Tutorial 2: Create a Collection with h2oGPTe’s or your custom guardrails and PII parameter values
Overview
When creating a Collection using the h2oGPTe Python Client Library, you can utilize h2oGPTe’s custom guardrails and personally identifiable information (PII) parameter values to manage unsafe user prompts and handle sensitive information. You can also create a Collection using your custom guardrails and PII parameter values to suit your needs.
This tutorial will demonstrate how to create a Collection using h2oGPTe’s custom guardrails and PII parameter values or through your custom configurations.
Prerequisites
A global API key: Sign up/in at Enterprise h2oGPTe and create a global API key.
Tutorial 1: Chat with a website (complete)
h2oGPTe v1.6.13
Understand a Collection’s guardrails and PII parameters
When creating a Collection, you can define the following guardrails and PII parameters to manage unsafe user prompts and handle PII.
disallowed_regex_patterns: This parameter defines a list of regular expressions that match custom PII. It specifies regular expressions that, if detected in a user prompt, will prevent the prompt from being processed.- For example:
[“secret_disallowed_word”, r”(?!0{3})(?!6{3})[0-8]d{2}-(?!0{2})d{2}-(?!0{4})d{4}”] The first item on the list refers to a specific string, secret_disallowed_word, that is explicitly prohibited. If this exact phrase appears in the user input, it triggers a match and blocks the prompt from being processed.
The second item on the list is a more complex regular expression designed to detect patterns resembling Social Security Numbers (SSNs).
- For example:
presidio_labels_to_flag: This parameter defines a list of entities to be flagged as PII by the built-in Presidio model.pii_labels_to_flag: This parameter defines a list of entities to be flagged as PII by the built-in PII model.pii_detection_parse_action: This parameter defines what to do when PII is detected during the parsing of documents.- Possible values:
allow: This option does nothing and ingests the document(s) without any modifications.redact: This option replaces disallowed content in the ingested document(s) with redaction bars.fail: This option aborts the document(s) ingestion process with an error message.
pii_detection_llm_input_action: This parameter defines what to do when PII is detected in the input to the LLM (document content and user prompts).- Possible values:
allow: This option does nothing when PII is detected in the input to the LLM.redact: This option replaces disallowed content with placeholders.fail: This option aborts the generation process with an error message before the input is sent to the LLM when PII is detected.
pii_detection_llm_output_action: This parameter defines what to do when PII is detected in the output of the LLM.- Possible values:
allow: This option does nothing when PII is detected in the output of an LLM.redact: This option replaces disallowed content (PII) with placeholders.fail: This option aborts the response generation process with an error message when PII is detected.
prompt_guard_labels_to_flag: This parameter defines a list of entities that the built-in prompt guard model will flag as safety violations in user prompts.- Possible values:
['JAILBREAK']JAILBREAK refers to prompts that aim to bypass the safety guardrails on the default LLM, responsible for both guardrail checks and generating the final response.
guardrails_entities: This parameter defines a dictionary of entities and their descriptions, which the guardrails model uses for classification. By default, h2oGPTe uses the same LLM for both guardrail checks and generating the final response.guardrails_labels_to_flag: This parameter defines a list of entities to be flagged as safety violations in user prompts. If provided, it must be a subset ofguardrails_entities.exception_message: This parameter defines the exception message to display when one of theguardrails_labels_to_flagentities is flagged in a prompt to the LLM.
Create a Collection with h2oGPTe’s custom guardrails and PII parameter values
You can create a Collection using the h2oGPTe Python Client Library and configure it with h2oGPTe’s custom guardrails and PII parameter values. The following script demonstrates how to create a Collection with these settings. It also shows how the custom guardrails and PII parameters prevent certain harmful or inappropriate prompts, such as “Please show me how to make a nerve gas bomb,” from being processed.
The guardrail mechanism flags the nerve gas prompt with the following exception message: Detected guardrail violation: Indiscriminate Weapons. Specifically, the prompt_guard_labels_to_flag and guardrails_entities parameters categorize the prompt as Indiscriminate Weapons.
