MCP Tools Reference: ces.googleapis.com

string

Required. The resource name of the app to create a guardrail in.

string

Optional. The ID to use for the guardrail, which will become the final component of the guardrail's resource name. If not provided, a unique ID will be automatically assigned for the guardrail.

object (Guardrail)

Required. The guardrail to create.

string

Identifier. The unique identifier of the guardrail. Format: projects/{project}/locations/{location}/apps/{app}/guardrails/{guardrail}

string

Required. Display name of the guardrail.

string

Optional. Description of the guardrail.

boolean

Optional. Whether the guardrail is enabled.

object (TriggerAction)

Optional. Action to take when the guardrail is triggered.

string (Timestamp format)

Output only. Timestamp when the guardrail was created.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

string (Timestamp format)

Output only. Timestamp when the guardrail was last updated.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

string

Etag used to ensure the object hasn't changed during a read-modify-write operation. If the etag is empty, the update will overwrite any concurrent changes.

object (ContentFilter)

Optional. Guardrail that bans certain content from being used in the conversation.

object (LlmPromptSecurity)

Optional. Guardrail that blocks the conversation if the prompt is considered unsafe based on the LLM classification.

object (LlmPolicy)

Optional. Guardrail that blocks the conversation if the LLM response is considered violating the policy based on the LLM classification.

object (ModelSafety)

Optional. Guardrail that blocks the conversation if the LLM response is considered unsafe based on the model safety settings.

object (CodeCallback)

Optional. Guardrail that potentially blocks the conversation based on the result of the callback execution.

string

Optional. List of banned phrases. Applies to both user inputs and agent responses.

string

Optional. List of banned phrases. Applies only to user inputs.

string

Optional. List of banned phrases. Applies only to agent responses.

enum (MatchType)

Required. Match type for the content filter.

boolean

Optional. If true, diacritics are ignored during matching.

boolean

Optional. Determines the behavior when the guardrail encounters an LLM error. - If true: the guardrail is bypassed. - If false (default): the guardrail triggers/blocks.

Note: If a custom policy is provided, this field is ignored in favor of the policy's 'fail_open' configuration.

object (DefaultSecuritySettings)

Optional. Use the system's predefined default security settings. To select this mode, include an empty 'default_settings' message in the request. The 'default_prompt_template' field within will be populated by the server in the response.

object (LlmPolicy)

Optional. Use a user-defined LlmPolicy to configure the security guardrail.

string

Output only. The default prompt template used by the system. This field is for display purposes to show the user what prompt the system uses by default. It is OUTPUT_ONLY.

integer

Optional. When checking this policy, consider the last 'n' messages in the conversation. When not set a default value of 10 will be used.

object (ModelSettings)

Optional. Model settings.

string

Required. Policy prompt.

enum (PolicyScope)

Required. Defines when to apply the policy check during the conversation. If set to POLICY_SCOPE_UNSPECIFIED, the policy will be applied to the user input. When applying the policy to the agent response, additional latency will be introduced before the agent can respond.

boolean

Optional. If an error occurs during the policy check, fail open and do not trigger the guardrail.

boolean

Optional. By default, the LLM policy check is bypassed for short utterances. Enabling this setting applies the policy check to all utterances, including those that would normally be skipped.

string

Optional. The LLM model that the agent should use. If not set, the agent will inherit the model from its parent agent.

number

Optional. If set, this temperature will be used for the LLM model. Temperature controls the randomness of the model's responses. Lower temperatures produce responses that are more predictable. Higher temperatures produce responses that are more creative.

object (SafetySetting)

Required. List of safety settings.

enum (HarmCategory)

Required. The harm category.

enum (HarmBlockThreshold)

Required. The harm block threshold.

object (Callback)

Optional. The callback to execute before the agent is called. Each callback function is expected to return a structure (e.g., a dict or object) containing at least: - 'decision': Either 'OK' or 'TRIGGER'. - 'reason': A string explaining the decision. A 'TRIGGER' decision may halt further processing.

object (Callback)

