refactor: remove deprecated shield registration endpoints#5291
Draft
leseb wants to merge 41 commits intollamastack:mainfrom
Draft
refactor: remove deprecated shield registration endpoints#5291leseb wants to merge 41 commits intollamastack:mainfrom
leseb wants to merge 41 commits intollamastack:mainfrom
Conversation
Remove the deprecated Safety and Shields APIs entirely from llama-stack. This includes: - API packages (llama_stack_api/safety/, llama_stack_api/shields/) - Provider implementations (inline: llama-guard, prompt-guard, code-scanner; remote: bedrock, nvidia, sambanova, passthrough) - Provider registry (providers/registry/safety.py) - Router and routing table (core/routers/safety.py, core/routing_tables/shields.py) - Api enum values (Api.safety, Api.shields) - SafetyConfig, ShieldWithOwner, ShieldsProtocolPrivate from core datatypes - Distribution YAML configs (safety providers, shields registered resources, safety config sections, run-with-safety.yaml files) - Distribution template code (get_shield_registry, default_shields, safety_config) - Agent/responses guardrail execution code (run_guardrails, extract_guardrail_ids, safety_api parameter threading, input/output guardrail checks in streaming) - Telemetry helpers and constants for safety - All safety-related unit and integration tests - ShieldToModerationMixin utility The guardrails parameter in create_openai_response is preserved in the signature but is now a no-op. The Responses API continues to work without safety. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
meta-cla
bot
added
the
CLA Signed
Contributor
✱ Stainless preview buildsThis PR will update the Edit this comment to update it. It will appear in the SDK's changelogs. ✅ llama-stack-client-node studio · code · diff
✅ llama-stack-client-go studio · conflict
⚡ llama-stack-client-python studio · conflict
✅ llama-stack-client-openapi studio · code · diff
This comment is auto-generated by GitHub Actions and is automatically kept up to date as you push. |
Contributor
|
This pull request has merge conflicts that must be resolved before it can be merged. @leseb please rebase it. https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/syncing-a-fork |
Signed-off-by: Sébastien Han <seb@redhat.com>
Signed-off-by: Sébastien Han <seb@redhat.com>
Resolve merge conflicts from upstream/main, primarily around the agents-to-responses API rename (PR llamastack#5195) and new upstream changes. The key resolutions were updating Api.agents to Api.responses in datatypes.py and resolver.py, removing reintroduced safety/shields references from OCI and WatsonX distributions, fixing the stainless config to remove safety/shields/moderations endpoints, and regenerating all OpenAPI specs, distribution configs, and coverage documentation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Merge upstream/main into remove-safety-api, resolving conflicts by keeping the safety API removal from this branch. All modify/delete conflicts for safety-related files (shields, safety providers, safety router, safety registry) were resolved by accepting the deletion. Content conflicts in core/datatypes.py, core/stack.py, distributions/template.py, and llama_stack_api/datatypes.py were resolved by removing the safety-related code (ShieldWithOwner, ShieldsProtocolPrivate, validate_safety_config, get_shield_registry) that upstream had modified but this branch intentionally removes. Signed-off-by: Sébastien Han <seb@redhat.com>
3 tasks
Contributor
|
This pull request has merge conflicts that must be resolved before it can be merged. @leseb please rebase it. https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/syncing-a-fork |
Accept upstream's updated OpenAI API conformance data including the new Moderations category and updated summary statistics (28/146 endpoints, 87.8% conformance score). These are auto-generated documentation files tracking OpenAI API coverage which are unrelated to the Llama Stack Safety/Shields API removal in this branch. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
The pre-commit hook regenerated conformance data to reflect the actual endpoints available in this branch (27/146 endpoints, 89.0% conformance score) since the Moderations endpoint is not present after the Safety API removal. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
leseb
added a commit
to leseb/llama-stack
that referenced
this pull request
Mar 27, 2026
- Add "agentic" to tagline per franciscojavierarceo suggestion - Remove Safety/Moderations (being removed in llamastack#5291) - Use uv instead of pip in install instructions - Remove Swift and Kotlin from SDK table - Fix "semantic search" to just "search" for vector stores - Mention non-OpenAI APIs (Prompts, File Processors) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Resolve modify/delete conflicts for dell distribution files that were deleted upstream. Accept the upstream deletion since the dell distribution was removed in main. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Resolve merge conflicts in generated conformance documentation files (conformance.mdx and openai-coverage.json) by accepting upstream values and letting the pre-commit hook regenerate with the correct scores for this branch. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Resolve merge conflicts from upstream splitting test_openai_responses.py into smaller focused modules. The split file was deleted (upstream) and modified (this branch), so we accept the upstream deletion since the new split files are present. Remove safety_api references from the new test files to align with this branch's removal of the Safety API. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Contributor
|
This pull request has merge conflicts that must be resolved before it can be merged. @leseb please rebase it. https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/syncing-a-fork |
Resolve merge conflicts from upstream safety-related changes (guardrails, validate_safety_config, safety routers and providers) by keeping them deleted, consistent with this branch's goal of removing the Safety/Shields API entirely. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Contributor
|
This pull request has merge conflicts that must be resolved before it can be merged. @leseb please rebase it. https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/syncing-a-fork |
