Metadata-Version: 2.4
Name: rogue-security
Version: 1.0.0
Summary: Official Python SDK for the Rogue Security AppSec evaluation API.
Project-URL: Homepage, https://rogue.security
Project-URL: Repository, https://github.com/qualifire-dev/qualifire
Author-email: Rogue Security <team@rogue.security>
License: Proprietary
Keywords: ai-security,appsec,evaluation,guardrails,llm,rogue
Requires-Python: >=3.9
Requires-Dist: httpx>=0.27
Requires-Dist: pydantic>=2.7
Requires-Dist: tenacity>=8.2
Description-Content-Type: text/markdown

# rogue-security

Official Python SDK for the [Rogue Security](https://rogue.security) AppSec evaluation API.

Wraps the two public AppSec methods, `evaluate` (inline checks) and `invoke` (saved
guardrail), with typed params and responses (Pydantic v2), typed errors, automatic
retries, and debug logging. Ships sync and async clients.

## Install

```bash
pip install rogue-security
```

## Quickstart

```python
from rogue_security import RogueClient

with RogueClient(api_key="rsk_...") as rogue:
    result = rogue.evaluate(
        messages=[
            {"role": "user", "content": "What is the patient's SSN?"},
            {"role": "assistant", "content": "It is 123-45-6789."},
        ],
        pii_check=True,
        prompt_injections=True,
    )

print(result.status, result.score)
for group in result.evaluation_results:
    for r in group.results:
        if r.flagged:
            print(group.type, r.label, r.reason)
```

`api_key` falls back to the `ROGUE_API_KEY` environment variable if omitted.

### Async

```python
from rogue_security import AsyncRogueClient

async with AsyncRogueClient() as rogue:        # reads ROGUE_API_KEY
    result = await rogue.evaluate(
        messages=[{"role": "user", "content": "..."}],
        content_moderation_check=True,
    )
```

### Invoke a saved guardrail

```python
result = rogue.invoke(
    guardrail_id="gr_abc123",
    messages=[
        {"role": "user", "content": user_prompt},
        {"role": "assistant", "content": model_response},
    ],
)
if result.blocked:
    ...  # the guardrail's workspace is set to block and the evaluation failed
```

You can also pass a typed params object instead of keyword arguments:

```python
from rogue_security import EvaluateParams

rogue.evaluate(
    EvaluateParams(
        messages=[{"role": "user", "content": "..."}],
        pii_check=True,
        hallucinations_mode="quality",
    )
)
```

## Error handling

```python
from rogue_security import RogueAuthError, RogueValidationError, RogueError

try:
    rogue.evaluate(pii_check=True)
except RogueAuthError:
    ...  # bad / missing key
except RogueValidationError:
    ...  # 422, e.g. no checks enabled
except RogueError as err:
    print(err.status, err)
```

`RogueServerError` (5xx), rate limits (429), and network/timeout failures are retried
automatically (default 2 retries, exponential backoff with jitter).

## Options

```python
RogueClient(
    api_key="rsk_...",
    base_url="http://localhost:8006",  # local dev; defaults to production (or ROGUE_BASE_URL)
    timeout=30.0,
    max_retries=2,                     # retries via tenacity, exponential backoff + jitter
    debug=True,                        # logs via the "rogue_security" logger; key is masked
)
```

### Corporate networks / custom TLS (e.g. Zscaler)

Pass a `verify` value (CA bundle path or `ssl.SSLContext`) or your own configured
`httpx` client. A client you pass in is yours to close; the SDK won't close it.

```python
import httpx
from rogue_security import RogueClient

# Option A: custom CA bundle
RogueClient(api_key="rsk_...", verify="/path/to/corp-ca.pem")

# Option B: bring your own httpx client (proxies, mTLS, etc.)
RogueClient(api_key="rsk_...", http_client=httpx.Client(verify="/path/to/corp-ca.pem"))
```

## Local development

```bash
uv sync
uv run pytest
```

More: see [`../docs`](../docs) for the full API reference, check descriptions, and examples.
