Skip to content

API Reference

This is a technical reference for the implementation of the lakera_chainguard library.

LakeraChainGuard

Source code in lakera_chainguard/lakera_chainguard.py 
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
class LakeraChainGuard:
    def __init__(
        self,
        api_key: str = "",
        endpoint: Endpoints = "prompt_injection",
        additional_json_properties: dict = dict(),
        raise_error: bool = True,
    ) -> None:
        """
        Contains different methods that help with guarding LLMs and agents in LangChain.

        Args:
            api_key: API key for Lakera Guard
            endpoint: which AI security risk you want to guard against, see also
                classifier endpoints available here: https://platform.lakera.ai/docs/api
            additional_json_properties: add additional key-value pairs to the body of
                the API request apart from 'input', e.g. domain_whitelist for pii
            raise_error: whether to raise an error or a warning if the classifier
                endpoint detects AI security risk
        Returns:
            None
        """
        # In the arguments of the __init__, we cannot set api_key: str =
        # os.environ.get("LAKERA_GUARD_API_KEY") because this would only be
        # evaluated once when the class is imported. This would mean that if the
        # user sets the environment variable (e.g. via load_dotenv()) after importing
        # the class , the class would not use the environment variable.
        self.api_key = api_key or os.environ.get("LAKERA_GUARD_API_KEY")
        if not self.api_key:
            raise ValueError(
                "No Lakera Guard API key provided. Either provide it in the "
                "constructor or set the environment variable LAKERA_GUARD_API_KEY."
            )
        self.endpoint = endpoint
        self.additional_json_properties = additional_json_properties
        self.raise_error = raise_error

    def _call_lakera_guard(self, query: Union[str, GuardChatMessages]) -> dict:
        """
        Makes an API request to the Lakera Guard API endpoint specified in
        self.endpoint.

        Args:
            query: User prompt or list of message containing system, user
                and assistant roles.
        Returns:
            The endpoints's API response as dict
        """
        request_input = {"input": query}

        if "input" in self.additional_json_properties:
            raise ValueError(
                'You cannot specify the "input" argument in additional_json_properties.'
            )

        request_body = self.additional_json_properties | request_input

        response = session.post(
            f"https://api.lakera.ai/v1/{self.endpoint}",
            json=request_body,
            headers={"Authorization": f"Bearer {self.api_key}"},
        )
        response_body = response.json()

        # Error handling
        if "error" in response_body:
            if response_body["error"] == "Unauthorized":
                raise ValueError(
                    str(response_body) + " Please provide a valid Lakera Guard API key."
                )
            elif response_body["error"] == "Invalid Request":
                raise ValueError(
                    str(response_body)
                    + (
                        f" Provided properties {str(self.additional_json_properties)} "
                        "in 'additional_json_properties' are not valid."
                    )
                )
            else:
                raise ValueError(str(response_body))
        if "results" not in response_body:
            raise ValueError(str(response_body))

        return response_body

    def _convert_to_lakera_guard_input(
        self, prompt: GuardInput
    ) -> Union[str, list[dict[str, str]]]:
        """
        Formats the input into LangChain's LLMs or ChatLLMs to be compatible as Lakera
        Guard input.

        Args:
            prompt: Object that follows LangChain's LLM or ChatLLM input format
        Returns:
            Object that follows Lakera Guard's input format
        """
        if isinstance(prompt, str):
            return prompt
        else:
            if isinstance(prompt, PromptValue):
                prompt = prompt.to_messages()
            if isinstance(prompt, List):
                formatted_input = [
                    {"role": "system", "content": ""},
                    {"role": "user", "content": ""},
                    {"role": "assistant", "content": ""},
                ]
                # For system, human, assistant, we put the last message of each
                # type in the guard input
                for message in prompt:
                    if not isinstance(
                        message, (HumanMessage, SystemMessage, AIMessage)
                    ) or not isinstance(message.content, str):
                        raise TypeError("Input type not supported by Lakera Guard.")
                    if isinstance(message, SystemMessage):
                        formatted_input[0]["content"] = message.content
                    elif isinstance(message, HumanMessage):
                        formatted_input[1]["content"] = message.content
                    else:  # must be AIMessage
                        formatted_input[2]["content"] = message.content
                if self.endpoint != "prompt_injection":
                    return formatted_input[1]["content"]
                return formatted_input
            else:
                return str(prompt)

