feat(aiguard): return SDS findings in SDK AI Guard response

[obordeau]

Description

AI Guard return SDS tags in SDK response from evaluator API response.

APPSEC-61590

Testing

System tests passed locally: DataDog/system-tests#6445

Risks

Additional Notes

[cit-pr-commenter-54b7da]

Codeowners resolved as

ddtrace/appsec/ai_guard/_api_client.py                                  @DataDog/asm-python
releasenotes/notes/ai-guard-sds-sdk-response-15343d1ea9397456.yaml      @DataDog/apm-python
tests/appsec/ai_guard/api/test_api_client.py                            @DataDog/asm-python

[pr-commenter]

Performance SLOs

Comparing candidate oceane.bordeau/sds-attach-sdk-response (f9bd1ac) with baseline main (068993c)

📈 Performance Regressions (1 suite)

📈 iastaspectsospath - 24/24

✅ ospathbasename_aspect

Time: ✅ 507.855µs (SLO: <700.000µs 📉 -27.4%) vs baseline: 📈 +17.7%

Memory: ✅ 43.312MB (SLO: <46.000MB -5.8%) vs baseline: +5.3%

---

✅ ospathbasename_noaspect

Time: ✅ 431.262µs (SLO: <700.000µs 📉 -38.4%) vs baseline: -1.2%

Memory: ✅ 43.348MB (SLO: <46.000MB -5.8%) vs baseline: +5.4%

---

✅ ospathjoin_aspect

Time: ✅ 623.148µs (SLO: <700.000µs 📉 -11.0%) vs baseline: +0.9%

Memory: ✅ 43.343MB (SLO: <46.000MB -5.8%) vs baseline: +5.5%

---

✅ ospathjoin_noaspect

Time: ✅ 631.493µs (SLO: <700.000µs -9.8%) vs baseline: -0.2%

Memory: ✅ 43.337MB (SLO: <46.000MB -5.8%) vs baseline: +5.6%

---

✅ ospathnormcase_aspect

Time: ✅ 345.357µs (SLO: <700.000µs 📉 -50.7%) vs baseline: -3.0%

Memory: ✅ 43.313MB (SLO: <46.000MB -5.8%) vs baseline: +5.5%

---

✅ ospathnormcase_noaspect

Time: ✅ 357.973µs (SLO: <700.000µs 📉 -48.9%) vs baseline: -0.7%

Memory: ✅ 43.288MB (SLO: <46.000MB -5.9%) vs baseline: +5.2%

---

✅ ospathsplit_aspect

Time: ✅ 488.656µs (SLO: <700.000µs 📉 -30.2%) vs baseline: -2.4%

Memory: ✅ 43.366MB (SLO: <46.000MB -5.7%) vs baseline: +5.4%

---

✅ ospathsplit_noaspect

Time: ✅ 494.317µs (SLO: <700.000µs 📉 -29.4%) vs baseline: -3.6%

Memory: ✅ 43.283MB (SLO: <46.000MB -5.9%) vs baseline: +5.2%

---

✅ ospathsplitdrive_aspect

Time: ✅ 373.990µs (SLO: <700.000µs 📉 -46.6%) vs baseline: +0.4%

Memory: ✅ 43.313MB (SLO: <46.000MB -5.8%) vs baseline: +5.3%

---

✅ ospathsplitdrive_noaspect

Time: ✅ 74.361µs (SLO: <700.000µs 📉 -89.4%) vs baseline: +0.4%

Memory: ✅ 43.379MB (SLO: <46.000MB -5.7%) vs baseline: +5.6%

---

✅ ospathsplitext_aspect

Time: ✅ 455.922µs (SLO: <700.000µs 📉 -34.9%) vs baseline: -0.8%

Memory: ✅ 43.352MB (SLO: <46.000MB -5.8%) vs baseline: +5.7%

---

✅ ospathsplitext_noaspect

Time: ✅ 462.754µs (SLO: <700.000µs 📉 -33.9%) vs baseline: -2.1%

Memory: ✅ 43.288MB (SLO: <46.000MB -5.9%) vs baseline: +5.3%

✅ All Tests Passing (2 suites)