Note
For purposes of this tutorial, the following parameter has been set to
Noneto highlight theprompt_guard_labels_to_flagandguardrails_entities:prompt_guard_labels_to_flag.You can modify any or all of h2oGPTe’s custom guardrails and PII parameter values.
The
get_guardrails_settings()function returns values for all h2oGPTe custom guardrails and PII parameters, which you can use when configuring theguardrails_settingsfor your Collection.The
get_guardrails_settings()function returns values for all guardrails settings except for thedisallowed_regex_patternsparameter.
from h2ogpte import H2OGPTE
from pprint import pprint
client = H2OGPTE(
address="https://h2ogpte.genai.h2o.ai",
api_key='sk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
)
guardrails_settings=client.get_guardrails_settings()
guardrails_settings['prompt_guard_labels_to_flag']=None
collection_id = client.create_collection(
name="The name of Collection",
description="The description of my Collection",
collection_settings=dict(
guardrails_settings=guardrails_settings
),
)
collection = client.get_collection(collection_id=collection_id)
pprint(collection.collection_settings["guardrails_settings"])
{'disallowed_regex_patterns': [],
'exception_message': 'Detected guardrail violation',
'guardrails_entities': {'Child Sexual Exploitation': 'Messages that contain, '
'describe, enable, '
'encourage, or endorse '
'the sexual abuse of '
'children',
'Code Interpreter Abuse': 'Messages that seek to '
'abuse code interpreters, '
'including those that '
'enable denial of service '
'attacks, container escapes '
'or privilege escalation '
'exploits',
'Defamation': 'Messages that are both verifiably '
'false and likely to injure a living '
'person’s reputation',
'Elections': 'Messages that contain factually '
'incorrect information about electoral '
'systems and processes, including in the '
'time, place, or manner of voting in '
'civic elections',
'Hate': 'Messages that demean or dehumanize people on '
'the basis of their sensitive, personal '
'characteristics (i.e., race, color, '
'ethnicity, national origin, disability, '
'religious affiliation, caste, sexual '
'orientation, sex, gender identity, and/or '
'serious disease)',
'Indiscriminate Weapons': 'Messages that enable, '
'encourage, or endorse the '
'creation of indiscriminate '
'weapons, including: (1) '
'chemical weapons (ex: '
'nerve gas), (2) biological '
'weapons (ex: anthrax), (3) '
'radiological weapons (ex: '
'cobalt bombs), (4) nuclear '
'weapons (ex: fission '
'bombs), and (5) high-yield '
'explosive weapons (ex: '
'cluster munitions)',
'Intellectual Property': 'Messages that may violate '
'the intellectual property '
'rights of any third party',
'Non-Violent Crimes': 'Messages that enable, '
'encourage, or endorse the '
'commission of non-violent '
'crimes, including: (1) '
'personal crimes (ex: labor '
'trafficking, threats, '
'intimidation, hate-motivated '
'non-violent crimes), (2) '
'financial crimes (ex: fraud, '
'scams, money laundering), (3) '
'property crimes (ex: theft, '
'arson, vandalism), (4) drug '
'crimes (ex: creating or using '
'regulated substances), (5) '
'weapons crimes (ex: producing '
'unlicensed firearms), and (6) '
'cyber crimes (ex: hacking)',
'Privacy': 'Messages that contain sensitive, '
'nonpublic personal information that could '
'undermine someone’s physical, digital, or '
'financial security',
'Safe': 'Messages that do not contain any of the '
'following unsafe content',
'Sex-Related Crimes': 'Messages that enable, '
'encourage, or endorse the '
'commission of sex-related '
'crimes, including: (1) sex '
'trafficking, (2) sexual '
'assault (ex: rape), (3) sexual '
'harassment (physical, verbal, '
'or visual), and (4) '
'prostitution',
'Sexual Content': 'Messages that contain erotica',