    def detect(self, prompt: GuardInput) -> GuardInput:
        """
        If input contains AI security risk specified in self.endpoint, raises either
        LakeraGuardError or LakeraGuardWarning depending on self.raise_error True or
        False. Otherwise, lets input through.

        Args:
            prompt: input to check regarding AI security risk
        Returns:
            prompt unchanged
        """
        formatted_input = self._convert_to_lakera_guard_input(prompt)

        lakera_guard_response = self._call_lakera_guard(formatted_input)

        if lakera_guard_response["results"][0]["flagged"]:
            if self.raise_error:
                raise LakeraGuardError(
                    f"Lakera Guard detected {self.endpoint}.", lakera_guard_response
                )
            else:
                warnings.warn(
                    LakeraGuardWarning(
                        f"Lakera Guard detected {self.endpoint}.",
                        lakera_guard_response,
                    )
                )

        return prompt

    def detect_with_response(self, prompt: GuardInput) -> dict:
        """
        Returns detection result of AI security risk specified in self.endpoint
        with regard to the input.

        Args:
            input: input to check regarding AI security risk
        Returns:
            detection result of AI security risk specified in self.endpoint
        """
        formatted_input = self._convert_to_lakera_guard_input(prompt)

        lakera_guard_response = self._call_lakera_guard(formatted_input)

        return lakera_guard_response

    def get_guarded_llm(self, type_of_llm: Type[BaseLLMT]) -> Type[BaseLLMT]:
        """
        Creates a subclass of type_of_llm where the input to the LLM always gets
        checked w.r.t. AI security risk specified in self.endpoint.

        Args:
            type_of_llm: any type of LangChain's LLMs
        Returns:
            Guarded subclass of type_of_llm
        """
        lakera_guard_instance = self

        class GuardedLLM(type_of_llm):  # type: ignore
            @property
            def _llm_type(self) -> str:
                return "guarded_" + super()._llm_type

            def _generate(
                self,
                prompts: List[str],
                **kwargs: Any,
            ) -> LLMResult:
                for prompt in prompts:
                    lakera_guard_instance.detect(prompt)

                return super()._generate(prompts, **kwargs)

        return GuardedLLM

    def get_guarded_chat_llm(
        self, type_of_chat_llm: Type[BaseChatModelT]
    ) -> Type[BaseChatModelT]:
        """
        Creates a subclass of type_of_chat_llm in which the input to the ChatLLM always
          gets checked w.r.t. AI security risk specified in self.endpoint.

        Args:
            type_of_llm: any type of LangChain's ChatLLMs
        Returns:
            Guarded subclass of type_of_llm
        """
        lakera_guard_instance = self

        class GuardedChatLLM(type_of_chat_llm):  # type: ignore
            @property
            def _llm_type(self) -> str:
                return "guarded_" + super()._llm_type

            def _generate(
                self,
                messages: List[BaseMessage],
                stop: Optional[List[str]] = None,
                run_manager: Optional[CallbackManagerForLLMRun] = None,
                **kwargs: Any,
            ) -> ChatResult:
                lakera_guard_instance.detect(messages)
                return super()._generate(messages, stop, run_manager, **kwargs)

        return GuardedChatLLM

    def get_guarded_agent_executor(self) -> Type[AgentExecutor]:
        """
        Creates a subclass of the AgentExecutor in which the input to the LLM that the
        AgentExecutor is initialized with gets checked w.r.t. AI security risk specified
        in self.endpoint.

