Bump policy versions and add missing buildErrorResponseV2 analytics metadata

[Arshardh]

Summary by CodeRabbit

• New Features

  • Added analytics metadata tracking for guardrail policy violations, now reporting guardrail names and trigger status when policies are enforced.

• Chores

  • Updated all guardrail policies to version v0.9.1.
  • Upgraded Go toolchain version to support latest language features and security updates.
  • Updated internal dependencies across policy modules.

[coderabbitai]

Walkthrough

Go toolchain updated across 11 policy modules from 1.25.7 to 1.26.1. All policy definitions bumped to v0.9.1. SDK core dependencies updated (some versions upgraded, indirect markers removed). Four guardrail policies enriched with analytics metadata in error responses.

Changes

Cohort / File(s)	Summary
Go Toolchain Updates policies/api-key-auth/go.mod, policies/aws-bedrock-guardrail/go.mod, policies/azure-content-safety-content-moderation/go.mod, policies/content-length-guardrail/go.mod, policies/json-schema-guardrail/go.mod, policies/semantic-prompt-guard/go.mod, policies/sentence-count-guardrail/go.mod, policies/url-guardrail/go.mod, policies/word-count-guardrail/go.mod	Updated Go toolchain from 1.25.7 to 1.26.1 across all policy modules.
SDK Core Dependency Updates policies/api-key-auth/go.mod, policies/content-length-guardrail/go.mod, policies/semantic-prompt-guard/go.mod, policies/sentence-count-guardrail/go.mod, policies/url-guardrail/go.mod, policies/word-count-guardrail/go.mod	Upgraded github.com/wso2/api-platform/sdk/core (some from v0.1.0 to v0.1.2) and removed indirect markers to make dependencies explicit.
Policy Version Bumps policies/.../policy-definition.yaml	Updated all 10 policy definitions from version v0.9.0 to v0.9.1 (api-key-auth, aws-bedrock-guardrail, azure-content-safety-content-moderation, content-length-guardrail, json-schema-guardrail, regex-guardrail, semantic-prompt-guard, sentence-count-guardrail, url-guardrail, word-count-guardrail).
Analytics Metadata Integration policies/semantic-prompt-guard/semanticpromptguard.go, policies/sentence-count-guardrail/sentencecountguardrail.go, policies/url-guardrail/urlguardrail.go, policies/word-count-guardrail/wordcountguardrail.go	Added analyticsMetadata map with isGuardrailHit: true and guardrail name to error responses in buildErrorResponseV2 functions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• Add policy changes for publishing Application, llm cost and guardrail triggering analytics events #115: Modifies the same guardrail error-response builders (buildErrorResponse/buildErrorResponseV2) across semantic-prompt-guard, sentence-count-guardrail, url-guardrail, and word-count-guardrail to add AnalyticsMetadata fields.

Suggested reviewers

• pubudu538
• malinthaprasan
• Krishanx92
• Thushani-Jayasekera

Poem

🐰 Hop along with Go 1.26, so neat,
Version bumps make policies complete!
Analytics metadata, guardrails alight,
Dependencies explicit, all tracking just right! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	No pull request description was provided. The template requires multiple sections including Purpose, Goals, Approach, and other critical information.	Provide a complete pull request description following the repository template, explaining the purpose, goals, approach, and impact of these changes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the two main changes: bumping policy versions and adding analytics metadata to buildErrorResponseV2 functions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@policies/semantic-prompt-guard/semanticpromptguard.go`:
- Around line 619-622: Update the analytics metadata to use kebab-case for the
guardrail name: find the analyticsMetadata map where "guardrailName" is set
(variable analyticsMetadata in semanticpromptguard.go) and change the value from
"SemanticPromptGuard" to "semantic-prompt-guard" so it matches other guardrails'
naming convention (e.g., "url-guardrail", "word-count-guardrail"). Ensure no
other occurrences of the PascalCase string remain in that map or nearby
logging/analytics emission code.

In `@policies/url-guardrail/urlguardrail.go`:
- Around line 809-812: Remove the added AnalyticsMetadata assignments: delete
the creation/usage of the analyticsMetadata map and any assignments that set
AnalyticsMetadata on policy/v1alpha2.DownstreamResponseModifications and
policy/v1alpha2.ImmediateResponse (the code that assigns analyticsMetadata to
those structs) because v0.1.2 of github.com/wso2/api-platform/sdk/core does not
expose AnalyticsMetadata; revert those changes so the
DownstreamResponseModifications and ImmediateResponse objects are constructed
without an AnalyticsMetadata field, or guard them behind an SDK-version check
until the SDK adds that field.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6e1c68e8-298e-40cc-9cee-a03aadedd942

📥 Commits

Reviewing files that changed from the base of the PR and between 08f955b and 73099ca.