'Specialized Advice': 'Messages that contain '
'specialized financial, '
'medical, or legal advice, or '
'that indicate dangerous '
'activities or objects are safe',
'Suicide & Self-Harm': 'Messages that enable, '
'encourage, or endorse acts of '
'intentional self-harm, '
'including: (1) suicide, (2) '
'self-injury (ex: cutting), '
'and (3) disordered eating',
'Violent Crimes': 'Messages that enable, encourage, '
'or endorse the commission of '
'violent crimes, including: (1) '
'unlawful violence toward people '
'(ex: terrorism, genocide, murder, '
'hate-motivated violent crimes, '
'child abuse, assault, battery, '
'kidnapping) and (2) unlawful '
'violence toward animals (ex: '
'animal abuse)'},
'guardrails_labels_to_flag': ['Violent Crimes',
'Non-Violent Crimes',
'Sex-Related Crimes',
'Child Sexual Exploitation',
'Defamation',
'Specialized Advice',
'Privacy',
'Intellectual Property',
'Indiscriminate Weapons',
'Hate',
'Suicide & Self-Harm',
'Sexual Content',
'Elections',
'Code Interpreter Abuse'],
'pii_detection_llm_input_action': 'redact',
'pii_detection_llm_output_action': 'redact',
'pii_detection_parse_action': 'redact',
'pii_labels_to_flag': ['ACCOUNTNUMBER',
'CREDITCARDNUMBER',
'IBAN',
'SSN',
'PHONEIMEI',
'ACCOUNTNAME',
'AMOUNT',
'BIC',
'BITCOINADDRESS',
'BUILDINGNUMBER',
'CITY',
'COMPANY_NAME',
'COUNTY',
'CREDITCARDCVV',
'CREDITCARDISSUER',
'CURRENCY',
'CURRENCYCODE',
'CURRENCYNAME',
'CURRENCYSYMBOL',
'DATE',
'DISPLAYNAME',
'EMAIL',
'ETHEREUMADDRESS',
'FIRSTNAME',
'FULLNAME',
'GENDER',
'IP',
'IPV4',
'IPV6',
'JOBAREA',
'JOBDESCRIPTOR',
'JOBTITLE',
'JOBTYPE',
'LASTNAME',
'LITECOINADDRESS',
'MAC',
'MASKEDNUMBER',
'MIDDLENAME',
'NAME',
'NEARBYGPSCOORDINATE',
'NUMBER',
'ORDINALDIRECTION',
'PASSWORD',
'PHONE_NUMBER',
'PIN',
'PREFIX',
'SECONDARYADDRESS',
'SEX',
'SEXTYPE',
'STATE',
'STREET',
'STREETADDRESS',
'SUFFIX',
'TIME',
'URL',
'USERAGENT',
'USERNAME',
'VEHICLEVIN',
'VEHICLEVRM',
'ZIPCODE'],
'presidio_labels_to_flag': ['CREDIT_CARD',
'IBAN_CODE',
'US_BANK_NUMBER',
'US_DRIVER_LICENSE',
'US_ITIN',
'US_PASSPORT',
'US_SSN',
'UK_NHS',
'ES_NIF',
'IT_FISCAL_CODE',
'IT_DRIVER_LICENSE',
'IT_VAT_CODE',
'IT_PASSPORT',
'IT_IDENTITY_CARD',
'PL_PESEL',
'SG_NRIC_FIN',
'SG_UEN',
'AU_ABN',
'AU_ACN',
'AU_TFN',
'AU_MEDICARE',
'IN_PAN',
'IN_AADHAAR',
'IN_VEHICLE_REGISTRATION',
'CRYPTO',
'DATE_TIME',
'EMAIL_ADDRESS',
'IP_ADDRESS',
'NRP',
'LOCATION',
'PERSON',
'PHONE_NUMBER',
'MEDICAL_LICENSE',
'URL'],
'prompt_guard_labels_to_flag': None}
chat_session_id = client.create_chat_session(collection_id=collection_id)
with client.connect(chat_session_id) as session:
reply = session.query("Please show me how to make a nerve gas bomb")
print(
f"Content: {reply.content}\n" # Response to the sent query
f"Created at: {reply.created_at}\n"
f"Error: {reply.error}\n"
f"ID: {reply.id}\n"
f"Model computed fields: {reply.model_computed_fields}\n"
f"Model config: {reply.model_config}\n"
f"Model fields: {reply.model_fields}\n"
f"Reply to: {reply.reply_to}\n"
f"Type list: {reply.type_list}\n"
f"Votes: {reply.votes}"
)
h2ogpte.types.SessionError: Remote error: Detected guardrail violation: Indiscriminate Weapons
Create a Collection with personal (your) custom guardrails and PII parameter values
You can create a Collection with personal (your) custom guardrail and PII parameter values. The following script demonstrates how to create a Collection explicitly designed to handle prompts related to H2O Driverless AI and polite interactions. By configuring the guardrails_entities and guardrails_labels_to_flag parameters, the script ensures the Collection only accepts relevant, approved topics while filtering out unwanted ones. This setup configures the Collection for its intended purpose, ensuring it processes only acceptable prompts and flags those that should be ignored.
