     # Create OpenAI response using responses API
     create_kwargs: dict[str, Any] = {
         "input": input_text,
@@ -381,10 +401,6 @@ async def retrieve_response(  # pylint: disable=too-many-locals,too-many-branche
         "conversation": llama_stack_conv_id,
     }
 
-    # Add shields to extra_body if available
-    if available_shields:
-        create_kwargs["extra_body"] = {"guardrails": available_shields}
-
     response = await client.responses.create(**create_kwargs)
     response = cast(OpenAIResponseObject, response)
     logger.info("Response: %s", response)
@@ -410,9 +426,6 @@ async def retrieve_response(  # pylint: disable=too-many-locals,too-many-branche
         if tool_result:
             tool_results.append(tool_result)
 
-    # Check for shield violations across all output items
-    detect_shield_violations(response.output)
-
     logger.info(
         "Response processing complete - Tool calls: %d, Response length: %d chars",
         len(tool_calls),

src/app/endpoints/streaming_query.py

@@ -11,10 +11,10 @@
 
 from fastapi import APIRouter, Depends, Request
 from fastapi.responses import StreamingResponse
-from litellm.exceptions import RateLimitError
 from llama_stack_client import (
     APIConnectionError,
-    AsyncLlamaStackClient,  # type: ignore
+    AsyncLlamaStackClient,
+    RateLimitError,  # type: ignore
 )
 from llama_stack_client.types import UserMessage  # type: ignore
 from llama_stack_client.types.alpha.agents.agent_turn_response_stream_chunk import (

src/app/endpoints/streaming_query_v2.py

@@ -6,8 +6,14 @@
 from fastapi import APIRouter, Depends, Request
 from fastapi.responses import StreamingResponse
 from llama_stack.apis.agents.openai_responses import (
+    OpenAIResponseContentPartOutputText,
+    OpenAIResponseMessage,
     OpenAIResponseObject,
     OpenAIResponseObjectStream,
+    OpenAIResponseObjectStreamResponseCompleted,
+    OpenAIResponseObjectStreamResponseContentPartAdded,
+    OpenAIResponseObjectStreamResponseOutputTextDelta,
+    OpenAIResponseOutputMessageContentOutputText,
 )
 from llama_stack_client import AsyncLlamaStackClient
 
@@ -53,7 +59,10 @@
 from utils.quota import consume_tokens, get_available_quotas
 from utils.suid import normalize_conversation_id, to_llama_stack_conversation_id
 from utils.mcp_headers import mcp_headers_dependency
-from utils.shields import detect_shield_violations, get_available_shields
+from utils.shields import (
+    append_turn_to_conversation,
+    run_shield_moderation,
+)
 from utils.token_counter import TokenCounter
 from utils.transcripts import store_transcript
 from utils.types import ToolCallSummary, TurnSummary
@@ -234,12 +243,6 @@ async def response_generator(  # pylint: disable=too-many-branches,too-many-stat
                 # Capture the response object for token usage extraction
                 latest_response_object = getattr(chunk, "response", None)
 
-                # Check for shield violations in the completed response
-                if latest_response_object:
-                    output = getattr(latest_response_object, "output", None)
-                    if output is not None:
-                        detect_shield_violations(output)
-
                 if not emitted_turn_complete:
                     final_message = summary.llm_response or "".join(text_parts)
                     if not final_message:
@@ -394,9 +397,6 @@ async def retrieve_response(  # pylint: disable=too-many-locals
         tuple: A tuple containing the streaming response object
         and the conversation ID.
     """
-    # List available shields for Responses API
-    available_shields = await get_available_shields(client)
-
     # use system prompt from request or default one
     system_prompt = get_system_prompt(query_request, configuration)
     logger.debug("Using system prompt: %s", system_prompt)
@@ -441,6 +441,18 @@ async def retrieve_response(  # pylint: disable=too-many-locals
             conversation_id,
         )
 
+    # Run shield moderation before calling LLM
+    moderation_result = await run_shield_moderation(client, input_text)
+    if moderation_result.blocked:
+        violation_message = moderation_result.message or ""
+        await append_turn_to_conversation(
+            client, llama_stack_conv_id, input_text, violation_message
+        )
+        return (
+            create_violation_stream(violation_message, moderation_result.shield_model),
+            normalize_conversation_id(conversation_id),
+        )
+
     create_params: dict[str, Any] = {
         "input": input_text,
         "model": model_id,
@@ -451,14 +463,58 @@ async def retrieve_response(  # pylint: disable=too-many-locals
         "conversation": llama_stack_conv_id,
     }
 
-    # Add shields to extra_body if available
-    if available_shields:
-        create_params["extra_body"] = {"guardrails": available_shields}
-
     response = await client.responses.create(**create_params)
     response_stream = cast(AsyncIterator[OpenAIResponseObjectStream], response)
-    # async for chunk in response_stream:
-    #     logger.error("Chunk: %s", chunk.model_dump_json())
-    # Return the normalized conversation_id
-    # The response_generator will emit it in the start event
+
     return response_stream, normalize_conversation_id(conversation_id)
+
+
+async def create_violation_stream(
+    message: str,
+    shield_model: str | None = None,
+) -> AsyncIterator[OpenAIResponseObjectStream]:
+    """Generate a minimal streaming response for cases where input is blocked by a shield.
+
+    This yields only the essential streaming events to indicate that the input was rejected.
+    Dummy item identifiers are used solely for protocol compliance and are not used later.
+    """
+    response_id = "resp_shield_violation"
+
+    # Content part added (triggers empty initial token)
+    yield OpenAIResponseObjectStreamResponseContentPartAdded(
+        content_index=0,
+        response_id=response_id,
+        item_id="msg_shield_violation_1",
+        output_index=0,
+        part=OpenAIResponseContentPartOutputText(text=""),
+        sequence_number=0,
+    )
+
+    # Text delta
+    yield OpenAIResponseObjectStreamResponseOutputTextDelta(
+        content_index=1,
+        delta=message,
+        item_id="msg_shield_violation_2",
+        output_index=1,
+        sequence_number=1,
+    )
+
+    # Completed response
+    yield OpenAIResponseObjectStreamResponseCompleted(
+        response=OpenAIResponseObject(
+            id=response_id,
+            created_at=0,  # not used
+            model=shield_model or "shield",
+            output=[
+                OpenAIResponseMessage(
+                    id="msg_shield_violation_3",
+                    content=[
+                        OpenAIResponseOutputMessageContentOutputText(text=message)
+                    ],
+                    role="assistant",
+                    status="completed",
+                )
+            ],
+            status="completed",
+        )
+    )