feat(modelarmor): Added snippets for sanitization (#4051)

* Added CRUD code snippets with codeowners file

* Solved linting errors

* Added sanitization code snippets along with test cases

* Added header comment

* Removed hardcoded value from test file

* Removed crud related files

* Addressed gemini bot comments

* Updated prompts, tests and log statements for sanitization APIs

* chore(cloud-sql): migrate mysql, postgres samples to new CI (#4055)

* chore(cloud-sql): migrate mysql, postgres samples to new CI

* rename to match postgres version

* acquireTimeout warns in mysql2, remove

* mysql2 query returns [results, fields], so only return fields

* remove unused test scripts

* revert bot-suggested rename: would cause excessive region tag change

* chore(compute): Migrate region tag (#4047)

* chore(compute): Migrate region tag

* chore(compute): Rename region tag

* chore(compute): Renove older region tag (#4062)

overriding failure as this is jsut removing the region tag.

* feat: support testing on forked repos (#4057)

* feat: support testing on forked repos

* add pull_request to test on PR

* remove prod suffix

* decode json on matrix paths

* add experimental to check names

* add experimental to job names

* run test only if paths is not empty

* test explicitly against empty array

* move experimental as a prefix

* success check if no paths are found

* always set check to done

* remove pull_request trigger

* rearrange if check

* add more comments

* fix: add id-token to workflows (#4063)

* feat: support testing on forked repos

* add pull_request to test on PR

* remove prod suffix

* decode json on matrix paths

* add experimental to check names

* add experimental to job names

* run test only if paths is not empty

* test explicitly against empty array

* move experimental as a prefix

* success check if no paths are found

* always set check to done

* remove pull_request trigger

* rearrange if check

* add more comments

* fix: add id-token to workflows

* chore: update the minimum language based on maintenance mode

* chore(deps): pin dependencies (#4035)

* Added region tags to snippets

* Updated region tags for code snippets based on errors

* Removed extra csam assertions in sanitization tests

* Addressed review comments

* Updated test cases for sanitization snippets, added test for rai filter

* Updated tests as per review comments

* updated commented variables sample values in code snippets

* Addressed review comments and updated tests accordingly

* removed-todo-developer-comments

* add-new-line-eslintrc

* fix-linting-warnings-and-errors

* fixed-tests

* revert-security-center-change

* revert-security-center-change

* revert-security-center-change

* fix-minor-lint

---------

Co-authored-by: Eric Schmidt <[email protected]>
Co-authored-by: Harsh Nasit <[email protected]>
Co-authored-by: harshnasitcrest <[email protected]>
Co-authored-by: David Cavazos <[email protected]>

Author: 4 people

model-armor/package.json

@@ -14,7 +14,8 @@
       "test": "c8 mocha -p -j 2 --recursive test/ --timeout=60000"
     },
     "dependencies": {
-      "@google-cloud/modelarmor": "^0.1.0"
+      "@google-cloud/modelarmor": "^0.1.0",
+      "@google-cloud/dlp": "^5.0.0"
     },
     "devDependencies": {
       "c8": "^10.0.0",

model-armor/snippets/sanitizeModelResponse.js

@@ -0,0 +1,58 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+/**
+ * Sanitizes a model response using Model Armor filters.
+ *
+ * @param {string} projectId - Google Cloud project ID where the template exists.
+ * @param {string} locationId - Google Cloud location (region) of the template, e.g., 'us-central1'.
+ * @param {string} templateId - Identifier of the template to use for sanitization.
+ * @param {string} modelResponse - The text response from a model that needs to be sanitized.
+ */
+async function sanitizeModelResponse(
+  projectId,
+  locationId,
+  templateId,
+  modelResponse
+) {
+  // [START modelarmor_sanitize_model_response]
+  /**
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  // const projectId = process.env.PROJECT_ID || 'your-project-id';
+  // const locationId = process.env.LOCATION_ID || 'us-central1';
+  // const templateId = process.env.TEMPLATE_ID || 'template-id';
+  // const modelResponse = 'unsanitized model output';
+  const {ModelArmorClient} = require('@google-cloud/modelarmor').v1;
+
+  const client = new ModelArmorClient({
+    apiEndpoint: `modelarmor.${locationId}.rep.googleapis.com`,
+  });
+
+  const request = {
+    name: `projects/${projectId}/locations/${locationId}/templates/${templateId}`,
+    modelResponseData: {
+      text: modelResponse,
+    },
+  };
+
+  const [response] = await client.sanitizeModelResponse(request);
+  console.log(JSON.stringify(response, null, 2));
+  // [END modelarmor_sanitize_model_response]
+  return response;
+}
+
+module.exports = sanitizeModelResponse;

