From 3fe82d3301d6e63dae90c881bc3fb70319b638fa Mon Sep 17 00:00:00 2001 From: tomek-labuk Date: Wed, 27 Aug 2025 16:15:22 +0200 Subject: [PATCH 1/8] Add scaffold plugin structure --- .../ai-semantic-response-guard/changelog.md | 5 +++ .../examples/example.yaml | 22 ++++++++++++ .../ai-semantic-response-guard/index.md | 36 +++++++++++++++++++ .../ai-semantic-response-guard/reference.md | 3 ++ 4 files changed, 66 insertions(+) create mode 100644 app/_kong_plugins/ai-semantic-response-guard/changelog.md create mode 100644 app/_kong_plugins/ai-semantic-response-guard/examples/example.yaml create mode 100644 app/_kong_plugins/ai-semantic-response-guard/index.md create mode 100644 app/_kong_plugins/ai-semantic-response-guard/reference.md diff --git a/app/_kong_plugins/ai-semantic-response-guard/changelog.md b/app/_kong_plugins/ai-semantic-response-guard/changelog.md new file mode 100644 index 0000000000..d1a2a17723 --- /dev/null +++ b/app/_kong_plugins/ai-semantic-response-guard/changelog.md @@ -0,0 +1,5 @@ +--- +content_type: reference + +--- +## Changelog \ No newline at end of file diff --git a/app/_kong_plugins/ai-semantic-response-guard/examples/example.yaml b/app/_kong_plugins/ai-semantic-response-guard/examples/example.yaml new file mode 100644 index 0000000000..fa07b59981 --- /dev/null +++ b/app/_kong_plugins/ai-semantic-response-guard/examples/example.yaml @@ -0,0 +1,22 @@ +description: 'AI Semantic Response Guard' + +title: 'Permit or block prompts based on semantic similarity to known LLM responses, preventing misuse of llm/v1/chat or llm/v1/completions requests' + +weight: 900 + +# requirements: <- not required +# - "some req" + +# variables: <- not required +# my-region: +# description: '' +# value: us + +config: # plugin config in yaml format goes here + +tools: + - deck + - admin-api + - konnect-api + - kic + - terraform \ No newline at end of file diff --git a/app/_kong_plugins/ai-semantic-response-guard/index.md b/app/_kong_plugins/ai-semantic-response-guard/index.md new file mode 100644 index 0000000000..bb3bb5baba --- /dev/null +++ b/app/_kong_plugins/ai-semantic-response-guard/index.md @@ -0,0 +1,36 @@ +--- +title: 'AI Semantic Response Guard' +name: 'AI Semantic Response Guard' + +content_type: plugin + +publisher: kong-inc +description: 'Permit or block prompts based on semantic similarity to known LLM responses, preventing misuse of llm/v1/chat or llm/v1/completions requests' + + +products: + - gateway + +works_on: + - on-prem + - konnect + +min_version: + gateway: '3.12' + +topologies: + on_prem: + - hybrid + - db-less + - traditional + konnect_deployments: + - hybrid + - cloud-gateways + - serverless + + +icon: plugin-slug.png # e.g. acme.svg or acme.png + +tags: + - ai +--- \ No newline at end of file diff --git a/app/_kong_plugins/ai-semantic-response-guard/reference.md b/app/_kong_plugins/ai-semantic-response-guard/reference.md new file mode 100644 index 0000000000..a00b1c79b1 --- /dev/null +++ b/app/_kong_plugins/ai-semantic-response-guard/reference.md @@ -0,0 +1,3 @@ +--- +content_type: reference +--- \ No newline at end of file From 44d48ed5b17ea8c2179bd88033e01abbbe649e38 Mon Sep 17 00:00:00 2001 From: tomek-labuk Date: Wed, 3 Sep 2025 11:37:32 +0200 Subject: [PATCH 2/8] Add WIP contend and examples --- .../examples/allow-and-deny-responses.yaml | 76 +++++++++++++++++++ .../examples/allow-responses.yaml | 63 +++++++++++++++ .../examples/deny-repsponses.yaml | 63 +++++++++++++++ .../examples/example.yaml | 22 ------ .../ai-semantic-response-guard/index.md | 34 ++++++++- 5 files changed, 233 insertions(+), 25 deletions(-) create mode 100644 app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses.yaml create mode 100644 app/_kong_plugins/ai-semantic-response-guard/examples/allow-responses.yaml create mode 100644 app/_kong_plugins/ai-semantic-response-guard/examples/deny-repsponses.yaml delete mode 100644 app/_kong_plugins/ai-semantic-response-guard/examples/example.yaml diff --git a/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses.yaml b/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses.yaml new file mode 100644 index 0000000000..ae6b811dd2 --- /dev/null +++ b/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses.yaml @@ -0,0 +1,76 @@ +description: Block or allow LLM responses based on semantic similarity to defined rules. + +extended_description: | + The AI Semantic Response Guard plugin analyzes the full response from an LLM service and filters it + based on semantic similarity to configured allow or deny patterns. + + Deny rules take precedence over allow rules. Responses matching a deny pattern are blocked, + even if they also match an allow pattern. Responses not matching any allow pattern are blocked + when allow rules are set. + +title: 'Allow and deny responses' + +weight: 900 + +requirements: + - "[AI Proxy plugin](/plugins/ai-proxy/) or [AI Proxy Advanced plugin](/plugins/ai-proxy-advanced/) configured with an LLM service." + - "A [Redis](https://redis.io/docs/latest/) instance or another supported vector database." + - "Port `6379`, or your custom Redis port, is open and reachable from {{site.base_gateway}}." + +variables: + header_value: + value: $OPENAI_API_KEY + description: Your OpenAI API key + redis_host: + value: $REDIS_HOST + description: The host where your Redis instance runs + +config: + embeddings: + auth: + header_name: Authorization + header_value: Bearer ${header_value} + model: + name: text-embedding-3-small + provider: openai + search: + threshold: 0.7 + vectordb: + strategy: redis + distance_metric: cosine + threshold: 0.7 + dimensions: 1024 + redis: + host: ${redis_host} + port: 6379 + rules: + match_all_response_body: true + allow_responses: + - Network troubleshooting and diagnostics + - Cloud infrastructure management (AWS, Azure, GCP) + - Cybersecurity best practices and incident response + - DevOps workflows and automation + - Programming concepts and language usage + - IT policy and compliance guidance + - Software development lifecycle and CI/CD + - Documentation writing and technical explanation + - System administration and configuration + - Productivity and collaboration tools usage + deny_responses: + - Hacking techniques or penetration testing without authorization + - Bypassing software licensing or digital rights management + - Instructions on exploiting vulnerabilities or writing malware + - Circumventing security controls or access restrictions + - Gathering personal or confidential employee information + - Using AI to impersonate or phish others + - Social engineering tactics or manipulation techniques + - Guidance on violating company IT policies + - Content unrelated to work, such as entertainment or dating + - Political, religious, or sensitive non-work-related discussions + +tools: + - deck + - admin-api + - konnect-api + - kic + - terraform diff --git a/app/_kong_plugins/ai-semantic-response-guard/examples/allow-responses.yaml b/app/_kong_plugins/ai-semantic-response-guard/examples/allow-responses.yaml new file mode 100644 index 0000000000..b24fde2091 --- /dev/null +++ b/app/_kong_plugins/ai-semantic-response-guard/examples/allow-responses.yaml @@ -0,0 +1,63 @@ +description: Allow only specific LLM responses based on semantic similarity to defined rules. + +extended_description: | + The AI Semantic Response Guard plugin analyzes the full response from an LLM service and permits it + only if it semantically matches one of the configured allow patterns. + + If a response does not match any of the allow patterns, it is blocked with a 400 Bad Request. + +title: 'Allow only responses' + +weight: 900 + +requirements: + - "[AI Proxy plugin](/plugins/ai-proxy/) or [AI Proxy Advanced plugin](/plugins/ai-proxy-advanced/) configured with an LLM service." + - "A [Redis](https://redis.io/docs/latest/) instance or another supported vector database." + - "Port `6379`, or your custom Redis port, is open and reachable from {{site.base_gateway}}." + +variables: + header_value: + value: $OPENAI_API_KEY + description: Your OpenAI API key + redis_host: + value: $REDIS_HOST + description: The host where your Redis instance runs + +config: + embeddings: + auth: + header_name: Authorization + header_value: Bearer ${header_value} + model: + name: text-embedding-3-small + provider: openai + search: + threshold: 0.7 + vectordb: + strategy: redis + distance_metric: cosine + threshold: 0.7 + dimensions: 1024 + redis: + host: ${redis_host} + port: 6379 + rules: + match_all_response_body: true + allow_responses: + - Network troubleshooting and diagnostics + - Cloud infrastructure management (AWS, Azure, GCP) + - Cybersecurity best practices and incident response + - DevOps workflows and automation + - Programming concepts and language usage + - IT policy and compliance guidance + - Software development lifecycle and CI/CD + - Documentation writing and technical explanation + - System administration and configuration + - Productivity and collaboration tools usage + +tools: + - deck + - admin-api + - konnect-api + - kic + - terraform diff --git a/app/_kong_plugins/ai-semantic-response-guard/examples/deny-repsponses.yaml b/app/_kong_plugins/ai-semantic-response-guard/examples/deny-repsponses.yaml new file mode 100644 index 0000000000..b24fde2091 --- /dev/null +++ b/app/_kong_plugins/ai-semantic-response-guard/examples/deny-repsponses.yaml @@ -0,0 +1,63 @@ +description: Allow only specific LLM responses based on semantic similarity to defined rules. + +extended_description: | + The AI Semantic Response Guard plugin analyzes the full response from an LLM service and permits it + only if it semantically matches one of the configured allow patterns. + + If a response does not match any of the allow patterns, it is blocked with a 400 Bad Request. + +title: 'Allow only responses' + +weight: 900 + +requirements: + - "[AI Proxy plugin](/plugins/ai-proxy/) or [AI Proxy Advanced plugin](/plugins/ai-proxy-advanced/) configured with an LLM service." + - "A [Redis](https://redis.io/docs/latest/) instance or another supported vector database." + - "Port `6379`, or your custom Redis port, is open and reachable from {{site.base_gateway}}." + +variables: + header_value: + value: $OPENAI_API_KEY + description: Your OpenAI API key + redis_host: + value: $REDIS_HOST + description: The host where your Redis instance runs + +config: + embeddings: + auth: + header_name: Authorization + header_value: Bearer ${header_value} + model: + name: text-embedding-3-small + provider: openai + search: + threshold: 0.7 + vectordb: + strategy: redis + distance_metric: cosine + threshold: 0.7 + dimensions: 1024 + redis: + host: ${redis_host} + port: 6379 + rules: + match_all_response_body: true + allow_responses: + - Network troubleshooting and diagnostics + - Cloud infrastructure management (AWS, Azure, GCP) + - Cybersecurity best practices and incident response + - DevOps workflows and automation + - Programming concepts and language usage + - IT policy and compliance guidance + - Software development lifecycle and CI/CD + - Documentation writing and technical explanation + - System administration and configuration + - Productivity and collaboration tools usage + +tools: + - deck + - admin-api + - konnect-api + - kic + - terraform diff --git a/app/_kong_plugins/ai-semantic-response-guard/examples/example.yaml b/app/_kong_plugins/ai-semantic-response-guard/examples/example.yaml deleted file mode 100644 index fa07b59981..0000000000 --- a/app/_kong_plugins/ai-semantic-response-guard/examples/example.yaml +++ /dev/null @@ -1,22 +0,0 @@ -description: 'AI Semantic Response Guard' - -title: 'Permit or block prompts based on semantic similarity to known LLM responses, preventing misuse of llm/v1/chat or llm/v1/completions requests' - -weight: 900 - -# requirements: <- not required -# - "some req" - -# variables: <- not required -# my-region: -# description: '' -# value: us - -config: # plugin config in yaml format goes here - -tools: - - deck - - admin-api - - konnect-api - - kic - - terraform \ No newline at end of file diff --git a/app/_kong_plugins/ai-semantic-response-guard/index.md b/app/_kong_plugins/ai-semantic-response-guard/index.md index bb3bb5baba..171706fac2 100644 --- a/app/_kong_plugins/ai-semantic-response-guard/index.md +++ b/app/_kong_plugins/ai-semantic-response-guard/index.md @@ -3,13 +3,14 @@ title: 'AI Semantic Response Guard' name: 'AI Semantic Response Guard' content_type: plugin +tier: ai_gateway_enterprise publisher: kong-inc description: 'Permit or block prompts based on semantic similarity to known LLM responses, preventing misuse of llm/v1/chat or llm/v1/completions requests' - products: - gateway + - ai-gateway works_on: - on-prem @@ -28,9 +29,36 @@ topologies: - cloud-gateways - serverless - icon: plugin-slug.png # e.g. acme.svg or acme.png tags: - ai ---- \ No newline at end of file +--- + +# AI Semantic Response Guard + +The AI Semantic Response Guard plugin extends the AI Prompt Guard plugin by filtering LLM responses based on semantic similarity to predefined rules. It helps prevent unwanted or unsafe