feat: filter all detected categories when contentChecks is empty

When no specific content checks are configured in the AI Prompt Guard Rails policy, 
the policy now blocks/logs requests for all detected categories from the model, 
instead of allowing them to pass through.

This implements the default behavior requested in APIM-11208 where an empty 
contentChecks configuration means "all tags".

Changes:
- Update policy logic to filter all categories when contentChecks is empty
- Add documentation clarifying "Keep empty for all" behavior
- Mark promptLocation and requestPolicy as required fields
- Update default sensitivity threshold from 0.5 to 0.8 with proper constraints
- Add integration test for empty contentChecks scenario
- Simplify configuration code (use primitive double instead of Double)

https://gravitee.atlassian.net/browse/APIM-11208

Author: michel-barret

README.md

@@ -86,11 +86,11 @@ Strikethrough text indicates that a version is deprecated.
 #### 
 | Name <br>`json name`  | Type <br>`constraint`  | Mandatory  | Default  | Description  |
 |:----------------------|:-----------------------|:----------:|:---------|:-------------|
-| Content Checks<br>`contentChecks`| string|  | | Comma-separated list of model labels (e.g., TOXIC,OBSCENE)|
-| Prompt Location<br>`promptLocation`| string|  | | Prompt Location|
-| Request Policy<br>`requestPolicy`| enum (string)|  | `LOG_REQUEST`| Request Policy<br>Values: `BLOCK_REQUEST` `LOG_REQUEST`|
+| Content Checks<br>`contentChecks`| string|  | | Comma-separated list of model labels (e.g., TOXIC,OBSCENE). Keep empty for all|
+| Prompt Location<br>`promptLocation`| string| ✅| | Prompt Location|
+| Request Policy<br>`requestPolicy`| enum (string)| ✅| `LOG_REQUEST`| Request Policy<br>Values: `BLOCK_REQUEST` `LOG_REQUEST`|
 | Resource Name<br>`resourceName`| string|  | | The resource name loading the Text Classification model|
-| Sensitivity threshold<br>`sensitivityThreshold`| number|  | `0.5`| |
+| Sensitivity threshold<br>`sensitivityThreshold`| number<br>`[0.1, 1)`|  | `0.8`| |
 
 
 

src/main/java/io/gravitee/policy/ai/prompt/guard/rails/AiPromptGuardRailsPolicy.java

@@ -77,7 +77,10 @@ private CompletableSource checkContent(HttpPlainExecutionContext ctx) {
                 .invokeModel(new PromptInput(prompt))
                 .flatMapCompletable(classifierResults -> {
                     var detectedContentTypes = detectClassifierResultContentTypes(classifierResults, sensitivityThreshold);
-                    if (configuration.parseContentChecks().stream().anyMatch(detectedContentTypes::contains)) {
+                    if (
+                        configuration.parseContentChecks().isEmpty() ||
+                        configuration.parseContentChecks().stream().anyMatch(detectedContentTypes::contains)
+                    ) {
                         logMetrics(detectedContentTypes, ctx, configuration.requestPolicy().getAction());
                         if (RequestPolicy.BLOCK_REQUEST.equals(configuration.requestPolicy())) {
                             return Completable.error(new BlockQueryException(detectedContentTypes));

src/main/java/io/gravitee/policy/ai/prompt/guard/rails/configuration/AiPromptGuardRailsConfiguration.java

@@ -39,7 +39,7 @@ public List<String> parseContentChecks() {
         return Arrays.stream(contentChecks.split(",")).map(String::trim).filter(s -> !s.isEmpty()).toList();
     }
 
-    public Double getSensitivityThreshold() {
+    public double getSensitivityThreshold() {
         return sensitivityThreshold != null ? sensitivityThreshold : DEFAULT_SENSITIVITY_THRESHOLD;
     }
 }

src/main/resources/schemas/schema-form.json

@@ -5,7 +5,17 @@
         "resourceName": {
             "title": "Resource Name",
             "description": "The resource name loading the Text Classification model",
-            "type": "string"
+            "type": "string",
+            "x-schema-form": {
+                "event": {
+                    "name": "fetch-resources",
+                    "regexTypes": "^ai-model-text-classification"
+                }
+            },
+            "gioConfig": {
+                "uiType": "resource-type",
+                "uiTypeProps": { "resourceType": "ai-model-text-classification" }
+            }
         },
         "promptLocation": {
             "title": "Prompt Location",
@@ -14,13 +24,16 @@
         },
         "contentChecks": {
             "title": "Content Checks",
-            "description": "Comma-separated list of model labels (e.g., TOXIC,OBSCENE)",
+            "description": "Comma-separated list of model labels (e.g., TOXIC,OBSCENE). Keep empty for all",
             "type": "string"
         },
         "sensitivityThreshold": {
             "title": "Sensitivity threshold",
             "type": "number",
-            "default": 0.5
+            "default": 0.8,
+            "minimum": 0.1,
+            "exclusiveMaximum": 1,
+            "multipleOf": 0.01
         },
         "requestPolicy": {
             "title": "Request Policy",
@@ -29,5 +42,6 @@
             "default": "LOG_REQUEST",
             "enum": ["BLOCK_REQUEST", "LOG_REQUEST"]
         }
-    }
+    },
+    "required": ["promptLocation", "requestPolicy"]
 }