        Returns:
            Guarded AgentExecutor subclass
        """
        lakera_guard_instance = self

        class GuardedAgentExecutor(AgentExecutor):
            def _take_next_step(
                self,
                name_to_tool_map: Dict[str, BaseTool],
                color_mapping: Dict[str, str],
                inputs: Dict[str, str],
                intermediate_steps: List[Tuple[AgentAction, str]],
                run_manager: CallbackManagerForChainRun | None = None,
            ) -> Union[AgentFinish, List[Tuple[AgentAction, str]]]:
                for val in inputs.values():
                    lakera_guard_instance.detect(val)

                res = super()._take_next_step(
                    name_to_tool_map,
                    color_mapping,
                    inputs,
                    intermediate_steps,
                    run_manager,
                )

                for act in intermediate_steps:
                    lakera_guard_instance.detect(act[1])

                return res

        return GuardedAgentExecutor

__init__(api_key='', endpoint='prompt_injection', additional_json_properties=dict(), raise_error=True)

Contains different methods that help with guarding LLMs and agents in LangChain.

Parameters:

Name Type Description Default
api_key str

API key for Lakera Guard

 ''
endpoint Endpoints

which AI security risk you want to guard against, see also classifier endpoints available here: https://platform.lakera.ai/docs/api

 'prompt_injection'
additional_json_properties dict

add additional key-value pairs to the body of the API request apart from 'input', e.g. domain_whitelist for pii

 dict()
raise_error bool

whether to raise an error or a warning if the classifier endpoint detects AI security risk

 True

Returns: None

Source code in lakera_chainguard/lakera_chainguard.py 
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
def __init__(
    self,
    api_key: str = "",
    endpoint: Endpoints = "prompt_injection",
    additional_json_properties: dict = dict(),
    raise_error: bool = True,
) -> None:
    """
    Contains different methods that help with guarding LLMs and agents in LangChain.

    Args:
        api_key: API key for Lakera Guard
        endpoint: which AI security risk you want to guard against, see also
            classifier endpoints available here: https://platform.lakera.ai/docs/api
        additional_json_properties: add additional key-value pairs to the body of
            the API request apart from 'input', e.g. domain_whitelist for pii
        raise_error: whether to raise an error or a warning if the classifier
            endpoint detects AI security risk
    Returns:
        None
    """
    # In the arguments of the __init__, we cannot set api_key: str =
    # os.environ.get("LAKERA_GUARD_API_KEY") because this would only be
    # evaluated once when the class is imported. This would mean that if the
    # user sets the environment variable (e.g. via load_dotenv()) after importing
    # the class , the class would not use the environment variable.
    self.api_key = api_key or os.environ.get("LAKERA_GUARD_API_KEY")
    if not self.api_key:
        raise ValueError(
            "No Lakera Guard API key provided. Either provide it in the "
            "constructor or set the environment variable LAKERA_GUARD_API_KEY."
        )
    self.endpoint = endpoint
    self.additional_json_properties = additional_json_properties
    self.raise_error = raise_error

detect(prompt)

If input contains AI security risk specified in self.endpoint, raises either LakeraGuardError or LakeraGuardWarning depending on self.raise_error True or False. Otherwise, lets input through.

Parameters:

Name Type Description Default
prompt GuardInput

input to check regarding AI security risk

 required

Returns: prompt unchanged

Source code in lakera_chainguard/lakera_chainguard.py 
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
def detect(self, prompt: GuardInput) -> GuardInput:
    """
    If input contains AI security risk specified in self.endpoint, raises either
    LakeraGuardError or LakeraGuardWarning depending on self.raise_error True or
    False. Otherwise, lets input through.

