Feat/sentinel v2

[lostnull]

Summary

• Add a dedicated CUSTOM_PROBE_CREATION workflow type for creating custom guardrail probes via a multi-step wizard, replacing the previous approach that hijacked CLOUD_MODEL_ONBOARDING/GUARDRAIL_DEPLOYMENT types
• Implement 3-step workflow: probe type selection → policy configuration → metadata & creation
• Refactor step processing to accept fields at any step (not gated by step_number), enabling the frontend to send accumulated data freely - Add Alembic migration for the new custom_probe_creation enum value in workflow_type_enum
• Extend RetrieveWorkflowStepData schema with custom probe fields so workflow step data round-trips correctly through the retrieve endpoint
• Fix model_provider_type from "openai" to "cloud_model" for the gpt_safeguard probe config
• Remove outdated tests pending rewrite against the new workflow contract

Changes

File	Change
budapp/commons/constants.py	Add CUSTOM_PROBE_CREATION to WorkflowTypeEnum
budapp/guardrails/services.py	Use GUARDRAIL_DEPLOYMENT workflow type, remove step-number gating, add validation for step 1, fix model_provider_type default
budapp/workflow_ops/schemas.py	Add custom probe fields to RetrieveWorkflowStepData
budapp/workflow_ops/services.py	Add custom_probe_creation to required data keys, populate custom probe fields in retrieve response, fix model_id null check
budapp/migrations/versions/d4e5f6a7b8c9_*	Alembic migration adding custom_probe_creation + tool_creation to workflow_type_enum
docs/plans/guardrail-custom-probe-workflow-requirements.md	API contract and example payloads for all 3 steps
tests/ (5 files deleted)	Remove outdated tests that don't match the new workflow contract

API

POST /guardrails/custom-probe-workflow

Step 1 — Select probe type (creates workflow):

{ "workflow_total_steps": 3, "step_number": 1, "probe_type_option": "llm_policy" }

Step 2 — Configure policy:

{ "workflow_id": "<uuid>", "step_number": 2, "policy": { "task": "...", "definitions": [...], ... } }

Step 3 — Metadata + trigger:

{ "workflow_id": "<uuid>", "step_number": 3, "trigger_workflow": true, "name": "Spam Detector", "description": "...", "guard_types": ["spam"], "modality_types": ["text"] }

Test plan

• Verify step 1 returns workflow with auto-derived model_uri, scanner_type, handler from PROBE_TYPE_CONFIGS
• Verify step 2 persists policy data and merges with step 1 data
• Verify step 3 with trigger_workflow=true creates the probe and rule
• Verify GET /workflow/{id} returns custom probe fields correctly
• Verify step 1 without probe_type_option returns 400
• Verify invalid probe_type_option returns 400
• Run alembic upgrade head / alembic downgrade -1 for migration

🤖 Generated with https://claude.ai/claude-code

[gemini-code-assist]

Summary of Changes

Hello @lostnull, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the guardrail system by introducing a dedicated and streamlined multi-step workflow for creating custom probes. This new wizard-like process guides users through selecting probe types, configuring policies, and defining probe metadata, replacing previous ad-hoc methods. The changes also include backend refactorings to support this flexible workflow, ensuring data consistency and proper model integration, ultimately making custom guardrail creation more intuitive and robust.

Highlights

• New Workflow Type: Introduced a new CUSTOM_PROBE_CREATION workflow type for creating custom guardrail probes, replacing previous ad-hoc approaches.
• Multi-Step Wizard Implementation: Implemented a new 3-step wizard for custom probe creation, guiding users through probe type selection, policy configuration, and metadata/trigger.
• Flexible Step Processing: Refactored workflow step processing to allow fields to be accepted at any step, enabling the frontend to send accumulated data freely without strict step-number gating.
• Database Migration: Added an Alembic migration to include the new custom_probe_creation enum value in the workflow_type_enum.
• Schema Extension: Extended the RetrieveWorkflowStepData schema with custom probe-specific fields to ensure correct round-tripping of workflow step data through the retrieve endpoint.
• Configuration Correction: Corrected the model_provider_type from "openai" to "cloud_model" for the gpt_safeguard probe configuration.
• Test Cleanup: Removed outdated tests that no longer align with the new workflow contract, pending a rewrite.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• services/budapp/budapp/commons/constants.py
  • Added CUSTOM_PROBE_CREATION to WorkflowTypeEnum.
• services/budapp/budapp/guardrails/crud.py
  • Modified create_custom_probe_with_rule to make model_id optional and added guard_types and modality_types parameters.
• services/budapp/budapp/guardrails/guardrail_routes.py
  • Imported new schemas and service components.
  • Added a new POST /custom-probe-workflow endpoint for the custom probe creation workflow.
• services/budapp/budapp/guardrails/schemas.py
  • Introduced CustomProbeTypeEnum, CustomProbeWorkflowRequest, and CustomProbeWorkflowSteps schemas.
  • Updated GuardrailCustomProbeResponse to include guard_types and modality_types.
• services/budapp/budapp/guardrails/services.py
  • Defined ProbeTypeConfig dataclass and PROBE_TYPE_CONFIGS for mapping probe type options to model configurations.
  • Implemented add_custom_probe_workflow and _execute_custom_probe_workflow methods to manage the multi-step process and probe creation.
  • Removed project_id from the create_custom_probe call.
  • Corrected model_provider_type for llm_policy configuration.
• services/budapp/budapp/migrations/versions/d4e5f6a7b8c9_add_custom_probe_creation_workflow_type.py
  • Added a new Alembic migration script to extend the workflow_type_enum with custom_probe_creation and tool_creation.
• services/budapp/budapp/workflow_ops/schemas.py
  • Extended RetrieveWorkflowStepData to include fields specific to the custom probe workflow.
• services/budapp/budapp/workflow_ops/services.py
  • Updated _parse_workflow_step_data_response to correctly handle optional model_id and populate custom probe fields.
  • Added custom probe-related keys to the _get_keys_of_interest method.
• services/budapp/docs/plans/2026-02-05-custom-probe-workflow-design.md
  • Added a new design document outlining the custom probe workflow, its steps, and key decisions.
• services/budapp/docs/plans/guardrail-custom-probe-workflow-requirements.md
  • Added a new requirements document detailing the API contract and example payloads for the custom probe workflow.
• services/budapp/docs/plans/guardrail-deploy-workflow-requirements.md
  • Made minor markdown formatting adjustments to headings for consistency.
• tests/
  • Deleted 5 outdated test files that no longer conform to the new workflow contract.

Activity

• The pull request introduces a new multi-step workflow for creating custom guardrail probes.
• The changes include updates to core services, schemas, and API routes to support this new functionality.
• An Alembic migration is included to update the database schema with a new workflow type.
• Documentation for the new workflow has been added, including design and API requirements.
• Outdated tests have been removed to align with the new workflow contract.
• The PR description indicates that the code was generated with Claude.ai.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new multi-step workflow for creating custom guardrail probes, defining a new CUSTOM_PROBE_CREATION workflow type, schemas, and service logic. A critical Broken Access Control (IDOR) vulnerability was found in the retrieval and lookup of models, as the workflow's logic lacks proper scoping, potentially leading to unauthorized access or resource misuse in a multi-tenant environment. Additionally, the new workflow is being created with an incorrect type, which must be corrected for the feature to function as intended.