src/test/java/io/gravitee/policy/ai/prompt/guard/rails/AiPromptGuardRailsPolicyIntegrationTest.java

@@ -25,30 +25,21 @@
 import io.gravitee.apim.gateway.tests.sdk.annotations.GatewayTest;
 import io.gravitee.apim.gateway.tests.sdk.resource.ResourceBuilder;
 import io.gravitee.definition.model.ExecutionMode;
-import io.gravitee.gateway.core.component.ComponentProvider;
 import io.gravitee.plugin.resource.ResourcePlugin;
 import io.gravitee.policy.ai.prompt.guard.rails.configuration.AiPromptGuardRailsConfiguration;
-import io.gravitee.policy.ai.prompt.guard.rails.model.AiModelResourceProvider;
 import io.gravitee.reporter.api.v4.metric.AdditionalMetric;
 import io.gravitee.reporter.api.v4.metric.Metrics;
 import io.gravitee.resource.ai_model.TextClassificationAiModelResource;
-import io.gravitee.resource.ai_model.api.AiTextModelResource;
 import io.gravitee.resource.ai_model.configuration.TextClassificationAiModelConfiguration;
-import io.gravitee.resource.api.ResourceManager;
 import io.reactivex.rxjava3.core.Completable;
 import io.reactivex.rxjava3.core.Observable;
-import io.reactivex.rxjava3.core.Single;
 import io.vertx.core.http.HttpMethod;
 import io.vertx.junit5.VertxTestContext;
 import io.vertx.rxjava3.core.http.HttpClient;
 import java.util.Map;
 import lombok.extern.slf4j.Slf4j;
 import org.assertj.core.api.InstanceOfAssertFactories;
-import org.junit.jupiter.api.DisplayNameGeneration;
-import org.junit.jupiter.api.DisplayNameGenerator;
-import org.junit.jupiter.api.Nested;
-import org.junit.jupiter.api.Test;
-import reactor.util.function.Tuple2;
+import org.junit.jupiter.api.*;
 import reactor.util.function.Tuples;
 
 @Slf4j
@@ -304,8 +295,13 @@ void should_return_an_error_when_inference_fail(HttpClient client) {
     }
 
     @Nested
+    @DeployApi(
+        { "/apis/block_request_policy_empty_contentChecks.json", "/apis/block_request_policy.json", "/apis/log_request_policy.json" }
+    )
     class WithRealAiResource extends AbstractAiPromptGuardRailsPolicyIntegrationTest {
 
+        Observable<Long> timer;
+
         @Override
         public void configureResources(Map<String, ResourcePlugin> resources) {
             super.configureResources(resources);
@@ -320,13 +316,17 @@ public void configureResources(Map<String, ResourcePlugin> resources) {
             );
         }
 
+        @BeforeAll
+        public void setup() {
+            // add delay because the model is load asynchronously
+            timer = Observable.timer(DELAY_BEFORE_REQUEST, SECONDS);
+        }
+
         @Test
-        @DeployApi({ "/apis/log_request_policy.json" })
         void should_flag_request_if_prompt_violation_detected(HttpClient client, VertxTestContext context) {
             wiremock.stubFor(get("/endpoint").willReturn(aResponse().withStatus(200)));
 
-            Observable
-                .timer(DELAY_BEFORE_REQUEST, SECONDS)
+            timer
                 .flatMapSingle(v -> client.rxRequest(HttpMethod.GET, "/log-request"))
                 .firstOrError()
                 .flatMap(request ->
@@ -361,7 +361,6 @@ void should_flag_request_if_prompt_violation_detected(HttpClient client, VertxTe
         }
 
         @Test
-        @DeployApi({ "/apis/block_request_policy.json" })
         void should_block_request_if_prompt_violation_detected(HttpClient client, VertxTestContext context) {
             wiremock.stubFor(get("/endpoint").willReturn(aResponse().withStatus(200)));
 