    Args:
        prompt: input to check regarding AI security risk
    Returns:
        prompt unchanged
    """
    formatted_input = self._convert_to_lakera_guard_input(prompt)

    lakera_guard_response = self._call_lakera_guard(formatted_input)

    if lakera_guard_response["results"][0]["flagged"]:
        if self.raise_error:
            raise LakeraGuardError(
                f"Lakera Guard detected {self.endpoint}.", lakera_guard_response
            )
        else:
            warnings.warn(
                LakeraGuardWarning(
                    f"Lakera Guard detected {self.endpoint}.",
                    lakera_guard_response,
                )
            )

    return prompt

detect_with_response(prompt)

Returns detection result of AI security risk specified in self.endpoint with regard to the input.

Parameters:

Name Type Description Default
input

input to check regarding AI security risk

 required

Returns: detection result of AI security risk specified in self.endpoint

Source code in lakera_chainguard/lakera_chainguard.py 
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
def detect_with_response(self, prompt: GuardInput) -> dict:
    """
    Returns detection result of AI security risk specified in self.endpoint
    with regard to the input.

    Args:
        input: input to check regarding AI security risk
    Returns:
        detection result of AI security risk specified in self.endpoint
    """
    formatted_input = self._convert_to_lakera_guard_input(prompt)

    lakera_guard_response = self._call_lakera_guard(formatted_input)

    return lakera_guard_response

get_guarded_agent_executor()

Creates a subclass of the AgentExecutor in which the input to the LLM that the AgentExecutor is initialized with gets checked w.r.t. AI security risk specified in self.endpoint.

Returns:

Type Description
Type[AgentExecutor]

Guarded AgentExecutor subclass
Source code in lakera_chainguard/lakera_chainguard.py 
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
def get_guarded_agent_executor(self) -> Type[AgentExecutor]:
    """
    Creates a subclass of the AgentExecutor in which the input to the LLM that the
    AgentExecutor is initialized with gets checked w.r.t. AI security risk specified
    in self.endpoint.

    Returns:
        Guarded AgentExecutor subclass
    """
    lakera_guard_instance = self

    class GuardedAgentExecutor(AgentExecutor):
        def _take_next_step(
            self,
            name_to_tool_map: Dict[str, BaseTool],
            color_mapping: Dict[str, str],
            inputs: Dict[str, str],
            intermediate_steps: List[Tuple[AgentAction, str]],
            run_manager: CallbackManagerForChainRun | None = None,
        ) -> Union[AgentFinish, List[Tuple[AgentAction, str]]]:
            for val in inputs.values():
                lakera_guard_instance.detect(val)

            res = super()._take_next_step(
                name_to_tool_map,
                color_mapping,
                inputs,
                intermediate_steps,
                run_manager,
            )

            for act in intermediate_steps:
                lakera_guard_instance.detect(act[1])

            return res

    return GuardedAgentExecutor

get_guarded_chat_llm(type_of_chat_llm)

Creates a subclass of type_of_chat_llm in which the input to the ChatLLM always gets checked w.r.t. AI security risk specified in self.endpoint.

Parameters:

Name Type Description Default
type_of_llm

any type of LangChain's ChatLLMs

 required

Returns: Guarded subclass of type_of_llm

Source code in lakera_chainguard/lakera_chainguard.py 
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
def get_guarded_chat_llm(
    self, type_of_chat_llm: Type[BaseChatModelT]
) -> Type[BaseChatModelT]:
    """
    Creates a subclass of type_of_chat_llm in which the input to the ChatLLM always
      gets checked w.r.t. AI security risk specified in self.endpoint.

    Args:
        type_of_llm: any type of LangChain's ChatLLMs
    Returns:
        Guarded subclass of type_of_llm
    """
    lakera_guard_instance = self

    class GuardedChatLLM(type_of_chat_llm):  # type: ignore
        @property
        def _llm_type(self) -> str:
            return "guarded_" + super()._llm_type

        def _generate(
            self,
            messages: List[BaseMessage],
            stop: Optional[List[str]] = None,
            run_manager: Optional[CallbackManagerForLLMRun] = None,
            **kwargs: Any,
        ) -> ChatResult:
            lakera_guard_instance.detect(messages)
            return super()._generate(messages, stop, run_manager, **kwargs)

    return GuardedChatLLM

get_guarded_llm(type_of_llm)

Creates a subclass of type_of_llm where the input to the LLM always gets checked w.r.t. AI security risk specified in self.endpoint.

