Issue 1959 [PERFORMANCE]: Fix critical performance issues in llm-guard plugin

[tedhabeck]

🐛 Bug-fix PR

Before opening this PR please:

1. make lint - passes ruff, mypy, pylint
2. make test - all unit + integration tests green
3. make coverage - ≥ 90 %
4. make docker docker-run-ssl or make podman podman-run-ssl
5. Update relevant documentation.
6. Tested with sqlite and postgres + redis.
7. Manual regression no longer fails. Ensure the UI and /version work correctly.

---

📌 Summary

#1959

🔁 Reproduction Steps

LOG_LEVEL=ERROR
python tests/performance/test_plugins_performance.py --details 2> /dev/null

🐞 Root Cause

#1959

💡 Fix Description

prescriptively followed details in epic #1958

🧪 Verification

LOG_LEVEL=ERROR
python tests/performance/test_plugins_performance.py --details 2> /dev/null

✅ Checklist

• Code formatted (make black isort pre-commit)
• No secrets/credentials committed

[tedhabeck]

Analysis:

Plugin                            P:post       P:pre      R:post       R:pre      T:post       T:pre
----------------------------------------------------------------------------------------------------
Baseline:
LLMGuardPlugin                  22.748ms   116.705ms           —           —           —           —

After cache update:
LLMGuardPlugin                  23.611ms   130.061ms           —           —           —           —

After scanner threading update:
LLMGuardPlugin                   0.148ms     0.120ms           —           —           —           —

After pickle threading:
LLMGuardPlugin                   0.215ms     0.249ms           —           —           —           —

After eval() replaced with ast and orjson update:
LLMGuardPlugin                   0.153ms     0.139ms           —           —           —           —

[crivetimihai]

Rebase and Review Summary

I've rebased this PR onto main and made the following adjustments:

Changes Made During Rebase

1. Resolved conflicts with merged PRs llmguard: switch from pickle to orjson for cache serialization #2179 and llmguard: replace raw eval() with a safe AST-based evaluator #2180

   • Kept orjson serialization (from llmguard: switch from pickle to orjson for cache serialization #2179) instead of pickle
   • Removed pickle-related optimizations (optimal_dump/optimal_load) as orjson is already fast and doesn't need async threading for serialization
   • Kept the AST-based policy evaluator (from llmguard: replace raw eval() with a safe AST-based evaluator #2180)

2. Security Fix: Fail-closed behavior for scanner errors

   • Original implementation skipped failed scanners, which caused a fail-open security issue
   • When a scanner failed, its result was missing from policy evaluation
   • Policy evaluation returned "Invalid expression" (truthy), causing requests to be allowed
   • Fix: Failed scanners now return is_valid=False with risk_score=1.0, ensuring denial

3. Test fixes

   • Updated tests to use prompt_id instead of deprecated name parameter
   • Added environment variable support for redis host/port in tests

Remaining Questions

1. Thread safety of llm_guard scanners: Are filter scanners guaranteed thread-safe when called concurrently via asyncio.to_thread? If scanners mutate shared state, concurrent requests could race. The parallelization only applies to filters (likely stateless), while sanitizers still run sequentially.

2. Regression test for fail-closed path: Should we add a test that injects a failing scanner and asserts denial to prevent reintroducing fail-open behavior?

Files Changed

• cache.py - Async redis with orjson (not pickle)
• llmguard.py - Parallel scanners with fail-closed error handling
• plugin.py - Added await calls
• tests/test_llmguardplugin.py - Fixed payload parameters