@@ -377,8 +376,8 @@ void should_block_request_if_prompt_violation_detected(HttpClient client, VertxT
                 )
                 .ignoreElements();
 
-            var clientAsserts = Completable
-                .fromObservable(Observable.timer(DELAY_BEFORE_REQUEST, SECONDS))
+            var clientAsserts = timer
+                .ignoreElements()
                 .andThen(
                     client
                         .rxRequest(HttpMethod.GET, "/block-request")
@@ -402,6 +401,48 @@ void should_block_request_if_prompt_violation_detected(HttpClient client, VertxT
 
             finalAssert(context, metricsAsserts, clientAsserts);
         }
+
+        @Test
+        void should_block_request_if_prompt_violation_detected_and_empty_contentChecks(HttpClient client, VertxTestContext context) {
+            wiremock.stubFor(get("/endpoint").willReturn(aResponse().withStatus(200)));
+
+            var metricsAsserts = metricsSubject
+                .doOnNext(metrics ->
+                    assertThat(metrics)
+                        .extracting(Metrics::getAdditionalMetrics)
+                        .asInstanceOf(InstanceOfAssertFactories.SET)
+                        .containsExactlyInAnyOrder(
+                            new AdditionalMetric.KeywordMetric("keyword_action", "request-blocked"),
+                            new AdditionalMetric.KeywordMetric("keyword_content_violations", "toxic")
+                        )
+                )
+                .ignoreElements();
+
+            var clientAsserts = timer
+                .ignoreElements()
+                .andThen(
+                    client
+                        .rxRequest(HttpMethod.GET, "/block-request-empty-contentChecks")
+                        .flatMap(request ->
+                            request.rxSend(
+                                """
+                                                                                {
+                                                                                  "model": "GPT-2000",
+                                                                                  "date": "01-01-2025",
+                                                                                  "prompt": "Nobody asked for your bullsh*t response."
+                                                                                }"""
+                            )
+                        )
+                        .flatMapPublisher(response -> {
+                            assertThat(response.statusCode()).isEqualTo(400);
+                            return response.toFlowable();
+                        })
+                )
+                .map(responseBody -> assertThat(responseBody).hasToString("AI prompt validation detected. Reason: [toxic]"))
+                .ignoreElements();
+
+            finalAssert(context, metricsAsserts, clientAsserts);
+        }
     }
 
     private static void finalAssert(VertxTestContext context, Completable metricsAsserts, Completable clientAsserts) {

src/test/resources/apis/block_request_policy_empty_contentChecks.json

@@ -0,0 +1,82 @@
+{
+    "id": "v4-ai-prompt-guard-rails-block-request-empty-contentChecks",
+    "name": "v4-ai-prompt-guard-rails-block-request-empty-contentChecks",
+    "apiVersion": "1.0",
+    "definitionVersion": "4.0.0",
+    "type": "proxy",
+    "analytics": {},
+    "listeners": [
+        {
+            "type": "http",
+            "paths": [
+                {
+                    "path": "/block-request-empty-contentChecks"
+                }
+            ],
+            "entrypoints": [
+                {
+                    "type": "http-proxy"
+                }
+            ]
+        }
+    ],
+    "endpointGroups": [
+        {
+            "name": "default",
+            "type": "http-proxy",
+            "endpoints": [
+                {
+                    "name": "default",
+                    "type": "http-proxy",
+                    "weight": 1,
+                    "inheritConfiguration": false,
+                    "configuration": {
+                        "target": "http://localhost:8080/endpoint"
+                    }
+                }
+            ]
+        }
+    ],
+    "resources": [
+        {
+            "name": "ai-model-text-classification-resource",
+            "type": "ai-model-text-classification",
+            "configuration": {
+                "model": {
+                    "type": "MINILMV2_TOXIC_JIGSAW_MODEL"
+                }
+            },
+            "enabled": true
+        }
+    ],
+    "flows": [
+        {
+            "name": "flow-1",
+            "enabled": true,
+            "selectors": [
+                {
+                    "type": "http",
+                    "path": "/",
+                    "pathOperator": "STARTS_WITH"
+                }
+            ],
+            "request": [
+                {
+                    "name": "AI Prompt Guard Rails",
+                    "description": "",
+                    "enabled": true,
+                    "policy": "ai-prompt-guard-rails",
+                    "configuration": {
+                        "resourceName": "ai-model-text-classification-resource",
+                        "promptLocation": "{#request.jsonContent.prompt}",
+                        "contentChecks": "",
+                        "requestPolicy": "BLOCK_REQUEST"
+                    }
+                }
+            ],
+            "response": [],
+            "subscribe": [],
+            "publish": []
+        }
+    ]
+}