Description
Implement the redaction flow: when NeMo returns "modified" status,
extract the masked content and replace the original request body.
Link for the Proposal: docs/proposals/00138_external_guardrails.md
- When NeMo returns
"modified" status, the redacted content is available in the NeMo response at: guardrails_data.log.activated_rails.executed_actions.return_value (need to loop into all executed_actions)
NemoProvider extracts this redacted text and returns it as GuardResult::Redact { modified_text, reason }
- In
filter.rs: replace the original body bytes with the redacted content, update Content-Length header
- For request-side: replace the last user message content in the request body with the redacted version
NeMo deployment for testing:
Acceptance:
- Request containing PII/sensitive content is forwarded with masked body when NeMo returns
"modified"
Content-Length header is updated to match the new body size
FilterResultSet status is written as "redacted"
Dependencies
Motivation
Pass and block are binary outcomes, but many guardrail policies need a
third option: mask sensitive content and forward the sanitized request.
NeMo supports this via its "modified" status, and the filter needs to
extract the redacted text and rewrite the body in-flight.
Alternatives Considered
Rejecting the entire request when sensitive content is detected instead
of redacting. This is already supported via the Block result; redaction
adds a less disruptive option for operators who want to sanitize rather
than reject.
Area
Filter Pipeline
Parent Epic (optional)
#76
Description
Implement the redaction flow: when NeMo returns
"modified"status,extract the masked content and replace the original request body.
Link for the Proposal: docs/proposals/00138_external_guardrails.md
"modified"status, the redacted content is available in the NeMo response at:guardrails_data.log.activated_rails.executed_actions.return_value(need to loop into allexecuted_actions)NemoProviderextracts this redacted text and returns it asGuardResult::Redact { modified_text, reason }filter.rs: replace the original body bytes with the redacted content, updateContent-LengthheaderNeMo deployment for testing:
quay.io/rgeada/nemo-debug:latest(quay.io)Acceptance:
"modified"Content-Lengthheader is updated to match the new body sizeFilterResultSetstatus is written as"redacted"Dependencies
Motivation
Pass and block are binary outcomes, but many guardrail policies need a
third option: mask sensitive content and forward the sanitized request.
NeMo supports this via its
"modified"status, and the filter needs toextract the redacted text and rewrite the body in-flight.
Alternatives Considered
Rejecting the entire request when sensitive content is detected instead
of redacting. This is already supported via the
Blockresult; redactionadds a less disruptive option for operators who want to sanitize rather
than reject.
Area
Filter Pipeline
Parent Epic (optional)
#76