{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/AiAwsGuardrailsPluginConfig",
  "title": "AiAwsGuardrailsPluginConfig",
  "x-speakeasy-entity": "PluginAiAwsGuardrails",
  "properties": {
    "config": {
      "type": "object",
      "properties": {
        "allow_masking": {
          "description": "Allow to masking the request/response instead of blocking it. Streaming will be disabled if this is enabled.",
          "type": "boolean",
          "default": false
        },
        "aws_access_key_id": {
          "description": "The AWS access key ID to use for authentication",
          "type": "string",
          "x-encrypted": true,
          "x-referenceable": true
        },
        "aws_assume_role_arn": {
          "description": "The target AWS IAM role ARN used to access the guardrails service",
          "type": "string"
        },
        "aws_region": {
          "description": "The AWS region to use for the Bedrock API",
          "type": "string"
        },
        "aws_role_session_name": {
          "description": "The identifier of the assumed role session",
          "type": "string"
        },
        "aws_secret_access_key": {
          "description": "The AWS secret access key to use for authentication",
          "type": "string",
          "x-encrypted": true,
          "x-referenceable": true
        },
        "aws_sts_endpoint_url": {
          "description": "Override the STS endpoint URL when assuming a different role",
          "type": "string"
        },
        "guarding_mode": {
          "description": "The guardrail mode to use for the request",
          "type": "string",
          "default": "INPUT",
          "enum": [
            "BOTH",
            "INPUT",
            "OUTPUT"
          ]
        },
        "guardrails_id": {
          "description": "The guardrail identifier used in the request to apply the guardrail.",
          "type": "string"
        },
        "guardrails_version": {
          "description": "The guardrail version used in the request to apply the guardrail. Note that the value of this field must match the pattern `(([1-9][0-9]{0,7})|(DRAFT))` according to the AWS documentation https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_ApplyGuardrail.html#API_runtime_ApplyGuardrail_RequestSyntax.",
          "type": "string"
        },
        "log_blocked_content": {
          "description": "Whether to log prompts and responses that are blocked by the guardrail.",
          "type": "boolean",
          "default": false
        },
        "response_buffer_size": {
          "description": "The amount of bytes receiving from upstream to be buffered before sending to the guardrails service. This only applies to the response content guard.",
          "type": "number",
          "default": 100
        },
        "ssl_verify": {
          "description": "Verify TLS certificate when connecting to the bedrock service.",
          "type": "boolean",
          "default": true
        },
        "stop_on_error": {
          "description": "Stop processing if an error occurs",
          "type": "boolean",
          "default": true
        },
        "text_source": {
          "description": "Select where to pick the 'text' for the Content Guard Services request.",
          "type": "string",
          "default": "concatenate_all_content",
          "enum": [
            "concatenate_all_content",
            "concatenate_user_content"
          ]
        },
        "timeout": {
          "description": "Connection timeout with the bedrock service",
          "type": "number",
          "default": 10000
        }
      },
      "required": [
        "aws_region",
        "guardrails_id",
        "guardrails_version"
      ]
    },
    "consumer": {
      "description": "If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.",
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "id": {
          "type": "string"
        }
      }
    },
    "consumer_group": {
      "description": "If set, the plugin will activate only for requests where the specified consumer group has been authenticated. (Note that some plugins can not be restricted to consumers groups this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer Groups",
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "id": {
          "type": "string"
        }
      }
    },
    "name": {
      "const": "ai-aws-guardrails"
    },
    "protocols": {
      "description": "A set of strings representing HTTP protocols.",
      "type": "array",
      "items": {
        "enum": [
          "grpc",
          "grpcs",
          "http",
          "https"
        ],
        "type": "string"
      },
      "format": "set",
      "default": [
        "grpc",
        "grpcs",
        "http",
        "https"
      ]
    },
    "route": {
      "description": "If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.",
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "id": {
          "type": "string"
        }
      }
    },
    "service": {
      "description": "If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.",
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "id": {
          "type": "string"
        }
      }
    }
  },
  "required": [
    "config"
  ]
}