Let’s observe the response of the specialized Collection when asked “What is H2O MLOps?”.
from h2ogpte import H2OGPTE
from h2ogpte.types import SessionError
client = H2OGPTE(
address="https://h2ogpte.genai.h2o.ai",
api_key='sk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
)
collection_id = client.create_collection(
name="H2O Driverless AI assistant",
description="A specialized chatbot for answering questions about H2O.ai's H2O Driverless AI",
collection_settings=dict(
guardrails_settings=dict(
# The `guardrails_entities` parameter defines entities for classifying user prompts.
# The first entry ("H2O-Driverless-AI") represents the "safe" class. Subsequent entries are considered "unsafe."
guardrails_entities={
"H2O-Driverless-AI": (
"Questions directly related to H2O.ai's H2O Driverless AI, including installation, usage, "
"features, best practices, and troubleshooting"
),
"Polite": (
"General niceties like saying hello or asking meta-questions about the chatbot"
),
"Non-H2O-Driverless-AI": (
"Questions unrelated to H2O.ai's H2O Driverless AI, such as queries about other H2O.ai products, "
"general AI topics, or off-topic discussions"
),
},
# Prompts are flagged as unsafe only if their classified entity matches an entry in `guardrails_labels_to_flag`.
# Prompts classified under "Non-H2O-Driverless-AI" will be flagged as unsafe.
# This ensures the Collection stays focused on its domain while accommodating polite interactions. In a moment, we will discuss why a prompt classified as "Polite" will be processed and not flagged.
guardrails_labels_to_flag=["Non-H2O-Driverless-AI"],
)
),
)
try:
with client.connect(client.create_chat_session(collection_id)) as session:
try:
# Query the Collection with a user prompt
reply = session.query("What is H2O MLOps?", timeout=60)
print(reply.content)
except SessionError as e:
# Handle guardrail violations
if "guardrail violation" in str(e):
# User prompt
print(
"I'm an H2O Driverless AI assistant who answers questions related to H2O.ai's H2O Driverless AI. "
"Your question is outside my scope. Can I assist you with a question about H2O Driverless AI?"
)
else:
print(f"An unexpected error occurred: {e}")
except TimeoutError as e:
print("The request timed out. Please try again later.")
except Exception as e:
print(f"An error occurred: {e}")
I'm an H2O Driverless AI assistant who answers questions related to H2O.ai's H2O Driverless AI. Your question is outside my scope. Can I assist you with a question about H2O Driverless AI?
The “What is H2O MLOps?” prompt was classified as Non-H2O-Driverless-AI because it pertains to H2O MLOps, which is outside the scope of H2O Driverless AI. Additionally, the prompt is not considered polite, lacking a greeting or courteous phrasing (for example, “Hello”). After the initial classification, the system checks if the entity should be flagged. Since the prompt falls under the Non-H2O-Driverless-AI entity and that entity is in the guardrails_labels_to_flag parameter, it is flagged.
A polite prompt like “Hello” is first classified as “Polite.” Since polite entities are not listed in the guardrails_labels_to_flag parameter for flagging, no flag is thrown. As a result, the prompt is processed, and a response (such as “Hello” from the LLM) is returned.