Optional. The callback to execute after the agent is called. Each callback function is expected to return a structure (e.g., a dict or object) containing at least: - 'decision': Either 'OK' or 'TRIGGER'. - 'reason': A string explaining the decision. A 'TRIGGER' decision may halt further processing.

object (Callback)

Optional. The callback to execute before the model is called. If there are multiple calls to the model, the callback will be executed multiple times. Each callback function is expected to return a structure (e.g., a dict or object) containing at least: - 'decision': Either 'OK' or 'TRIGGER'. - 'reason': A string explaining the decision. A 'TRIGGER' decision may halt further processing.

object (Callback)

Optional. The callback to execute after the model is called. If there are multiple calls to the model, the callback will be executed multiple times. Each callback function is expected to return a structure (e.g., a dict or object) containing at least: - 'decision': Either 'OK' or 'TRIGGER'. - 'reason': A string explaining the decision. A 'TRIGGER' decision may halt further processing.

string

Optional. Human-readable description of the callback.

boolean

Optional. Whether the callback is disabled. Disabled callbacks are ignored by the agent.

boolean

Optional. If enabled, the callback will also be executed on intermediate model outputs. This setting only affects after model callback. ENABLE WITH CAUTION. Typically after model callback only needs to be executed after receiving all model responses. Enabling proactive execution may have negative implication on the execution cost and latency, and should only be enabled in rare situations.

string

Required. The python code to execute for the callback.

object (RespondImmediately)

Optional. Immediately respond with a preconfigured response.

object (TransferAgent)

Optional. Transfer the conversation to a different agent.

object (GenerativeAnswer)

Optional. Respond with a generative answer.

object (Response)

Required. The canned responses for the agent to choose from. The response is chosen randomly.

string

Required. Text for the agent to respond with.

boolean

Optional. Whether the response is disabled. Disabled responses are not used by the agent.

string

Required. The name of the agent to transfer the conversation to. The agent must be in the same app as the current agent. Format: projects/{project}/locations/{location}/apps/{app}/agents/{agent}

string

Required. The prompt to use for the generative answer.

string (int64 format)

Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be between -62135596800 and 253402300799 inclusive (which corresponds to 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z).

integer

Non-negative fractions of a second at nanosecond resolution. This field is the nanosecond portion of the duration, not an alternative to seconds. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be between 0 and 999,999,999 inclusive.

string

Identifier. The unique identifier of the guardrail. Format: projects/{project}/locations/{location}/apps/{app}/guardrails/{guardrail}

string

Required. Display name of the guardrail.

string

Optional. Description of the guardrail.

boolean

Optional. Whether the guardrail is enabled.

object (TriggerAction)

Optional. Action to take when the guardrail is triggered.

string (Timestamp format)

Output only. Timestamp when the guardrail was created.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

string (Timestamp format)

Output only. Timestamp when the guardrail was last updated.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

string

Etag used to ensure the object hasn't changed during a read-modify-write operation. If the etag is empty, the update will overwrite any concurrent changes.

object (ContentFilter)

Optional. Guardrail that bans certain content from being used in the conversation.

object (LlmPromptSecurity)

Optional. Guardrail that blocks the conversation if the prompt is considered unsafe based on the LLM classification.

object (LlmPolicy)

Optional. Guardrail that blocks the conversation if the LLM response is considered violating the policy based on the LLM classification.

object (ModelSafety)

Optional. Guardrail that blocks the conversation if the LLM response is considered unsafe based on the model safety settings.

object (CodeCallback)

Optional. Guardrail that potentially blocks the conversation based on the result of the callback execution.

string

Optional. List of banned phrases. Applies to both user inputs and agent responses.

string

Optional. List of banned phrases. Applies only to user inputs.

string

Optional. List of banned phrases. Applies only to agent responses.

enum (MatchType)

Required. Match type for the content filter.

boolean

Optional. If true, diacritics are ignored during matching.

boolean

Optional. Determines the behavior when the guardrail encounters an LLM error. - If true: the guardrail is bypassed. - If false (default): the guardrail triggers/blocks.

