Add Base Prompt Rule functionality to Guardrail Policies #3598
Conversation
krngrover94
commented
Nov 21, 2025
krngrover94
commented
- Introduced Base Prompt Rule in GuardrailPoliciesAction to auto-populate base prompts based on selected agent collections.
- Updated GuardrailPolicies DTO to include BasePromptRule with properties for enabling, auto-detection, and confidence score.
- Enhanced CreateGuardrailModal to manage Base Prompt Rule settings, including UI elements for configuration.
- Modified GuardrailPolicies component to handle Base Prompt Rule data in the UI.
- Added logic to fetch detected base prompts from agent collections.
- Introduced Base Prompt Rule in GuardrailPoliciesAction to auto-populate base prompts based on selected agent collections. - Updated GuardrailPolicies DTO to include BasePromptRule with properties for enabling, auto-detection, and confidence score. - Enhanced CreateGuardrailModal to manage Base Prompt Rule settings, including UI elements for configuration. - Modified GuardrailPolicies component to handle Base Prompt Rule data in the UI. - Added logic to fetch detected base prompts from agent collections.
![devsecopsbot[bot]](https://avatars.githubusercontent.com/in/963709?s=60&v=4){kind=small}
There was a problem hiding this comment.
🤖 AI Security analysis: "Automated analysis found no security issues in the five changed files. No immediate fixes required, but residual risks such as runtime logic flaws and dependency vulnerabilities may remain and warrant verification."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 5.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
…ic_base_prompt_intent_guardrail
There was a problem hiding this comment.
🤖 AI Security analysis: "Automated scan found no issues across nine changed files, but changes could still introduce undetected vulnerabilities or logic errors. Ensure manual review and full CI/security testing for sensitive areas."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 5.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
There was a problem hiding this comment.
🤖 AI Security analysis: "Automated scan found no issues across nine changed files, but changes could still introduce undetected vulnerabilities or logic errors. Ensure manual review and full CI/security testing for sensitive areas."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 5.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
| * | ||
| * Fetches detectedBasePrompt from the first selected agent collection | ||
| */ | ||
| private void populateBasePromptIfNeeded(GuardrailPolicies policy) { |
There was a problem hiding this comment.
- Duplicate logic in cyborg as well, can think of keeping it in some common place like
libs/dao/src/main/java/com/akto/util - Also, we are not showing the auto detected base prompt in UI. Why do we need this then?
.../web/polaris_web/web/src/apps/dashboard/pages/guardrails/components/steps/BasePromptStep.jsx
Show resolved
Hide resolved
.../web/polaris_web/web/src/apps/dashboard/pages/guardrails/components/steps/BasePromptStep.jsx
Outdated
Show resolved
Hide resolved
.../web/polaris_web/web/src/apps/dashboard/pages/guardrails/components/steps/BasePromptStep.jsx
Outdated
Show resolved
Hide resolved
.../web/polaris_web/web/src/apps/dashboard/pages/guardrails/components/steps/BasePromptStep.jsx
Outdated
Show resolved
Hide resolved
| <HorizontalStack gap="2" blockAlign="center"> | ||
| <Text | ||
| variant="bodyMd" | ||
| <Text |
There was a problem hiding this comment.
Fix / restore the formatting in entire renderAllSteps block
.../web/polaris_web/web/src/apps/dashboard/pages/guardrails/components/steps/BasePromptStep.jsx
Outdated
Show resolved
Hide resolved
…ve placeholder detection logic. Update CreateGuardrailModal for better layout consistency and adjust BasePromptStep for confidence threshold labeling.
There was a problem hiding this comment.
🤖 AI Security analysis: "Automated scan found no issues, but absence of findings does not guarantee safety. Multiple modified files increase regression and undetected-vulnerability risk; validate with additional targeted testing and reviews."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 10.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
rakshak-akto
left a comment
rakshak-akto
left a comment
There was a problem hiding this comment.
As discussed,
- lets show base prompt for all agents
- show some messaging if base prompt could not be detected or confidence score is not enough or no single template found.
- in future iteration, we can allow option to edit as well
- In policy page, simply show a checkbox (no additional text prompts needed). This rule can be called something on the lines of
Base prompt template enforcement (agent only)
| tabs={[ | ||
| ValuesTab, | ||
| SchemaTab, | ||
| ...(detectedBasePrompt ? [BasePromptTab] : []), |
There was a problem hiding this comment.
should show if isAgent = true (which is controlled by gen-ai tag
As discussed, show some messaging from backend ("Couldn't detect base prompt" or "No single / Multiple base prompt detected")
| * @param {string} text - The text to search for placeholders | ||
| * @returns {Array} Array of placeholder objects with {start, end, phrase} | ||
| */ | ||
| findPlaceholders: function(text) { |
There was a problem hiding this comment.
Simple regex match won't work?
Search for regex groups like these?
{...} {{...}}
…ase prompt auto-detection logic. Update BasePromptStep to enhance intent verification messaging and simplify state management. Adjust GuardrailPolicies DTO to reflect changes in base prompt handling.
There was a problem hiding this comment.
🤖 AI Security analysis: "Automated scan found no issues, but absence of findings does not guarantee safety. Multiple modified files increase regression and undetected-vulnerability risk; validate with additional targeted testing and reviews."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 10.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
…d on the presence of a 'gen-ai' tag in the API collection. Remove detectedBasePrompt from ApiCollection DTO to streamline data handling.
There was a problem hiding this comment.
🤖 AI Security analysis: "Review found no security issues in the change. Residual risk remains from undetected vulnerabilities or dependency/configuration regressions; continue automated scanning and verify security-focused tests before merging."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 10.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