responses when serving `llm/v1/chat`, `llm/v1/completions`, or `llm/v1/embeddings` requests through Kong AI Gateway. + +You can use a combination of `allow` and `deny` response rules to maintain integrity and compliance when returning responses from an LLM service. + +## How it works + +The plugin analyzes the semantic content of the full LLM response before it is returned to the client. The matching behavior is as follows: + +* If any `deny_responses` are set and the response matches a pattern in the deny list, the response is blocked with a `400 Bad Request`. +* If any `allow_responses` are set, but the response matches none of the allowed patterns, the response is also blocked with a `400 Bad Request`. +* If any `allow_responses` are set and the response matches one of the allowed patterns, the response is permitted. +* If both `deny_responses` and `allow_responses` are set, the `deny` condition takes precedence. A response that matches a deny pattern will be blocked, even if it also matches an allow pattern. If the response does not match any deny pattern, it must still match an allow pattern to be permitted. + +## Response processing + +To enforce these rules, the plugin: + +1. **Disables streaming** (`stream=false`) to ensure the full response body is buffered before analysis. +2. **Intercepts the response body** using the `guard-response` filter. +3. **Extracts response text**, supporting JSON parsing of multiple LLM formats and gzipped content. +4. **Generates embeddings** for the extracted text. +5. **Searches the vector database** (Redis, Pgvector, or other) against configured `allow_responses` or `deny_responses`. +6. **Applies the decision rules** described above. + +If a response is blocked or if a system error occurs during evaluation, the plugin returns a `400 Bad Request` to the client without exposing that the Semantic Response Guard blocked it. From 4ee2ae8501eba4d4116d53e3b4f4e7da89f92cb4 Mon Sep 17 00:00:00 2001 From: tomek-labuk Date: Wed, 3 Sep 2025 11:52:02 +0200 Subject: [PATCH 3/8] change config example --- .../examples/deny-repsponses.yaml | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/app/_kong_plugins/ai-semantic-response-guard/examples/deny-repsponses.yaml b/app/_kong_plugins/ai-semantic-response-guard/examples/deny-repsponses.yaml index b24fde2091..47125b7b24 100644 --- a/app/_kong_plugins/ai-semantic-response-guard/examples/deny-repsponses.yaml +++ b/app/_kong_plugins/ai-semantic-response-guard/examples/deny-repsponses.yaml @@ -1,12 +1,12 @@ -description: Allow only specific LLM responses based on semantic similarity to defined rules. +description: Block specific LLM responses based on semantic similarity to defined rules. extended_description: | - The AI Semantic Response Guard plugin analyzes the full response from an LLM service and permits it - only if it semantically matches one of the configured allow patterns. + The AI Semantic Response Guard plugin analyzes the full response from an LLM service and blocks it + if it semantically matches one of the configured deny patterns. - If a response does not match any of the allow patterns, it is blocked with a 400 Bad Request. + Responses that do not match any deny pattern are permitted. -title: 'Allow only responses' +title: 'Deny only responses' weight: 900 @@ -43,17 +43,17 @@ config: port: 6379 rules: match_all_response_body: true - allow_responses: - - Network troubleshooting and diagnostics - - Cloud infrastructure management (AWS, Azure, GCP) - - Cybersecurity best practices and incident response - - DevOps workflows and automation - - Programming concepts and language usage - - IT policy and compliance guidance - - Software development lifecycle and CI/CD - - Documentation writing and technical explanation - - System administration and configuration - - Productivity and collaboration tools usage + deny_responses: + - Hacking techniques or penetration testing without authorization + - Bypassing software licensing or digital rights management + - Instructions on exploiting vulnerabilities or writing malware + - Circumventing security controls or access restrictions + - Gathering personal or confidential employee information + - Using AI to impersonate or phish others + - Social engineering tactics or manipulation techniques + - Guidance on violating company IT policies + - Content unrelated