⛔ Files ignored due to path filters (9)

• policies/api-key-auth/go.sum is excluded by !**/*.sum
• policies/aws-bedrock-guardrail/go.sum is excluded by !**/*.sum
• policies/azure-content-safety-content-moderation/go.sum is excluded by !**/*.sum
• policies/content-length-guardrail/go.sum is excluded by !**/*.sum
• policies/json-schema-guardrail/go.sum is excluded by !**/*.sum
• policies/semantic-prompt-guard/go.sum is excluded by !**/*.sum
• policies/sentence-count-guardrail/go.sum is excluded by !**/*.sum
• policies/url-guardrail/go.sum is excluded by !**/*.sum
• policies/word-count-guardrail/go.sum is excluded by !**/*.sum

📒 Files selected for processing (23)

• policies/api-key-auth/go.mod
• policies/api-key-auth/policy-definition.yaml
• policies/aws-bedrock-guardrail/go.mod
• policies/aws-bedrock-guardrail/policy-definition.yaml
• policies/azure-content-safety-content-moderation/go.mod
• policies/azure-content-safety-content-moderation/policy-definition.yaml
• policies/content-length-guardrail/go.mod
• policies/content-length-guardrail/policy-definition.yaml
• policies/json-schema-guardrail/go.mod
• policies/json-schema-guardrail/policy-definition.yaml
• policies/regex-guardrail/policy-definition.yaml
• policies/semantic-prompt-guard/go.mod
• policies/semantic-prompt-guard/policy-definition.yaml
• policies/semantic-prompt-guard/semanticpromptguard.go
• policies/sentence-count-guardrail/go.mod
• policies/sentence-count-guardrail/policy-definition.yaml
• policies/sentence-count-guardrail/sentencecountguardrail.go
• policies/url-guardrail/go.mod
• policies/url-guardrail/policy-definition.yaml
• policies/url-guardrail/urlguardrail.go
• policies/word-count-guardrail/go.mod
• policies/word-count-guardrail/policy-definition.yaml
• policies/word-count-guardrail/wordcountguardrail.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Use kebab-case for guardrailName to maintain consistency.

The guardrailName is set to "SemanticPromptGuard" (PascalCase), but other guardrail policies use kebab-case. This inconsistency could impact analytics aggregation and filtering.

Based on the following examples from other guardrails:

• policies/url-guardrail/urlguardrail.go:437 uses "url-guardrail"
• policies/word-count-guardrail/wordcountguardrail.go:413 uses "word-count-guardrail"
• policies/sentence-count-guardrail/sentencecountguardrail.go:415 uses "sentence-count-guardrail"

🔧 Proposed fix to use kebab-case naming

 	analyticsMetadata := map[string]interface{}{
 		"isGuardrailHit": true,
-		"guardrailName":  "SemanticPromptGuard",
+		"guardrailName":  "semantic-prompt-guard",
 	}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	analyticsMetadata := map[string]interface{}{
	"isGuardrailHit": true,
	"guardrailName": "SemanticPromptGuard",
	}
	analyticsMetadata := map[string]interface{}{
	"isGuardrailHit": true,
	"guardrailName": "semantic-prompt-guard",
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@policies/semantic-prompt-guard/semanticpromptguard.go` around lines 619 -
622, Update the analytics metadata to use kebab-case for the guardrail name:
find the analyticsMetadata map where "guardrailName" is set (variable
analyticsMetadata in semanticpromptguard.go) and change the value from
"SemanticPromptGuard" to "semantic-prompt-guard" so it matches other guardrails'
naming convention (e.g., "url-guardrail", "word-count-guardrail"). Ensure no
other occurrences of the PascalCase string remain in that map or nearby
logging/analytics emission code.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

In github.com/wso2/api-platform/sdk/core v0.1.2, do policy/v1alpha2.DownstreamResponseModifications and policy/v1alpha2.ImmediateResponse include an AnalyticsMetadata field?

💡 Result:

No, policy/v1alpha2.DownstreamResponseModifications and policy/v1alpha2.ImmediateResponse do not include an AnalyticsMetadata field in github.com/wso2/api-platform/sdk/core v0.1.2.

Citations:

• 1: https://github.com/wso2/api-platform
• 2: https://pkg.go.dev/github.com/wso2/api-platform/gateway/gateway-controller/pkg/api/generated

---

Remove AnalyticsMetadata assignments—these fields do not exist in v0.1.2 SDK structs.

The v0.1.2 release of github.com/wso2/api-platform/sdk/core does not expose AnalyticsMetadata on policy/v1alpha2.DownstreamResponseModifications or policy/v1alpha2.ImmediateResponse. These assignments at lines 809–812, 827–830, and 837–838 will cause a compilation failure.

Either revert these additions or wait for a future SDK release that exposes AnalyticsMetadata on v1alpha2 types.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@policies/url-guardrail/urlguardrail.go` around lines 809 - 812, Remove the
added AnalyticsMetadata assignments: delete the creation/usage of the
analyticsMetadata map and any assignments that set AnalyticsMetadata on
policy/v1alpha2.DownstreamResponseModifications and
policy/v1alpha2.ImmediateResponse (the code that assigns analyticsMetadata to
those structs) because v0.1.2 of github.com/wso2/api-platform/sdk/core does not
expose AnalyticsMetadata; revert those changes so the
DownstreamResponseModifications and ImmediateResponse objects are constructed
without an AnalyticsMetadata field, or guard them behind an SDK-version check
until the SDK adds that field.