fix(guardrails): improve CrowdStrike AIDR input handling

[kenany]

Pre-Submission checklist

• I have Added testing in the tests/test_litellm/ directory, Adding at least 1 test is a hard requirement - see details
• My PR passes all unit tests on make test-unit
• My PR's scope is as isolated as possible, it only solves 1 specific problem
• I have requested a Greptile review by commenting @greptileai and received a Confidence Score of at least 4/5 before requesting a maintainer review

Delays in PR merge?

If you're seeing a delay in your PR being merged, ping the LiteLLM Team on Slack (#pr-review).

CI (LiteLLM team)

CI status guideline:

• 50-55 passing tests: main is stable with minor issues.
• 45-49 passing tests: acceptable but needs attention
• <= 40 passing tests: unstable; be careful with your merges and assess the risk.

• Branch creation CI run
  Link:

• CI run for the last commit
  Link:

• Merge / cherry-pick CI run
  Links:

Type

🧹 Refactoring

Changes

Added stricter data models to ensure that everything is converted to the format that the CrowdStrike AIDR API expects. Also greatly simplified how LLM responses are handled while fixing streaming responses at the same time.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
litellm	Ready	Preview, Comment	Apr 13, 2026 2:50am

[kenany]

@greptileai

[codspeed-hq]

Merging this PR will not alter performance

✅ 16 untouched benchmarks

---

_{Comparing kenany:kenany/crowdstrike-aidr-streaming-output (057186e) with main (5544803)}

[greptile-apps]

Greptile Summary

This PR refactors the CrowdStrike AIDR guardrail to use typed Pydantic models (_Message, _GuardInput, _TextContentPart, _ImageUrlContentPart) for serialization, and unifies how LLM responses are evaluated by appending assistant messages directly to the message history (removing the previous choices structure). Streaming response handling is also simplified.

• Potential regression in response path: _build_guard_input_for_response now only reads from request_data.get(\"messages\", []), dropping the previous fallback chain (request_data[\"body\"][\"messages\"] → request_data[\"messages\"] → logging_obj.model_call_details[\"messages\"]). The apply_guardrail method itself still guards on \"body\" in request_data, suggesting \"body\" is a real production key; when messages live there, the response AIDR call will now silently use empty history.

Confidence Score: 4/5

Safe to merge pending confirmation that request_data["body"]["messages"] is never the sole source of conversation history in the response guardrail path.

The Pydantic model additions and serialization improvements are clean. The one P1 concern is the removal of the body.messages / logging_obj fallbacks, which could silently degrade guardrail quality for response evaluation if production callers rely on those paths.

litellm/proxy/guardrails/guardrail_hooks/crowdstrike_aidr/crowdstrike_aidr.py — specifically _build_guard_input_for_response and the removed fallback lookup chain.

Important Files Changed

Filename	Overview
litellm/proxy/guardrails/guardrail_hooks/crowdstrike_aidr/crowdstrike_aidr.py	Introduces typed Pydantic models for request serialization and simplifies response handling, but removes the body.messages and logging_obj fallback lookups for conversation history in the response path, which may silently send empty history to the AIDR API.
tests/test_litellm/proxy/guardrails/guardrail_hooks/test_crowdstrike_aidr.py	Tests correctly updated to reflect the new unified-messages API shape (no choices key); mock-only, no real network calls. Coverage is equivalent to the old tests.

Sequence Diagram

sequenceDiagram
    participant Proxy
    participant Handler as CrowdStrikeAIDRHandler
    participant AIDR as CrowdStrike AIDR API

    alt input_type == request
        Proxy->>Handler: apply_guardrail(inputs, request_data, request)
        Handler->>Handler: _build_guard_input_for_request(inputs)
        Note over Handler: structured_messages → _normalize_content()<br/>OR texts → list[_Message]<br/>Empty-content messages filtered out
        Handler->>AIDR: POST /v1/guard_chat_completions
        AIDR-->>Handler: result blocked/transformed/guard_output
        alt blocked
            Handler-->>Proxy: raise HTTPException(400)
        else transformed
            Handler->>Handler: Extract texts from guard_output messages
            Handler-->>Proxy: texts: transformed_texts
        else not transformed
            Handler-->>Proxy: original inputs
        end
    else input_type == response
        Proxy->>Handler: apply_guardrail(inputs, request_data, response)
        Handler->>Handler: _build_guard_input_for_response(inputs, request_data)
        Note over Handler: history = request_data.get(messages, [])<br/>Append assistant messages from inputs texts
        Handler->>AIDR: POST /v1/guard_chat_completions
        AIDR-->>Handler: result blocked/transformed/guard_output
        alt blocked
            Handler-->>Proxy: raise HTTPException(400)
        else transformed
            Handler->>Handler: _extract_transformed_texts(guard_output, num_assistant)
            Handler-->>Proxy: texts: transformed_texts
        else not transformed
            Handler-->>Proxy: original inputs
        end
    end

Loading

_{Reviews (5): Last reviewed commit: "fix(guardrails): improve CrowdStrike AID..." | Re-trigger Greptile}

[codecov]

Codecov Report

❌ Patch coverage is 67.14286% with 23 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
...ardrail_hooks/crowdstrike_aidr/crowdstrike_aidr.py	67.14%	23 Missing ⚠️

📢 Thoughts on this report? Let us know!

[kenany]

Reopened at #26658 since the litellm_oss_branch branch was apparently deleted.