to work, such as entertainment or dating + - Political, religious, or sensitive non-work-related discussions tools: - deck From 5e86edbaa64f5801918592700ea4f932c6be35b0 Mon Sep 17 00:00:00 2001 From: tomek-labuk Date: Thu, 4 Sep 2025 09:05:02 +0200 Subject: [PATCH 4/8] fix --- .../examples/allow-and-deny-responses.yaml | 1 - .../ai-semantic-response-guard/examples/allow-responses.yaml | 1 - .../examples/{deny-repsponses.yaml => deny-responses.yaml} | 1 - 3 files changed, 3 deletions(-) rename app/_kong_plugins/ai-semantic-response-guard/examples/{deny-repsponses.yaml => deny-responses.yaml} (98%) diff --git a/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses.yaml b/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses.yaml index ae6b811dd2..c1558b09bd 100644 --- a/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses.yaml +++ b/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses.yaml @@ -44,7 +44,6 @@ config: host: ${redis_host} port: 6379 rules: - match_all_response_body: true allow_responses: - Network troubleshooting and diagnostics - Cloud infrastructure management (AWS, Azure, GCP) diff --git a/app/_kong_plugins/ai-semantic-response-guard/examples/allow-responses.yaml b/app/_kong_plugins/ai-semantic-response-guard/examples/allow-responses.yaml index b24fde2091..ef61aece7c 100644 --- a/app/_kong_plugins/ai-semantic-response-guard/examples/allow-responses.yaml +++ b/app/_kong_plugins/ai-semantic-response-guard/examples/allow-responses.yaml @@ -42,7 +42,6 @@ config: host: ${redis_host} port: 6379 rules: - match_all_response_body: true allow_responses: - Network troubleshooting and diagnostics - Cloud infrastructure management (AWS, Azure, GCP) diff --git a/app/_kong_plugins/ai-semantic-response-guard/examples/deny-repsponses.yaml b/app/_kong_plugins/ai-semantic-response-guard/examples/deny-responses.yaml similarity index 98% rename from app/_kong_plugins/ai-semantic-response-guard/examples/deny-repsponses.yaml rename to app/_kong_plugins/ai-semantic-response-guard/examples/deny-responses.yaml index 47125b7b24..2a82bb499a 100644 --- a/app/_kong_plugins/ai-semantic-response-guard/examples/deny-repsponses.yaml +++ b/app/_kong_plugins/ai-semantic-response-guard/examples/deny-responses.yaml @@ -42,7 +42,6 @@ config: host: ${redis_host} port: 6379 rules: - match_all_response_body: true deny_responses: - Hacking techniques or penetration testing without authorization - Bypassing software licensing or digital rights management From 41f876adaf6dc3a4fbe90c68e54b0ab9195177a9 Mon Sep 17 00:00:00 2001 From: tomek-labuk Date: Thu, 4 Sep 2025 15:27:56 +0200 Subject: [PATCH 5/8] Update ai gw landing page --- app/_landing_pages/ai-gateway.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/_landing_pages/ai-gateway.yaml b/app/_landing_pages/ai-gateway.yaml index a59f582088..5eeb441cd4 100644 --- a/app/_landing_pages/ai-gateway.yaml +++ b/app/_landing_pages/ai-gateway.yaml @@ -431,6 +431,10 @@ rows: - type: plugin config: slug: ai-aws-guardrails + - blocks: + - type: plugin + config: + slug: ai-semantic-response-guard - blocks: - type: card config: From 88d5d8409255df167be94b0bd3b00bc1413db851 Mon Sep 17 00:00:00 2001 From: tomek-labuk Date: Fri, 5 Sep 2025 06:08:42 +0200 Subject: [PATCH 6/8] Add pgvecotr example --- .../allow-and-deny-responses-pgvector.yaml | 89 +++++++++++++++++++ ...ml => allow-and-deny-responses-redis.yaml} | 2 +- 2 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses-pgvector.yaml rename app/_kong_plugins/ai-semantic-response-guard/examples/{allow-and-deny-responses.yaml => allow-and-deny-responses-redis.yaml} (97%) diff --git a/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses-pgvector.yaml b/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses-pgvector.yaml new file mode 100644 index 0000000000..45f0959f69 --- /dev/null +++ b/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses-pgvector.yaml @@ -0,0 +1,89 @@ +description: Block or allow LLM responses based on semantic similarity to defined rules. + +extended_description: | + The AI Semantic Response Guard plugin analyzes the full response from an LLM service and filters it + based on semantic similarity to configured allow or deny patterns. + + Deny rules take precedence over allow rules. Responses matching a deny pattern are blocked, + even if they also match an allow pattern. Responses not