Guardrails - Bifrost

Overview

Guardrails in Bifrost provide enterprise-grade content safety, security validation, and policy enforcement for LLM requests and responses. The system validates inputs and outputs in real-time against your specified policies, ensuring responsible AI deployment with protection against harmful content, prompt injection, PII leakage, credential leakage, and policy violations.

Supported Providers

Secrets Detection

Built-in Gitleaks-backed detection for leaked API keys, tokens, private keys, and credentials.

Custom Regex

In-process regex guardrails, including the built-in PII Detection template.

AWS Bedrock Guardrails

Enterprise content filtering, PII detection, and prompt attack prevention.

Azure Content Safety

Multi-modal content moderation with severity-based filtering.

Google Model Armor

Google Cloud policy enforcement for prompt injection, content safety, malicious URLs, and Sensitive Data Protection.

https://mintcdn.com/bifrost/wFrDZv1Otf3EDPGR/media/crowdstrike-card.svg?fit=max&auto=format&n=wFrDZv1Otf3EDPGR&q=85&s=d665d7c03327b1cd2ba8f6077ba7139f

CrowdStrike AIDR

Inline AI threat detection, policy enforcement, redaction, and AIDR audit visibility.

GraySwan Cygnal

AI safety monitoring with natural language rule definitions.

Patronus AI

LLM security, hallucination detection, and safety evaluation.

Core Concepts

Bifrost Guardrails are built around two core concepts that work together to provide flexible and powerful content protection:

Concept	Description
Rules	Custom policies defined using CEL (Common Expression Language) that determine what content to validate and when. Rules can apply to inputs, outputs, or both, and can be linked to one or more profiles for evaluation.
Profiles	Configurations for guardrail providers, including Bifrost-native providers (Custom Regex, Secrets Detection) and external providers (AWS Bedrock, Azure Content Safety, Google Model Armor, CrowdStrike AIDR, GraySwan, Patronus AI). Profiles are reusable and can be shared across multiple rules.

How They Work Together:

Profiles define how content is evaluated using native Bifrost checks or external provider capabilities
Rules define when and what content gets evaluated using CEL expressions
A single rule can use multiple profiles for layered protection
Profiles can be reused across different rules for consistency

Key Features

Feature	Description
Multi-Provider Support	Bifrost-native Custom Regex and Secrets Detection, plus AWS Bedrock, Azure Content Safety, Google Model Armor, CrowdStrike AIDR, GraySwan, and Patronus AI integrations
Dual-Stage Validation	Guard both inputs (prompts) and outputs (responses)
Real-Time Processing	Synchronous and asynchronous validation modes
CEL-Based Rules	Define custom policies using Common Expression Language
Reusable Profiles	Configure providers once, use across multiple rules
Sampling Control	Apply rules to a percentage of requests for performance tuning
Automatic Remediation	Block, redact, or modify content based on policy
Comprehensive Logging	Detailed audit trails for compliance

Navigating Guardrails in the UI

Access Guardrails from the Bifrost dashboard:

Page	Path	Description
Configuration	Guardrails > Configuration	Manage guardrail rules and their settings
Providers	Guardrails > Providers	Configure and manage guardrail profiles

Architecture

The following diagram illustrates how Rules and Profiles work together to validate LLM requests: Flow Description:

Incoming Request - LLM request arrives at Bifrost
Input Validation - Applicable rules evaluate the input using linked profiles
LLM Processing - If input passes, request is forwarded to the LLM provider
Output Validation - Response is evaluated by output rules using linked profiles
Response - Validated response is returned (or blocked/modified based on violations)

Guardrail Rules

Guardrail Rules are custom policies that define when and how content validation occurs. Rules use CEL (Common Expression Language) expressions to evaluate requests and can be linked to one or more profiles for execution.