Resolve merge conflicts in fastapi_router_registry.py and llama_stack_api/__init__.py. Take upstream's auto-discovery approach for router factories which replaces the hardcoded dict. Drop the ViolationLevel export from __init__.py since the Safety API is removed in this branch. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Merge upstream/main into remove-safety-api branch. Resolved conflict in streaming.py by taking upstream's ServiceTier wrapping while dropping safety_identifier. Also removed safety_identifier references that upstream added since the last merge, as this branch removes all safety-related code. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Take upstream's updated test coverage score (44.1%) while merging the remove-safety-api branch changes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
The OpenAI coverage pre-commit hook regenerated the conformance documentation to reflect the current integration test coverage score. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Resolve merge conflicts in the OpenAI conformance documentation. The Moderations section added by upstream was removed since this branch removes the Safety/Shields API. The Responses section from upstream was kept as it is not safety-related and contains updated conformance data without safety_identifier references. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
…fety code Merge upstream/main into remove-safety-api branch, resolving conflicts in docs/docs/api-openai/provider_matrix.md and streaming.py. Took upstream's updated test numbers and ollama provider column, but removed safety_identifier test rows. Removed the violation_detected check, _create_refusal_response method, guardrails parameter, and safety-related docstring that were auto-merged from upstream since this branch removes the Safety/Shields API. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Remove guardrails parameter, ResponseGuardrailSpec/ResponseGuardrail types, _create_refusal_response method, and safety-related integration tests that were auto-merged from upstream. These additions are incompatible with this branch which removes the Safety/Shields API entirely. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Regenerate OpenAPI specifications to reflect the removal of ResponseGuardrailSpec and guardrails field from the API models. Fix linting in test_responses_errors.py for unused import. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
The merge with upstream/main re-introduced the Agents import in stack.py which was removed as part of the safety API removal. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Replace agents with responses in postgres-demo distribution config. Remove shield_id test (shields removed), replace with vector_store_id. Remove safety_api parameter from streaming test fixture. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Tables now have rounded corners, subtle zebra striping, hover highlights, purple-tinted headers, and cleaner borders. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Contributor
|
This pull request has merge conflicts that must be resolved before it can be merged. @leseb please rebase it. https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/syncing-a-fork |
Merge upstream/main into remove-safety-api branch. Resolved conflicts in the OpenAPI spec files (llama-stack-spec.yaml, stainless-llama-stack-spec.yaml, and client-sdks/stainless/openapi.yml) by keeping the new code samples from upstream while removing the safety-related endpoints (/v1/moderations and /v1/safety/run-shield) that upstream added. Also removed the moderations code sample from scripts/openapi_generator/code_samples.py to stay consistent with the safety API removal. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
The merge conflict resolution joined lines incorrectly in the spec files, causing duplicate mapping keys. This commit applies the codegen fix to properly separate the code sample endings from the next path entries. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Replace Api.safety/llama-guard with Api.vector_io/faiss in test_stack_list_deps.py since the safety API no longer exists. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Keep the OpenAI-compatible /v1/moderations endpoint and the guardrail integration in the Responses orchestrator. Only remove the standalone shield management APIs (register/unregister/list shields). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
Remove the deprecated POST /v1/shields (register_shield) and DELETE
/v1/shields/{identifier} (unregister_shield) HTTP endpoints. Shields
should be registered via distribution config, not runtime API calls.
Keep:
- GET /v1/shields (list) and GET /v1/shields/{id} (retrieve) - needed
for runtime inspection and moderations config validation
- POST /v1/moderations - OpenAI-compatible content moderation endpoint
- Guardrail hooks in the Responses orchestrator (run_guardrails,
safety_api, guardrail_ids) - production safety integration
- All safety providers (Llama Guard, code scanner, prompt guard) -
needed for /v1/moderations and guardrails to function
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Sébastien Han <seb@redhat.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
leseb
changed the title
Remove the 'guardrails' field from the CreateResponseRequest schema.
The feature still works via extra_body, which is how integration tests
and documentation already pass it. This improves OpenAI API conformance
since guardrails is a Llama Stack extension, not part of the OpenAI
Responses API spec.
Before (Llama Stack client):
client.responses.create(guardrails=["llama-guard"], ...)
After (any OpenAI client):
client.responses.create(extra_body={"guardrails": ["llama-guard"]}, ...)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Sébastien Han <seb@redhat.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Sébastien Han <seb@redhat.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Remove the deprecated
POST /v1/shields(register) andDELETE /v1/shields/{identifier}(unregister) HTTP endpoints. Shields should be registered via distribution config, not runtime API calls.What's removed
POST /v1/shields- register_shield endpoint (was alreadydeprecated=True)DELETE /v1/shields/{identifier}- unregister_shield endpoint (was alreadydeprecated=True)What's kept (and why)
GET /v1/shieldsGET /v1/shields/{id}POST /v1/moderationsrun_guardrails()validates input/output on every response whenguardrail_idsis set/v1/moderationsand guardrailsShieldToModerationMixinHow /v1/moderations works
The entire chain depends on the safety providers and shield routing table being available.
How guardrails in Responses work
Guardrails provide inline safety validation without a separate API call.
Test plan
🤖 Generated with Claude Code