Note: If a custom policy is provided, this field is ignored in favor of the policy's 'fail_open' configuration.

object (DefaultSecuritySettings)

Optional. Use the system's predefined default security settings. To select this mode, include an empty 'default_settings' message in the request. The 'default_prompt_template' field within will be populated by the server in the response.

object (LlmPolicy)

Optional. Use a user-defined LlmPolicy to configure the security guardrail.

string

Output only. The default prompt template used by the system. This field is for display purposes to show the user what prompt the system uses by default. It is OUTPUT_ONLY.

integer

Optional. When checking this policy, consider the last 'n' messages in the conversation. When not set a default value of 10 will be used.

object (ModelSettings)

Optional. Model settings.

string

Required. Policy prompt.

enum (PolicyScope)

Required. Defines when to apply the policy check during the conversation. If set to POLICY_SCOPE_UNSPECIFIED, the policy will be applied to the user input. When applying the policy to the agent response, additional latency will be introduced before the agent can respond.

boolean

Optional. If an error occurs during the policy check, fail open and do not trigger the guardrail.

boolean

Optional. By default, the LLM policy check is bypassed for short utterances. Enabling this setting applies the policy check to all utterances, including those that would normally be skipped.

string

Optional. The LLM model that the agent should use. If not set, the agent will inherit the model from its parent agent.

number

Optional. If set, this temperature will be used for the LLM model. Temperature controls the randomness of the model's responses. Lower temperatures produce responses that are more predictable. Higher temperatures produce responses that are more creative.

object (SafetySetting)

Required. List of safety settings.

enum (HarmCategory)

Required. The harm category.

enum (HarmBlockThreshold)

Required. The harm block threshold.

object (Callback)

Optional. The callback to execute before the agent is called. Each callback function is expected to return a structure (e.g., a dict or object) containing at least: - 'decision': Either 'OK' or 'TRIGGER'. - 'reason': A string explaining the decision. A 'TRIGGER' decision may halt further processing.

object (Callback)

Optional. The callback to execute after the agent is called. Each callback function is expected to return a structure (e.g., a dict or object) containing at least: - 'decision': Either 'OK' or 'TRIGGER'. - 'reason': A string explaining the decision. A 'TRIGGER' decision may halt further processing.

object (Callback)

Optional. The callback to execute before the model is called. If there are multiple calls to the model, the callback will be executed multiple times. Each callback function is expected to return a structure (e.g., a dict or object) containing at least: - 'decision': Either 'OK' or 'TRIGGER'. - 'reason': A string explaining the decision. A 'TRIGGER' decision may halt further processing.

object (Callback)

Optional. The callback to execute after the model is called. If there are multiple calls to the model, the callback will be executed multiple times. Each callback function is expected to return a structure (e.g., a dict or object) containing at least: - 'decision': Either 'OK' or 'TRIGGER'. - 'reason': A string explaining the decision. A 'TRIGGER' decision may halt further processing.

string

Optional. Human-readable description of the callback.

boolean

Optional. Whether the callback is disabled. Disabled callbacks are ignored by the agent.

boolean

Optional. If enabled, the callback will also be executed on intermediate model outputs. This setting only affects after model callback. ENABLE WITH CAUTION. Typically after model callback only needs to be executed after receiving all model responses. Enabling proactive execution may have negative implication on the execution cost and latency, and should only be enabled in rare situations.

string

Required. The python code to execute for the callback.

object (RespondImmediately)

Optional. Immediately respond with a preconfigured response.

object (TransferAgent)

Optional. Transfer the conversation to a different agent.

object (GenerativeAnswer)

Optional. Respond with a generative answer.

object (Response)

Required. The canned responses for the agent to choose from. The response is chosen randomly.

string

Required. Text for the agent to respond with.

boolean

Optional. Whether the response is disabled. Disabled responses are not used by the agent.

string

Required. The name of the agent to transfer the conversation to. The agent must be in the same app as the current agent. Format: projects/{project}/locations/{location}/apps/{app}/agents/{agent}

string

Required. The prompt to use for the generative answer.

string (int64 format)

Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be between -62135596800 and 253402300799 inclusive (which corresponds to 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z).

integer

Non-negative fractions of a second at nanosecond resolution. This field is the nanosecond portion of the duration, not an alternative to seconds. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be between 0 and 999,999,999 inclusive.