Rule Properties

Property	Type	Required	Description
`id`	integer	Yes	Unique identifier for the rule
`name`	string	Yes	Descriptive name for the rule
`description`	string	No	Explanation of what the rule does
`enabled`	boolean	Yes	Whether the rule is active
`cel_expression`	string	Yes	CEL expression for rule evaluation
`apply_to`	enum	Yes	When to apply: `input`, `output`, or `both`
`sampling_rate`	integer	No	Percentage of requests to evaluate (0-100)
`timeout`	integer	No	Execution timeout in seconds (default: 60)
`provider_config_ids`	array	No	IDs of profiles to use for evaluation

Creating Rules

Web UI
API
config.json
Helm

Navigate to Rules
- Go to Guardrails > Configuration
- Click Add Rule

Configure Rule Settings

Basic Information:

Name: Enter a descriptive name (e.g., “Block PII in Prompts”)
Description: Explain the rule’s purpose
Enabled: Toggle to activate the rule

Evaluation Settings:

Apply To: Select when to apply the rule
- input - Validate incoming prompts only
- output - Validate LLM responses only
- both - Validate both inputs and outputs
CEL Expression: Define the validation logic
Sampling Rate: Set percentage of requests to evaluate (default: 100%)
Timeout: Set maximum execution time in seconds (default: 60)

Link Profiles
- Select one or more profiles to use for evaluation
- Rules will execute all linked profiles in sequence
Save and Test
- Click Save Rule
- Use the Test button to validate with sample content

The HTTP API uses camelCase field names (celExpression, applyTo, samplingRate, selectedGuardrailProfiles). Profiles are referenced as "<provider-type>:<config-id>" strings (for example, "regex:1", "patronus-ai:6").Create a Guardrail Rule:

curl -X POST http://localhost:8080/api/guardrails/rules \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Block PII in Prompts",
    "description": "Prevent PII from being sent to LLM providers",
    "enabled": true,
    "celExpression": "request.messages.exists(m, m.role == \"user\")",
    "applyTo": "input",
    "samplingRate": 100,
    "timeout": 5000,
    "selectedGuardrailProfiles": ["regex:1", "bedrock:2"]
  }'

List All Rules:

curl -X GET http://localhost:8080/api/guardrails/rules \
  -H "Content-Type: application/json"

# Response
{
  "count": 1,
  "limit": 1,
  "offset": 0,
  "rules": [
    {
      "id": 1,
      "name": "Block PII in Prompts",
      "description": "Prevent PII from being sent to LLM providers",
      "enabled": true,
      "celExpression": "request.messages.exists(m, m.role == \"user\")",
      "applyTo": "input",
      "samplingRate": 100,
      "timeout": 5000,
      "selectedGuardrailProfiles": ["regex:1", "bedrock:2"]
    }
  ]
}

Update a Rule:PUT revalidates against the full rule schema. Send the complete rule body (same shape as POST), not a patch.

curl -X PUT http://localhost:8080/api/guardrails/rules/1 \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Block PII in Prompts",
    "description": "Prevent PII from being sent to LLM providers",
    "enabled": false,
    "celExpression": "request.messages.exists(m, m.role == \"user\")",
    "applyTo": "input",
    "samplingRate": 50,
    "timeout": 5000,
    "selectedGuardrailProfiles": ["regex:1", "bedrock:2"]
  }'

Delete a Rule:

curl -X DELETE http://localhost:8080/api/guardrails/rules/1

{
  "guardrails_config": {
    "guardrail_rules": [
      {
        "id": 1,
        "name": "Block PII in Prompts",
        "description": "Prevent PII from being sent to LLM providers",
        "enabled": true,
        "cel_expression": "request.messages.exists(m, m.role == \"user\")",
        "apply_to": "input",
        "sampling_rate": 100,
        "timeout": 5000,
        "provider_config_ids": [1, 2]
      },
      {
        "id": 2,
        "name": "Content Filter for Responses",
        "description": "Filter harmful content from LLM responses",
        "enabled": true,
        "cel_expression": "true",
        "apply_to": "output",
        "sampling_rate": 100,
        "timeout": 3000,
        "provider_config_ids": [2]
      },
      {
        "id": 3,
        "name": "Prompt Injection Detection",
        "description": "Detect and block prompt injection attempts",
        "enabled": true,
        "cel_expression": "request.messages.size() > 0",
        "apply_to": "input",
        "sampling_rate": 100,
        "timeout": 2000,
        "provider_config_ids": [1]
      }
    ]
  }
}

