fix: disable pii checker by prompt guard knob

Xunzhuo · Xunzhuo · commit b60a085e5e5f · 2025-08-28T14:56:44.000+08:00
Signed-off-by: bitliu &lt;bitliu@tencent.com&gt;
diff --git a/src/semantic-router/pkg/extproc/router.go b/src/semantic-router/pkg/extproc/router.go
@@ -127,7 +127,7 @@ func NewOpenAIRouter(configPath string) (*OpenAIRouter, error) {
 	}
 
 	// Create utility components
-	piiChecker := pii.NewPolicyChecker(cfg.ModelConfig)
+	piiChecker := pii.NewPolicyChecker(cfg, cfg.ModelConfig)
 	ttftCalculator := ttft.NewCalculator(cfg.GPUConfig)
 	modelTTFT := ttftCalculator.InitializeModelTTFT(cfg)
 	classifier := classification.NewClassifier(cfg, categoryMapping, piiMapping, jailbreakMapping, modelTTFT)
diff --git a/src/semantic-router/pkg/extproc/security_test.go b/src/semantic-router/pkg/extproc/security_test.go
@@ -51,7 +51,7 @@ var _ = Describe("Security Checks", func() {
 					PIITypes:       []string{"NO_PII"},
 				},
 			}
-			router.PIIChecker = pii.NewPolicyChecker(cfg.ModelConfig)
+			router.PIIChecker = pii.NewPolicyChecker(cfg, cfg.ModelConfig)
 			router.Classifier = classification.NewClassifier(cfg, router.Classifier.CategoryMapping, router.Classifier.PIIMapping, nil, router.Classifier.ModelTTFT)
 		})
 
@@ -463,7 +463,7 @@ var _ = Describe("Security Checks", func() {
 						PIITypes:       []string{"NO_PII"},
 					},
 				}
-				router.PIIChecker = pii.NewPolicyChecker(cfg.ModelConfig)
+				router.PIIChecker = pii.NewPolicyChecker(cfg, cfg.ModelConfig)
 
 				response, err := router.HandleRequestBody(bodyRequest, ctx)
 				Expect(err).NotTo(HaveOccurred())
diff --git a/src/semantic-router/pkg/extproc/test_utils_test.go b/src/semantic-router/pkg/extproc/test_utils_test.go
@@ -227,7 +227,7 @@ func CreateTestRouter(cfg *config.RouterConfig) (*extproc.OpenAIRouter, error) {
 	classifier := classification.NewClassifier(cfg, categoryMapping, piiMapping, nil, modelTTFT)
 
 	// Create PII checker
-	piiChecker := pii.NewPolicyChecker(cfg.ModelConfig)
+	piiChecker := pii.NewPolicyChecker(cfg, cfg.ModelConfig)
 
 	// Create router manually with proper initialization
 	router := &extproc.OpenAIRouter{
diff --git a/src/semantic-router/pkg/utils/pii/policy.go b/src/semantic-router/pkg/utils/pii/policy.go
@@ -8,18 +8,30 @@ import (
 
 // PolicyChecker handles PII policy validation
 type PolicyChecker struct {
+	Config       *config.RouterConfig
 	ModelConfigs map[string]config.ModelParams
 }
 
+// IsJailbreakEnabled checks if jailbreak detection is enabled and properly configured
+func (c *PolicyChecker) IsPIIEnabled() bool {
+	return c.Config.PromptGuard.Enabled
+}
+
 // NewPolicyChecker creates a new PII policy checker
-func NewPolicyChecker(modelConfigs map[string]config.ModelParams) *PolicyChecker {
+func NewPolicyChecker(cfg *config.RouterConfig, modelConfigs map[string]config.ModelParams) *PolicyChecker {
 	return &PolicyChecker{
+		Config:       cfg,
 		ModelConfigs: modelConfigs,
 	}
 }
 
 // CheckPolicy checks if the detected PII types are allowed for the given model
 func (pc *PolicyChecker) CheckPolicy(model string, detectedPII []string) (bool, []string, error) {
+	if !pc.IsPIIEnabled() {
+		log.Printf("PII detection is disabled, allowing request")
+		return true, nil, nil
+	}
+
 	modelConfig, exists := pc.ModelConfigs[model]
 	if !exists {
 		// If no specific config, allow by default

Original file line number	Diff line number	Diff line change
`@@ -127,7 +127,7 @@ func NewOpenAIRouter(configPath string) (*OpenAIRouter, error) {`
`127`	`127`	`}`
`128`	`128`
`129`	`129`	`// Create utility components`
`130`		`- piiChecker := pii.NewPolicyChecker(cfg.ModelConfig)`
	`130`	`+ piiChecker := pii.NewPolicyChecker(cfg, cfg.ModelConfig)`
`131`	`131`	`ttftCalculator := ttft.NewCalculator(cfg.GPUConfig)`
`132`	`132`	`modelTTFT := ttftCalculator.InitializeModelTTFT(cfg)`
`133`	`133`	`classifier := classification.NewClassifier(cfg, categoryMapping, piiMapping, jailbreakMapping, modelTTFT)`