feat: Add support for Trend AI Guard

Author: trend-willem-gooderham

conf.json

@@ -10,7 +10,8 @@
     "pangea",
     "promptsecurity",
     "panw-prisma-airs",
-    "walledai"
+    "walledai",
+    "trend-ai"
   ],
   "credentials": {
     "portkey": {

plugins/index.ts

@@ -67,6 +67,8 @@ import { handler as defaultregexReplace } from './default/regexReplace';
 import { handler as defaultallowedRequestTypes } from './default/allowedRequestTypes';
 import { handler as javelinguardrails } from './javelin/guardrails';
 import { handler as f5GuardrailsScan } from './f5-guardrails/scan';
+import { handler as trendAiGuard } from './trend-ai/guard';
+
 export const plugins = {
   default: {
     regexMatch: defaultregexMatch,
@@ -177,4 +179,7 @@ export const plugins = {
   'f5-guardrails': {
     scan: f5GuardrailsScan,
   },
+  'trend-ai': {
+    guard: trendAiGuard,
+  },
 };

plugins/trend-ai/guard.ts

@@ -0,0 +1,122 @@
+import {
+  HookEventType,
+  PluginContext,
+  PluginHandler,
+  PluginParameters,
+} from '../types';
+import { post, getText, HttpError } from '../utils';
+import { VERSION } from './version';
+
+export const handler: PluginHandler = async (
+  context: PluginContext,
+  parameters: PluginParameters,
+  eventType: HookEventType,
+  options?: {
+    env: Record<string, any>;
+    getFromCacheByKey?: (key: string) => Promise<any>;
+    putInCacheWithValue?: (key: string, value: any) => Promise<any>;
+  }
+) => {
+  let error = null;
+  let verdict = true;
+  let data = null;
+
+  // Validate required parameters
+  if (!parameters.credentials?.v1Url) {
+    return {
+      error: { message: `'parameters.credentials.v1Url' must be set` },
+      verdict: true,
+      data,
+    };
+  }
+
+  if (!parameters.credentials?.apiKey) {
+    return {
+      error: { message: `'parameters.credentials.apiKey' must be set` },
+      verdict: true,
+      data,
+    };
+  }
+
+  // Extract text from context
+  const text = getText(context, eventType);
+  if (!text) {
+    return {
+      error: { message: 'request or response text is empty' },
+      verdict: true,
+      data,
+    };
+  }
+  const applicationName = parameters.applicationName;
+
+  // Validate application name is provided and has correct format
+  if (!applicationName) {
+    return {
+      error: { message: 'Application name is required' },
+      verdict: true,
+      data,
+    };
+  }
+
+  if (!/^[a-zA-Z0-9_-]+$/.test(applicationName)) {
+    return {
+      error: {
+        message:
+          'Application name must contain only letters, numbers, hyphens, and underscores',
+      },
+      verdict: true,
+      data,
+    };
+  }
+
+  // Prepare request headers
+  const headers: Record<string, string> = {
+    'Content-Type': 'application/json',
+    Accept: 'application/json',
+    Authorization: `Bearer ${parameters.credentials?.apiKey}`,
+    'TMV1-Application-Name': applicationName,
+  };
+
+  // Set Prefer header
+  const preferValue = parameters.prefer || 'return=minimal';
+  headers['Prefer'] = preferValue;
+
+  const requestOptions = { headers };
+
+  // Prepare request payload for applyGuardrails endpoint
+  const request = {
+    prompt: text,
+  };
+
+  let response;
+  try {
+    response = await post(
+      parameters.credentials?.v1Url,
+      request,
+      requestOptions,
+      parameters.timeout
+    );
+  } catch (e) {
+    if (e instanceof HttpError) {
+      error = {
+        message: `API request failed: ${e.message}. body: ${e.response.body}`,
+      };
+    } else {
+      error = e as Error;
+    }
+  }
+
+  if (response) {
+    data = response;
+
+    if (response.action && response.action === 'Block') {
+      verdict = false;
+    }
+  }
+
+  return {
+    error,
+    verdict,
+    data,
+  };
+};

plugins/trend-ai/manifest.json

@@ -0,0 +1,50 @@
+{
+  "id": "trend-ai",
+  "description": "Trend AI Guard for scanning LLM inputs and outputs",
+  "credentials": {
+    "type": "object",
+    "properties": {
+      "v1ApiKey": {
+        "type": "string",
+        "label": "Trend AI Token",
+        "description": "Trend AI Guard token Get setup here (https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-ai-scanner-ai-guard)",
+        "encrypted": true
+      },
+      "v1Url": {
+        "type": "string",
+        "label": "Trend AI URL",
+        "description": "Trend AI Guard URL (e.g., https://api.xdr.trendmicro.com/v3.0/aiSecurity/applyGuardrails)"
+      }
+    },
+    "required": ["v1Url", "apiKey"]
+  },
+  "functions": [
+    {
+      "name": "Trend AI Guard for scanning LLM inputs and outputs",
+      "id": "aiGuard",
+      "supportedHooks": ["beforeRequestHook", "afterRequestHook"],
+      "type": "guardrail",
+      "description": [
+        {
+          "type": "subHeading",
+          "text": "Analyze and scan text for security threats and policy violations using Trend AI Guard services."
+        }
+      ],
+      "parameters": {
+        "prefer": {
+          "type": "string",
+          "label": "Response Detail Level",
+          "description": "Controls the level of detail in the response. 'return=representation' returns detailed response with scanner results, 'return=minimal' returns short response with only action and reasons.",
+          "enum": ["return=representation", "return=minimal"],
+          "default": "return=minimal"
+        },
+        "applicationName": {
+          "type": "string",
+          "label": "Application Name",
+          "description": "The name of the AI application whose prompts are being evaluated. Must contain only letters, numbers, hyphens, and underscores."
+        },
+        "required": ["applicationName"]
+      }
+    }
+  ]
+}