guardrails_config:
  guardrail_rules:
    - id: 1
      name: "Block PII in Prompts"
      description: "Prevent PII from being sent to LLM providers"
      enabled: true
      cel_expression: "request.messages.exists(m, m.role == 'user')"
      apply_to: "input"
      sampling_rate: 100
      timeout: 5000
      provider_config_ids: [1, 2]
    - id: 2
      name: "Content Filter for Responses"
      description: "Filter harmful content from LLM responses"
      enabled: true
      cel_expression: "true"
      apply_to: "output"
      sampling_rate: 100
      timeout: 3000
      provider_config_ids: [2]

CEL Expression Examples

CEL (Common Expression Language) provides a powerful way to define rule conditions. Here are common patterns: Always Apply Rule:

true

Apply to User Messages Only:

request.messages.exists(m, m.role == "user")

Apply to Messages Containing Keywords:

request.messages.exists(m, m.content.contains("confidential"))

Apply Based on Model:

request.model.startsWith("gpt-4")

Apply to Long Prompts:

request.messages.filter(m, m.role == "user").map(m, m.content.size()).sum() > 1000

Combine Multiple Conditions:

request.model.startsWith("gpt-4") && request.messages.exists(m, m.role == "user" && m.content.size() > 500)

Linking Rules to Profiles

Rules can be linked to multiple profiles for comprehensive validation:

Rule configuration showing linked profiles

Best Practices:

Link credential-leakage rules to Secrets Detection
Link PII detection rules to profiles with PII capabilities (Custom Regex PII template, Bedrock, Patronus)
Link content filtering rules to profiles with content safety features (Azure, Bedrock, GraySwan)
Use GraySwan for custom natural language rules when you need flexible, readable policies
Use multiple profiles for defense-in-depth (e.g., Bedrock + Patronus for PII, Azure + GraySwan for content)
Set appropriate timeouts when using multiple profiles

Managing Profiles

Profiles are reusable configurations for guardrail providers. External providers include credentials, endpoints, and detection thresholds. Bifrost-native providers such as Custom Regex and Secrets Detection run locally and do not require external service credentials.

Guardrail profiles list showing configured providers

Profile Properties

Property	Type	Required	Description
`id`	integer	Yes	Unique identifier for the profile
`provider_name`	string	Yes	Provider type: `regex`, `secrets`, `bedrock`, `azure`, `model-armor`, `crowdstrike-aidr`, `grayswan`, `patronus-ai`
`policy_name`	string	Yes	Descriptive name for the policy
`enabled`	boolean	Yes	Whether the profile is active
`config`	object	No	Provider-specific configuration

Creating Profiles

Web UI
API
config.json
Helm

Navigate to Providers
- Go to Guardrails > Providers
- Click Add Profile

Select Provider Type
- Choose from: Secrets Detection, Custom Regex, AWS Bedrock, Azure Content Safety, Google Model Armor, CrowdStrike AIDR, GraySwan, or Patronus AI
Configure Provider Settings
- Enter credentials and endpoint information for external providers, or local settings for native providers
- Configure detection thresholds and actions
- See provider-specific setup sections above for detailed configuration
Save Profile
- Click Save Profile
- The profile is now available for linking to rules

Profiles are managed per provider type at /api/guardrails/{provider}, where {provider} is one of secrets, regex, bedrock, azure, model-armor, crowdstrike-aidr, grayswan, or patronus-ai. The API assigns the configuration ID after creation.Create a Profile:

curl -X POST http://localhost:8080/api/guardrails/bedrock \
  -H "Content-Type: application/json" \
  -d '{
    "name": "PII Detection Profile",
    "enabled": true,
    "config": {
      "access_key": "env.AWS_ACCESS_KEY_ID",
      "secret_key": "env.AWS_SECRET_ACCESS_KEY",
      "guardrail_arn": "arn:aws:bedrock:us-east-1:123456789:guardrail/abc123",
      "guardrail_version": "1",
      "region": "us-east-1"
    }
  }'

