Skip to content

APPSEC-61588 - SDS scans returned in SDK response by AI Guard [system-tests]#6445

Draft
obordeau wants to merge 10 commits intomainfrom
oceane.bordeau/test-sds-attach-sdk-response
Draft

APPSEC-61588 - SDS scans returned in SDK response by AI Guard [system-tests]#6445
obordeau wants to merge 10 commits intomainfrom
oceane.bordeau/test-sds-attach-sdk-response

Conversation

@obordeau
Copy link
Contributor

@obordeau obordeau commented Mar 6, 2026
edited by atlassian bot
Loading

Motivation

Test that AI Guard return SDS tags in SDK response from evaluator API response.

APPSEC-61588

Changes

Adds Test_SDS_Findings_In_SDK_Response
Update weblogs for Python and Ruby to add SDS in the Abort Error and SDK Response

Workflow

  1. ⚠️ Create your PR as draft ⚠️
  2. Work on you PR until the CI passes
  3. Mark it as ready for review
    • Test logic is modified? -> Get a review from RFC owner.
    • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed and the CI green, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

  • Anything but tests/ or manifests/ is modified ? I have the approval from R&P team
  • A docker base image is modified?
    • the relevant build-XXX-image label is present
  • A scenario is added, removed or renamed?

@github-actions
Copy link
Contributor

github-actions bot commented Mar 6, 2026

CODEOWNERS have been resolved as:

manifests/cpp_httpd.yml                                                 @DataDog/dd-trace-cpp
manifests/cpp_nginx.yml                                                 @DataDog/dd-trace-cpp
manifests/dotnet.yml                                                    @DataDog/apm-dotnet @DataDog/asm-dotnet
manifests/golang.yml                                                    @DataDog/dd-trace-go-guild
manifests/java.yml                                                      @DataDog/asm-java @DataDog/apm-java
manifests/nodejs.yml                                                    @DataDog/dd-trace-js
manifests/php.yml                                                       @DataDog/apm-php @DataDog/asm-php
manifests/python.yml                                                    @DataDog/apm-python @DataDog/asm-python
manifests/ruby.yml                                                      @DataDog/ruby-guild @DataDog/asm-ruby
tests/ai_guard/test_ai_guard_sdk.py                                     @DataDog/k9-ai-guard @DataDog/system-tests-core
utils/build/docker/python/flask/app.py                                  @DataDog/apm-python @DataDog/asm-python @DataDog/system-tests-core
utils/build/docker/ruby/rails52/app/controllers/ai_guard_controller.rb  @DataDog/ruby-guild @DataDog/asm-ruby @DataDog/system-tests-core
utils/build/docker/ruby/rails61/app/controllers/ai_guard_controller.rb  @DataDog/ruby-guild @DataDog/asm-ruby @DataDog/system-tests-core
utils/build/docker/ruby/rails72/app/controllers/ai_guard_controller.rb  @DataDog/ruby-guild @DataDog/asm-ruby @DataDog/system-tests-core
utils/build/docker/ruby/rails80/app/controllers/ai_guard_controller.rb  @DataDog/ruby-guild @DataDog/asm-ruby @DataDog/system-tests-core

@obordeau obordeau changed the title Oceane.bordeau/test sds attach sdk response APPSEC-61588 - SDS scans returned in SDK response by AI Guard [system-tests] Mar 6, 2026
@datadog-datadog-prod-us1
Copy link

datadog-datadog-prod-us1 bot commented Mar 6, 2026
edited by datadog-prod-us1-6 bot
Loading

⚠️ Tests

Fix all issues with BitsAI or with Cursor

⚠️ Warnings

🧪 5 Tests failed

tests.ai_guard.test_ai_guard_sdk.Test_SDS_Findings_In_SDK_Response.test_sds_in_response[express4] from system_tests_suite (Datadog) (Fix with Cursor) 
AssertionError: 'sds' not found in '{'action': 'ALLOW', 'reason': 'No rule match.', 'tags': []}'
assert 'sds' in {'action': 'ALLOW', 'reason': 'No rule match.', 'tags': []}

self = <tests.ai_guard.test_ai_guard_sdk.Test_SDS_Findings_In_SDK_Response object at 0x7f92d4283320>

    def test_sds_in_response(self):
        """Test SDS findings are returned in SDK response.
        Verifies that the SDK evaluation response contains sds findings.
        """
        assert self.r.status_code == 200
...
tests.ai_guard.test_ai_guard_sdk.Test_SDS_Findings_In_SDK_Response.test_sds_in_response[spring-boot] from system_tests_suite (Datadog) (Fix with Cursor) 
AssertionError: 'sds' not found in '{'action': 'ALLOW', 'reason': 'No rule match.', 'tags': []}'
assert 'sds' in {'action': 'ALLOW', 'reason': 'No rule match.', 'tags': []}

self = <tests.ai_guard.test_ai_guard_sdk.Test_SDS_Findings_In_SDK_Response object at 0x7f73804344d0>

    def test_sds_in_response(self):
        """Test SDS findings are returned in SDK response.
        Verifies that the SDK evaluation response contains sds findings.
        """
        assert self.r.status_code == 200
...
tests.debugger.test_debugger_probe_snapshot.Test_Debugger_Line_Probe_Snaphots.test_default_max_field_count[uds-rails] from system_tests_suite (Datadog) (Fix with Cursor) 
AssertionError: assert 'Probes did not reach INSTALLED status' is None
 +  where 'Probes did not reach INSTALLED status' = <built-in method join of str object at 0x7fefba22aa60>(['Probes did not reach INSTALLED status'])
 +    where <built-in method join of str object at 0x7fefba22aa60> = '\n'.join
 +    and   ['Probes did not reach INSTALLED status'] = <tests.debugger.test_debugger_probe_snapshot.Test_Debugger_Line_Probe_Snaphots object at 0x7fefb01d5370>.setup_failures

self = <tests.debugger.test_debugger_probe_snapshot.Test_Debugger_Line_Probe_Snaphots object at 0x7fefb01d5370>

    def test_default_max_field_count(self):
        """Test that the tracer uses default maxFieldCount=20 when capture property is omitted"""
>       many_fields = self._get_snapshot_locals_variable("manyFields")
...
View all

ℹ️ Info

No other issues found (see more)

❄️ No new flaky tests detected

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: a5929e8 | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!

@smola @claude
fix(ai-guard) guard ruby controller against missing sds attribute
e6a5c4e 
Use respond_to?(:sds) to conditionally include sds in the response,
preventing NoMethodError when the SDK version doesn't support it yet.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@smola smola mentioned this pull request Mar 9, 2026
Merged
This was referenced Mar 12, 2026
Merged
Open
gh-worker-dd-mergequeue-cf854d bot pushed a commit to DataDog/dd-trace-py that referenced this pull request Mar 12, 2026
@obordeau @avara1986
feat(aiguard): return SDS findings in SDK AI Guard response (#16788)
f51862a 
## Description
AI Guard return SDS tags in SDK response from evaluator API response.

[APPSEC-61590](https://datadoghq.atlassian.net/browse/APPSEC-61590)

<!-- Provide an overview of the change and motivation for the change -->

## Testing
System tests passed locally: DataDog/system-tests#6445

<!-- Describe your testing strategy or note what tests are included -->

## Risks

<!-- Note any risks associated with this change, or "None" if no risks -->

## Additional Notes

<!-- Any other information that would be helpful for reviewers -->


Co-authored-by: alberto.vara <alberto.vara@datadoghq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@obordeau @smola