✅ iastaspectssplit - 12/12

✅ rsplit_aspect

Time: ✅ 154.354µs (SLO: <250.000µs 📉 -38.3%) vs baseline: -1.3%

Memory: ✅ 43.284MB (SLO: <46.000MB -5.9%) vs baseline: +5.4%

---

✅ rsplit_noaspect

Time: ✅ 157.419µs (SLO: <250.000µs 📉 -37.0%) vs baseline: -7.7%

Memory: ✅ 43.268MB (SLO: <46.000MB -5.9%) vs baseline: +5.3%

---

✅ split_aspect

Time: ✅ 149.347µs (SLO: <250.000µs 📉 -40.3%) vs baseline: -3.0%

Memory: ✅ 43.340MB (SLO: <46.000MB -5.8%) vs baseline: +5.6%

---

✅ split_noaspect

Time: ✅ 153.423µs (SLO: <250.000µs 📉 -38.6%) vs baseline: -5.6%

Memory: ✅ 43.312MB (SLO: <46.000MB -5.8%) vs baseline: +5.4%

---

✅ splitlines_aspect

Time: ✅ 145.389µs (SLO: <250.000µs 📉 -41.8%) vs baseline: -7.9%

Memory: ✅ 43.283MB (SLO: <46.000MB -5.9%) vs baseline: +5.3%

---

✅ splitlines_noaspect

Time: ✅ 151.342µs (SLO: <250.000µs 📉 -39.5%) vs baseline: -7.2%

Memory: ✅ 43.288MB (SLO: <46.000MB -5.9%) vs baseline: +5.4%

---

✅ iastpropagation - 8/8

✅ no-propagation

Time: ✅ 48.668µs (SLO: <60.000µs 📉 -18.9%) vs baseline: ~same

Memory: ✅ 39.400MB (SLO: <42.000MB -6.2%) vs baseline: +5.6%

---

✅ propagation_enabled

Time: ✅ 135.772µs (SLO: <190.000µs 📉 -28.5%) vs baseline: +0.6%

Memory: ✅ 39.361MB (SLO: <42.000MB -6.3%) vs baseline: +5.6%

---

✅ propagation_enabled_100

Time: ✅ 1.543ms (SLO: <2.300ms 📉 -32.9%) vs baseline: -1.3%

Memory: ✅ 39.420MB (SLO: <42.000MB -6.1%) vs baseline: +5.9%

---

✅ propagation_enabled_1000

Time: ✅ 29.074ms (SLO: <34.550ms 📉 -15.8%) vs baseline: ~same

Memory: ✅ 39.538MB (SLO: <42.000MB -5.9%) vs baseline: +6.1%

ℹ️ Scenarios Missing SLO Configuration (20 scenarios)

The following scenarios exist in candidate data but have no SLO thresholds configured:

• iast_aspects-re_expand_aspect
• iast_aspects-re_expand_noaspect
• iast_aspects-re_findall_aspect
• iast_aspects-re_findall_noaspect
• iast_aspects-re_finditer_aspect
• iast_aspects-re_finditer_noaspect
• iast_aspects-re_fullmatch_aspect
• iast_aspects-re_fullmatch_noaspect
• iast_aspects-re_group_aspect
• iast_aspects-re_group_noaspect
• iast_aspects-re_groups_aspect
• iast_aspects-re_groups_noaspect
• iast_aspects-re_match_aspect
• iast_aspects-re_match_noaspect
• iast_aspects-re_search_aspect
• iast_aspects-re_search_noaspect
• iast_aspects-re_sub_aspect
• iast_aspects-re_sub_noaspect
• iast_aspects-re_subn_aspect
• iast_aspects-re_subn_noaspect

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2c602c3c4e

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[avara1986]

/merge

[gh-worker-devflow-routing-ef8351]

View all feedbacks in Devflow UI.

2026-03-12 13:51:27 UTC ℹ️ Start processing command /merge

---

2026-03-12 13:51:31 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 3h (p90).

---

2026-03-12 15:17:40 UTC ℹ️ MergeQueue: This merge request was merged