matching any allow pattern are blocked + when allow rules are set. + +title: 'Allow and deny using pgvector as a vector database' + +weight: 900 + +requirements: + - "[AI Proxy plugin](/plugins/ai-proxy/) or [AI Proxy Advanced plugin](/plugins/ai-proxy-advanced/) configured with an LLM service." + - "A [PostgreSQL database with pgvector extension](https://github.com/pgvector/pgvector) installed and reachable from {{site.base_gateway}}." + - "Port `5432`, or your custom PostgreSQL port, is open and reachable from {{site.base_gateway}}." + +variables: + header_value: + value: $OPENAI_API_KEY + description: Your OpenAI API key + pgvector_host: + value: $PGVECTOR_HOST + description: The host where your pgvector-enabled PostgreSQL instance runs + pgvector_user: + value: $PGVECTOR_USER + description: Database user for pgvector + pgvector_password: + value: $PGVECTOR_PASSWORD + description: Database password for pgvector + +config: + embeddings: + auth: + header_name: Authorization + header_value: Bearer ${header_value} + model: + name: text-embedding-3-small + provider: openai + search: + threshold: 0.7 + vectordb: + strategy: pgvector + distance_metric: cosine + threshold: 0.7 + dimensions: 1024 + pgvector: + host: ${pgvector_host} + port: 5432 + database: kong-pgvector + user: ${pgvector_user} + password: ${pgvector_password} + ssl: false + ssl_required: false + ssl_verify: false + ssl_version: tlsv1_2 + timeout: 5000 + rules: + allow_responses: + - Troubleshooting networks and connectivity issues + - Managing cloud platforms (AWS, Azure, GCP) + - Security hardening and incident response strategies + - DevOps pipelines, automation, and observability + - Software engineering concepts and language syntax + - IT governance, compliance, and regulatory guidance + - Continuous integration and deployment practices + - Writing documentation and explaining technical concepts + - Operating system administration and configuration + - Best practices for collaboration and productivity tools + deny_responses: + - Unauthorized penetration testing or hacking tutorials + - Methods for bypassing software licensing or DRM + - Step-by-step instructions for exploiting vulnerabilities + - Techniques to evade or disable security controls + - Collecting or exposing personal or employee data + - Using AI for impersonation, phishing, or fraud + - Manipulative social engineering techniques + - Advice on breaking internal IT or security policies + - Entertainment, dating, or other non-work topics + - Political, religious, or otherwise sensitive discussions unrelated to work + +tools: + - deck + - admin-api + - konnect-api + - kic + - terraform diff --git a/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses.yaml b/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses-redis.yaml similarity index 97% rename from app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses.yaml rename to app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses-redis.yaml index c1558b09bd..1d34132696 100644 --- a/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses.yaml +++ b/app/_kong_plugins/ai-semantic-response-guard/examples/allow-and-deny-responses-redis.yaml @@ -8,7 +8,7 @@ extended_description: | even if they also match an allow pattern. Responses not matching any allow pattern are blocked when allow rules are set. -title: 'Allow and deny responses' +title: 'Allow and deny responses using Redis as a vector database' weight: 900 From 1d2d6a44d250faa1d5fce54e3c584037992f909a Mon Sep 17 00:00:00 2001 From: Angel Date: Mon, 8 Sep 2025 16:56:42 -0400 Subject: [PATCH 7/8] fixes --- .../ai-semantic-response-guard/changelog.md | 14 +++++++++----- .../ai-semantic-response-guard/index.md | 2 -- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/app/_kong_plugins/ai-semantic-response-guard/changelog.md b/app/_kong_plugins/ai-semantic-response-guard/changelog.md index d1a2a17723..1b24c2d6e0 100644 --- a/app/_kong_plugins/ai-semantic-response-guard/changelog.md +++ b/app/_kong_plugins/ai-semantic-response-guard/changelog.md @@ -1,5 +1,9 @@ ---- -content_type: reference - ---- -## Changelog \ No newline at end of file +{ + "3.12.0.0": [ + { + "message": "Added new plugin to permit or block prompts based on semantic similarity to known LLM responses, preventing misuse of llm/v1/chat or llm/v1/completions