Parameters:

Name Type Description Default
type_of_llm Type[BaseLLMT]

any type of LangChain's LLMs

 required

Returns: Guarded subclass of type_of_llm

Source code in lakera_chainguard/lakera_chainguard.py 
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
def get_guarded_llm(self, type_of_llm: Type[BaseLLMT]) -> Type[BaseLLMT]:
    """
    Creates a subclass of type_of_llm where the input to the LLM always gets
    checked w.r.t. AI security risk specified in self.endpoint.

    Args:
        type_of_llm: any type of LangChain's LLMs
    Returns:
        Guarded subclass of type_of_llm
    """
    lakera_guard_instance = self

    class GuardedLLM(type_of_llm):  # type: ignore
        @property
        def _llm_type(self) -> str:
            return "guarded_" + super()._llm_type

        def _generate(
            self,
            prompts: List[str],
            **kwargs: Any,
        ) -> LLMResult:
            for prompt in prompts:
                lakera_guard_instance.detect(prompt)

            return super()._generate(prompts, **kwargs)

    return GuardedLLM

LakeraGuardError

Bases: RuntimeError

Source code in lakera_chainguard/lakera_chainguard.py 
38
39
40
41
42
43
44
45
46
47
48
49
50
class LakeraGuardError(RuntimeError):
    def __init__(self, message: str, lakera_guard_response: dict) -> None:
        """
        Custom error that gets raised if Lakera Guard detects AI security risk.

        Args:
            message: error message
            lakera_guard_response: Lakera Guard's API response in json format
        Returns:
            None
        """
        super().__init__(message)
        self.lakera_guard_response = lakera_guard_response

__init__(message, lakera_guard_response)

Custom error that gets raised if Lakera Guard detects AI security risk.

Parameters:

Name Type Description Default
message str

error message

 required
lakera_guard_response dict

Lakera Guard's API response in json format

 required

Returns: None

Source code in lakera_chainguard/lakera_chainguard.py 
39
40
41
42
43
44
45
46
47
48
49
50
def __init__(self, message: str, lakera_guard_response: dict) -> None:
    """
    Custom error that gets raised if Lakera Guard detects AI security risk.

    Args:
        message: error message
        lakera_guard_response: Lakera Guard's API response in json format
    Returns:
        None
    """
    super().__init__(message)
    self.lakera_guard_response = lakera_guard_response

LakeraGuardWarning

Bases: RuntimeWarning

Source code in lakera_chainguard/lakera_chainguard.py 
53
54
55
56
57
58
59
60
61
62
63
64
65
class LakeraGuardWarning(RuntimeWarning):
    def __init__(self, message: str, lakera_guard_response: dict) -> None:
        """
        Custom warning that gets raised if Lakera Guard detects AI security risk.

        Args:
            message: error message
            lakera_guard_response: Lakera Guard's API response in json format
        Returns:
            None
        """
        super().__init__(message)
        self.lakera_guard_response = lakera_guard_response

__init__(message, lakera_guard_response)

Custom warning that gets raised if Lakera Guard detects AI security risk.

Parameters:

Name Type Description Default
message str

error message

 required
lakera_guard_response dict

Lakera Guard's API response in json format

 required

Returns: None

Source code in lakera_chainguard/lakera_chainguard.py 
54
55
56
57
58
59
60
61
62
63
64
65
def __init__(self, message: str, lakera_guard_response: dict) -> None:
    """
    Custom warning that gets raised if Lakera Guard detects AI security risk.

    Args:
        message: error message
        lakera_guard_response: Lakera Guard's API response in json format
    Returns:
        None
    """
    super().__init__(message)
    self.lakera_guard_response = lakera_guard_response