model-armor/snippets/sanitizeModelResponseWithUserPrompt.js

@@ -0,0 +1,62 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+/**
+ * Sanitizes a model response with context from the original user prompt.
+ *
+ * @param {string} projectId - Google Cloud project ID where the template exists.
+ * @param {string} locationId - Google Cloud location (region) of the template, e.g., 'us-central1'.
+ * @param {string} templateId - Identifier of the template to use for sanitization.
+ * @param {string} modelResponse - The text response from a model that needs to be sanitized.
+ * @param {string} userPrompt - The original user prompt that generated the model response.
+ */
+async function sanitizeModelResponseWithUserPrompt(
+  projectId,
+  locationId,
+  templateId,
+  modelResponse,
+  userPrompt
+) {
+  // [START modelarmor_sanitize_model_response_with_user_prompt]
+  /**
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  // const projectId = process.env.PROJECT_ID || 'your-project-id';
+  // const locationId = process.env.LOCATION_ID || 'us-central1';
+  // const templateId = process.env.TEMPLATE_ID || 'template-id';
+  // const modelResponse = 'unsanitized model output';
+  // const userPrompt = 'unsafe user prompt';
+  const {ModelArmorClient} = require('@google-cloud/modelarmor').v1;
+
+  const client = new ModelArmorClient({
+    apiEndpoint: `modelarmor.${locationId}.rep.googleapis.com`,
+  });
+
+  const request = {
+    name: `projects/${projectId}/locations/${locationId}/templates/${templateId}`,
+    modelResponseData: {
+      text: modelResponse,
+    },
+    userPrompt: userPrompt,
+  };
+
+  const [response] = await client.sanitizeModelResponse(request);
+  console.log(JSON.stringify(response, null, 2));
+  return response;
+  // [END modelarmor_sanitize_model_response_with_user_prompt]
+}
+
+module.exports = sanitizeModelResponseWithUserPrompt;

model-armor/snippets/sanitizeUserPrompt.js

@@ -0,0 +1,58 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+/**
+ * Sanitizes a user prompt using Model Armor filters.
+ *
+ * @param {string} projectId - Google Cloud project ID where the template exists.
+ * @param {string} locationId - Google Cloud location (region) of the template.
+ * @param {string} templateId - Identifier of the template to use for sanitization.
+ * @param {string} userPrompt - The user's text prompt that needs to be sanitized.
+ */
+async function sanitizeUserPrompt(
+  projectId,
+  locationId,
+  templateId,
+  userPrompt
+) {
+  // [START modelarmor_sanitize_user_prompt]
+  /**
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  // const projectId = process.env.PROJECT_ID || 'your-project-id';
+  // const locationId = process.env.LOCATION_ID || 'us-central1';
+  // const templateId = process.env.TEMPLATE_ID || 'template-id';
+  // const userPrompt = 'unsafe user prompt';
+  const {ModelArmorClient} = require('@google-cloud/modelarmor').v1;
+
+  const client = new ModelArmorClient({
+    apiEndpoint: `modelarmor.${locationId}.rep.googleapis.com`,
+  });
+
+  const request = {
+    name: `projects/${projectId}/locations/${locationId}/templates/${templateId}`,
+    userPromptData: {
+      text: userPrompt,
+    },
+  };
+
+  const [response] = await client.sanitizeUserPrompt(request);
+  console.log(JSON.stringify(response, null, 2));
+  return response;
+  // [END modelarmor_sanitize_user_prompt]
+}
+
+module.exports = sanitizeUserPrompt;

model-armor/snippets/screenPdfFile.js

@@ -0,0 +1,72 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+/**
+ * Sanitize/Screen PDF file content using the Model Armor API.
+ *
+ * @param {string} projectId - Google Cloud project ID.
+ * @param {string} locationId - Google Cloud location.
+ * @param {string} templateId - The template ID used for sanitization.
+ * @param {string} pdfContentFilename - Path to a PDF file.
+ */
+async function screenPdfFile(
+  projectId,
+  locationId,
+  templateId,
+  pdfContentFilename
+) {
+  // [START modelarmor_screen_pdf_file]
+  /**
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  // const projectId = process.env.PROJECT_ID || 'your-project-id';
+  // const locationId = process.env.LOCATION_ID || 'us-central1';
+  // const templateId = process.env.TEMPLATE_ID || 'template-id';
+  // const pdfContentFilename = 'path/to/file.pdf';
+
+  // Imports the Model Armor library
+  const modelarmor = require('@google-cloud/modelarmor');
+  const {ModelArmorClient} = modelarmor.v1;
+  const {protos} = modelarmor;
+  const ByteItemType =
+    protos.google.cloud.modelarmor.v1.ByteDataItem.ByteItemType;
+
+  const fs = require('fs');
+
+  const pdfContent = fs.readFileSync(pdfContentFilename);
+  const pdfContentBase64 = pdfContent.toString('base64');
+
+  const client = new ModelArmorClient({
+    apiEndpoint: `modelarmor.${locationId}.rep.googleapis.com`,
+  });
+
+  const request = {
+    name: `projects/${projectId}/locations/${locationId}/templates/${templateId}`,
+    userPromptData: {
+      byteItem: {
+        byteDataType: ByteItemType.PDF,
+        byteData: pdfContentBase64,
+      },
+    },
+  };
+
+  const [response] = await client.sanitizeUserPrompt(request);
+  console.log(JSON.stringify(response, null, 2));
+  return response;
+  // [END modelarmor_screen_pdf_file]
+}
+
+module.exports = screenPdfFile;