requests", + "scope": "Plugin", + "type": "feature" + } + ] + } \ No newline at end of file diff --git a/app/_kong_plugins/ai-semantic-response-guard/index.md b/app/_kong_plugins/ai-semantic-response-guard/index.md index 171706fac2..01be27f202 100644 --- a/app/_kong_plugins/ai-semantic-response-guard/index.md +++ b/app/_kong_plugins/ai-semantic-response-guard/index.md @@ -35,8 +35,6 @@ tags: - ai --- -# AI Semantic Response Guard - The AI Semantic Response Guard plugin extends the AI Prompt Guard plugin by filtering LLM responses based on semantic similarity to predefined rules. It helps prevent unwanted or unsafe responses when serving `llm/v1/chat`, `llm/v1/completions`, or `llm/v1/embeddings` requests through Kong AI Gateway. You can use a combination of `allow` and `deny` response rules to maintain integrity and compliance when returning responses from an LLM service. From 954149f1042aac4c0a0e6da55d3949d1d81f6ba8 Mon Sep 17 00:00:00 2001 From: Angel Date: Tue, 9 Sep 2025 14:37:19 -0400 Subject: [PATCH 8/8] icons --- .../ai-semantic-response-guard/index.md | 2 +- .../icons/plugins/ai-semantic-response-guard.png | Bin 0 -> 8577 bytes 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 app/assets/icons/plugins/ai-semantic-response-guard.png diff --git a/app/_kong_plugins/ai-semantic-response-guard/index.md b/app/_kong_plugins/ai-semantic-response-guard/index.md index 01be27f202..164bf3d03c 100644 --- a/app/_kong_plugins/ai-semantic-response-guard/index.md +++ b/app/_kong_plugins/ai-semantic-response-guard/index.md @@ -29,7 +29,7 @@ topologies: - cloud-gateways - serverless -icon: plugin-slug.png # e.g. acme.svg or acme.png +icon: ai-semantic-response-guard.png # e.g. acme.svg or acme.png tags: - ai diff --git a/app/assets/icons/plugins/ai-semantic-response-guard.png b/app/assets/icons/plugins/ai-semantic-response-guard.png new file mode 100644 index 0000000000000000000000000000000000000000..217a8c2ef99faace403a45b499ad77bf190f5311 GIT binary patch literal 8577 zcmV-{A%5P8P)004R> z004l5008;`004mK004C`008P>0026e000+ooVrmw00006VoOIv0RI600RN!9r;`8x zAqq)EK~#9!?VV|mT-SM?pYPnI*Xf=GvttKH0$fChizJc~EsA0kMUrWk=_)%an`OsN zIZCSH{BTm0l;bF={BZsxu99UXa-wXuCCl6(k4@76O=kdZzcj z_k8(rZ*Ma_1Aw9eO?%#|JKb~p-g}n!EZ=wDbIuidU}9nd*FZG@<6*)&1CC=xLbdm+ z<^3SXfPJ8OK-j?#5(=^+=*z$<;Ata#%OW#=K2dJ0)->TLp@qwrFK@Vc134pOQy5X^ z7kqXN*9O#ZJC;WkJ_ZZ{CO(86a{qrp0ULiRa8ZQc5hGtB)K?egGv(3o3RYop?qb)C zT?7q}O#p&OLPTo^RP`S#{5&vvy;Hb@o;V}$SrPeyN^(ZEYC&0=Yu99_`6VJ35Oq;| zpDOSd8(hr3L*7;K22c*$&<|j3PW58U~Cbx*z!X z^^VaF-d-qt%yGXuc`??Vvv)J56(+V~5~AM_&*e+UVH9Mr?aw!FPoNlP)6g z^4SJv$D-)MwkB8=GAZHV`_dQ#Cr+>6yE_bbVp|go;26lIB$|z;*E=>peAw0mE0FYr zsbP;|4N|^fuaV?tp^!eU_}kjZQiXxE!_fm-CdM*M?{cx%U~Cx^HSwvW^lk0m)&wU! zII<_fo~axM_T@Ns$S1hUDy$0GwD7YJr}^hUn<1I#Pm;Ga!3W1Ze(s@R{7jBLQv-bX z-XZpnU0p3!An6OYAMv^UND{}n@;%!T+o}&1iN;lp2scc6{HsSsx#Q>M#LKKvu& zRLV6z^~Womxg21G&5bVw*M(%lCA8Zr8?Fi4CS|*_4)55VVBap6ckD~>t|No&-9L<< zN+Bv}C=BcxYjw&s-7x6xIzl?-<9bO3vqG_?eP?WK z8-g>w;YV&v@y`88rpGgkjSrLXlVBxUwG%38A(c;a_{c7H|rz@I-k%O8AWjW;ees0T`|-n(X|l7{hJIVub?HR^Eu<$!)03fndWTZM8xT3q++ znJTAd>nxQlzw~1c+0h&lDwi)T^Qq5Y;P;+frCir7tzy@K-Q!87CP!GQX4pHKz-sM! zC-ZH`wzQ&EVX0{OzfUjoH_y*OBcM^L@TITK^1mNnrC8gVTvZs%3iln$fxnBv;S9Il zI7BYff3DKDBp4!#dTur3kG@@?R#@Y;GesVMu0XkFuQ-E2fzcs{2i`RZP7)-|?YB&F z$5EFc>@SA5Ex`cQhVtUM3U8cQ;q=)xUN~RJxk4YR3Mn5RygSF?8z+e9PH^_bQS;JZ_Z zXy1^$y$J>yp|Z4QDOZ)o7Q>WQ!CJWYmIVLe4~$aB;56Y7wlBiUQkEd6MDLiEZ5&8G)2<2(40SD2_nd zH>49nK5ZD!8*V?CG*{w3eRhE}7sBhE?5o1I z8R*ywowX^j%KU1G>oph`Vb4T>6NXrE5ITehQA7nK1cJ!elE~l^ZGc(`0(@D<3C>bl zo#Vo#A}gzPWV=*f`lJST!gqv}FSzk%K4ZA;K$4H#Gsyk-kCU0qMeVu>polnNQmAAR z6V+hUrM!5WC%*X-U;K+poIbzCYROWnDAo$aiqdFok8JBZg5%a2h%D#G?-j;!4nO@s zo?m=qiowI9IKC5ID+1z2&9jq58zC1@zs_&|pI7*^Z!B|Z!BP+6XU1~nHmbne--=$3 zAXI+xjsf-zdz@PeP$EluwQPC$T#Ztp#<4vvsgZPxDG>qVLa1DP{UpEsnHTu{U#+rO zP?UCsZywtT+u9HA1*>p$BEi1lwt3O4bt@&y?>@20XaC?L<=Hh_eveuRYb>8X!+-mo z*ZAY7N|dYpp$+#H!3rc@A>|4qDTkCNEe@MlE?a*0>jnPyZ|1PIAUY{vO9j6EbIhV1)Bzs2^JZi7Ad}2i27CyIe%t_FMoZJQy2Sd zbwpngY*o2!BEfBk2D$xko;^ce&+Dpz^32H!-+O)q4ML~|oOpSa<8MSGVf}<{Pq2-L zBdx;TyvK)b&U0XDfP)8y`0(w6>>YHwu7Ri)FPAJ&Kfi`8RH&}jIDVqQsmlRo+vi9( zw)H@V=Li#7m!vCMN0SVzJ-#gRSZoOAF4g*uT-e40t3p0uc;uEGH;nik+nwdW{$bpq6l$XZs?ptf9{s4ty*Ffd z{*6`6E;snp6U$T^ksP>G2snGDNXhk>nG5=^d4_FFFaoted1b!FVkM*y2<||dg9C|Z z!j*#7LQY?(@QqVtPM)hWR}5Mbpa_&|mU9+fxZ%Ia!>YYo+HGPZoJ*wzGh z!Vy@hTAq4ijStQgFxGPXe3@#fxV;=(fl6I@;*|;sH)`&8n&=;LxJGzmslmzftJDK! zp&V{%I0;Z~Se|;V9L@X)x8FGPRprU`j=p?Jm8cKN zg+3z~BGOi>mX&Hq<0>Xy^eeHg^!1}2JeYK_Rw>pkeU-SkfWE820<2WS*7v{b=sSX8 zhuBW^;ppoQI=kGCY)7@tIX1lP}YJQTDu zIFIt7!Zp1`(LZ`|O`c;rap& zQ6f!eR0PBY@c=L0gTrebst#+#B4^K@V|8`4eV6Ov4h>?`>F#_E0)mwSwp?xz=Q_gF zSd!_{B*u&5(TaeH!%xIv`ydGvkF{cXW4NA+*_A`G$)5Sx+;>D<=b}QWYgO!GFSC3`W~OxX5!-W+PXfb*eHq;)QT+4Jj>jPzrcnKP{mE< z8Nc%*;Gjn|Uw|<+?{`b#ej6tm>IW^7TgCD@3o{H0>r~z9lQ9AJ=tB*g4 z1_4%;$$XMeK5~eUJ}`zEGB6;JXcjmZoPj7jcM6DdPVnP-s{ru&ryPVUdPy{T?0Qx><&%Z%2&Vs^eZd&%ne{#2Td0yw>7Kf`RFq z@lyF#Ti`o}A3d^*WYJ(RS;9*ednv@uTWlf3mP2ftMv=5^5TUe6PW}_>qgu8*MXWupIL!)vqoDm zMUX0(H89H{(NSDH&vW1XX1gyGAzWQ0TwcW;8bU-`Et3uE)X%?(#!C|gSgi!S`eun^ zW&mSN6pv7%V*p4Qa2jA1!Bl}FNRi^=WuE))Gp%q%z%CWhg(7BG9x>9@GB#V0Rt=W+ zME!7XnecL9%YJx^dC`jNWyuZRNGd&v7}M$lq)A_^k7zg7t-GaN7&@=9VV$-4lT-_r zS_YhPJW?ZjNe}PEvpQeHSqWqu}V&WT>Bb95rZeFq20r<}-Ob3omwtHTrU0T0xR za!{Ia6Bm&bDrpv$Enj=`6lc#b#(SbECY>g^dmsMDE?TR>1#F{1_3RnybF)$32c$g1 zoqKcKu_s5$GZ6_U;XSo0|i0OW7RcMvK>Zb2Q z+B^=O)+~6ggXt{&s*y3*%bGWa&Mg2mjz_pY9-D?Ar%SYFxL9o&l2;266BP(~OEq{0 z{eY|VgEwwQB(kneCfem@(?Y0MI?>x_HO55NW_P5zU9~HQ)dND$G@$mHcYE*Ut2h1W z&PTOdrS9vM$fwrcS+GgoY~fRPU~@MKOUfT(a`gQSWDg_K?pNzUfw_fmvApsks$sNW zM%v{k?iuGJ_l)9YVwb@uI!s5RMB@G^6L0=GuTr@50UJx}MQkT%>g3dFmH0f(TZXeY;XT z`p^`2-JVA>0!eA-neh>m2WKQcb|KCPwIIWHo;|_mzwrCa%$(g=39d-6T80L0W@_X? zJa3@o(<)$Tko3nWtiDDVR-#A_C;7y^yE(Wo4Jm;X@ga~TBHWE5j){ClW577zBqG1n ze+LTjGxVaML*)+-NK6 zR!gE7br9oqT|1a`$yov1-V|Y%Lt+2&zvx2n^ zJd?q9@?b62Hqfv^BUt6){MT43okp>M5ZY*~gvq=QA=Jv2T1lyuEVZJgRtlrrub9C0K(`~gGPKVjQ)?$)e5sLz4lG&s|&5ynray0`srwB)+!n{APn302SKzm zUJyVKM&BC&<@0A)J9(V2QjEGFfFQul+&GfhC{x7)kmB zl_-yDmH4PxYJsI%52)3uRI5d5wN)zR5>Gz;BER>gZ!*8I+HIA0vbdEMEf|dP;?mjq z0L9umR@-BsB9L$mzGGUib&Vf##m}xW=K$Cc8#KDyD={V-wCN?P1dXn6jR;B4;5iZD?IyjI6&?B1&YK`m zD%AkHg?qK*CiOY4>?YCM@qg>s#Kr2A-da+hVvO{#5S!AXZW+!MW6~oYn+@vpk~rU1 zx$y0B&(>i}f*tWmx#RfG08z7`J@QRk?>|_dzfH%aD^s*VwLVWhXm7~vI>OXMlIe*g z#+69cGg$(g;^O5ME?t@>2!hswJwHb>IojQnN>_~9;jWKw>`sM2m0Ed`uu*CKWE>Aa zGlJ`9y3(LwgL-+HpjzyXbBA20PG?@nX}DUs(Dm?gLpZ54>(Nr_)~836uu>){6wsh? z?F6fab< z`SHVi>|Oi%wk#;4zp<0e~@8XbOb+gFX; zx=u?w`pr@+&2#zmJ-v02`YPjIVC+zpV|ZU4E10r=Os5=8b45 zwFfqr3$YA(hZ%Hkh~GS8Ayg!^&DV)Va#{!)Xyi%-idcnE<7*`!?37?Yav=&f%0o4%o#rPz)ehy54YqsV_Zgt@50e!mlR2$aXd7RTQh#z zk~^F7AAyiejx#uVYkL4gEt&j2vblXxyjv0}cy5-V>0>R4v!`5mIm9m6F1e8E*+?!d zzZlDuFSCDlw_J!?Qlq;`jqFAOiKM_rTb3ozmV6n>hzfO!SVMARFNyIf*uu!#qKOtN z;R2P$0vUHAk_)9>gH?#cX{AFd1Z_?|F>Q&kvqpusPNDdEOD=3lZ)ZvzOAX*;oXB5x zR=}R(#EDs!mKP!!EheH|ygpR>x4LHd~aqSyPED=%BtvY5817Y7LFb zGWFsziR@^r+fgC~tTaCp2_l_wezU|elf_tP6S=S+$%Rq@DT1s~T%6^(?|!FCrVQ2! z1cd^Aei$4tvM;(ut zSSr0hv34HCwxzc{Iqo=+BQ@xt10YEuRF7v)l=#l^St^xAJkn`Mr>4p0Zo+k=K1(~( z*EwX_B6$5drO{ZUu<#PK>S8Osu9qb{e3;b01Y(?4A+fg3>inxzS0jnDE6#fdNO?{) zlfwt~L7H-*E3qdhi1AR#u&^u} z`-77URj=T!^!iC8>U($O!oRz?f*;)M%dWKyNaQ!J8~xhwtna&MZS<*oN^d>G(=EUE zk}12U>vs6+k#8#-TZ2t%3KSCKc-W44~!zNK84kx34?A75nx{_~!pW zNQ33zRW8&Xrxad7Fn}`X-^kv~-zVjab{P;#dmG=jix3xvSh7=S%{FWsO_oyQ5|@^r zWVP}J5KC{PDIR@riaT%3W132qM?Bk-xLHf0GJrVwSiu^MK208+JjGJTV}JQqT{5NX z2oK&d!q5Ep6a%9k;-nCNKQ#{Wo#XR-{)>Oc%*;$&D3r|Lent<^#W|MF zeVg*~S(-AXpB-WN;Co2#+81Sn={61{mn|M^h`(DKP@bEiaOyc4YnvNdTM!&FW{z>t zd=y{uZJDe|rs?5h0vOA%dxW}O;dJn)k@bzTJNW^o6Ys-Fvdd5Iv7zUy7gFD&z!&z>UT`=}}-)9+z;{4R{=b;+68p@TS% z&&<+HBvWcgcJu~z9k>rCnSm~8G9F1>Z&Alnkkcc32`eR*UVb`~DX)!S#n%CRn~8?e z))Q&lv->*dNMpglL)7iE_>v6cgdRxySFJngUlAujqzYygHS>s>Z4>N_l5i3@rY)uzgbCkA=M?LOuuBnp8L>Vd z9-dR_GUt6i-z66|2YU=IW?irDzBroc;rWBOPNF4g+OR>jILrLZQ`Aaxt!7oj0N2Yz6DzEZCC#?v zNf=<8lBJDgM-A!}FP~!N^s@xj;%3u!RE9?F|+=gYe9tQ$YRf=uZ$^e4H9f{5&fdF|B=D~W8e z`Upn$5XBCwoYqs+OQ$q+VHSt@_wNAUy4=nx_!E42*aFYO#!mH*-h*6O8Cln)8;3 zeb+8YuG4?*vZ_1Ap<|b)$}(s5YrGWvPeN*Kx$qwz=A%D4hFK>U{?$_#`L`W%p(7rL zl0U}2^gqBgsV*6?d#WsLaiq(a7E~f1`fTCLoLhYi!9?M%EqeVknSP$VIWBBIp7 z0+*J*!RfgUi8G(%laCzcqYsRB$b}O5CDN1&$H1KgX9~Oyx$rZeU1SL{NiT1G@w*C%f*vlp)mh)*QCD~7ghL{5wVK`U*1T6$gc2ab~TR1 zN{Njpp4s**KSM=Bjem=d=K0pSAigg?pR|MQ;r^DZ(3A^5xOW&?1iNOt<-!l##Kc60 zT!_b%_g*}kY=_g52(=|m(mL9*Vf4F2LdZH(jHd2vHKmFrpFB+7Kirl_V~Nx!$N0c| zx+TtBf`|4EBMV?JTI_7Ry0B=mwMMkMurkxVy09r1exP%8p(UH$Pd0s^TUuSWdQ+O| zi~l#)VIX&iOm6RHvrvA=sLZ&=vSx+)sEWQ99=Q( z@7`q6qMA!A6>7`UsD%Yqt8a9e(L%McK&`ew+8YNkEon5+8ii61iL-Ncp#_4bTqu#h z?bM?wu2KQkV!3er>cV&xXL*TaYBXBp*D15MR!21dHaSqLytJ$ zsIOj3G&l&|6UDDdF2qLhx`tV5(&LPXv##{F<QYYJ%xKP)&7^2?r+e7d1EYsKPJi$&6@9HAS4 z*oz?N5RL+q*E_a5xF#G&`BkhwVF^P)Sf0HUwUd>~8mUYc5DR(+%u5J)-~fI4Zlykg zf_w$!SF!p8MgoAP`AY!pj<8ZLl1gVmjrFR@^VScaL0AM10fW~&6+7sOdEiqj@*fj! z;zSrvuUuNV+`6F4JFb+Aq|-SW$-v}$e>Jqa3|m_QAfh7gbtk6Kzq_lt55@IHY