List All Profiles (grouped by provider):

curl -X GET http://localhost:8080/api/guardrails \
  -H "Content-Type: application/json"

# Response
[
  {
    "name": "regex",
    "configs": [
      { "id": 1, "name": "PII Detection", "enabled": true, "patterns": [...] }
    ]
  },
  {
    "name": "bedrock",
    "configs": [
      { "id": 2, "name": "PII Detection Profile", "enabled": true, "guardrail_arn": "...", "region": "us-east-1" }
    ]
  }
]

To list only a single provider’s profiles, hit the provider path directly: GET /api/guardrails/bedrock.Update a Profile:

curl -X PUT http://localhost:8080/api/guardrails/bedrock \
  -H "Content-Type: application/json" \
  -d '{
    "id": 1,
    "name": "PII Detection Profile",
    "enabled": false
  }'

Delete a Profile:

curl -X DELETE http://localhost:8080/api/guardrails/bedrock \
  -H "Content-Type: application/json" \
  -d '{"id": 1}'

{
  "guardrails_config": {
    "guardrail_providers": [
        {
          "id": 1,
          "provider_name": "secrets",
          "policy_name": "Block Leaked Credentials",
          "enabled": true,
          "config": {
            "ignored_secret_keywords": ["example", "dummy"]
          }
        },
        {
          "id": 2,
          "provider_name": "regex",
          "policy_name": "PII Detection",
          "enabled": true,
          "config": {
            "patterns": [
              { "pattern": "\\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,}\\b", "description": "Email address", "flags": "i" },
              { "pattern": "\\b\\d{3}-\\d{2}-\\d{4}\\b", "description": "US Social Security Number" }
            ]
          }
        },
        {
          "id": 3,
          "provider_name": "bedrock",
          "policy_name": "PII Detection Profile",
          "enabled": true,
          "config": {
            "access_key": "env.AWS_ACCESS_KEY_ID",
            "secret_key": "env.AWS_SECRET_ACCESS_KEY",
            "guardrail_arn": "arn:aws:bedrock:us-east-1:123456789:guardrail/abc123",
            "guardrail_version": "1",
            "region": "us-east-1"
          }
        },
        {
          "id": 4,
          "provider_name": "azure",
          "policy_name": "Content Safety Profile",
          "enabled": true,
          "config": {
            "endpoint": "https://your-resource.cognitiveservices.azure.com/",
            "api_key": "env.AZURE_CONTENT_SAFETY_API_KEY",
            "analyze_enabled": true,
            "analyze_severity_threshold": "medium",
            "jailbreak_shield_enabled": true,
            "indirect_attack_shield_enabled": true
          }
        },
        {
          "id": 5,
          "provider_name": "model-armor",
          "policy_name": "Google Model Armor Production",
          "enabled": true,
          "timeout": 30,
          "config": {
            "auth_type": "default_credential",
            "project_id": "env.GCP_PROJECT_ID",
            "location": "env.GCP_LOCATION",
            "template_id": "env.GMA_TEMPLATE_ID"
          }
        },
        {
          "id": 6,
          "provider_name": "crowdstrike-aidr",
          "policy_name": "CrowdStrike AIDR Production",
          "enabled": true,
          "timeout": 30,
          "config": {
            "api_key": "env.CS_AIDR_TOKEN",
            "base_url": "env.CS_AIDR_BASE_URL",
            "app_id": "bifrost-production",
            "collector_instance_id": "prod-us-east-1"
          }
        },
        {
          "id": 7,
          "provider_name": "grayswan",
          "policy_name": "Custom Safety Rules",
          "enabled": true,
          "config": {
            "api_key": "env.GRAYSWAN_API_KEY",
            "violation_threshold": 0.5,
            "reasoning_mode": "hybrid",
            "rules": {
              "no_pii": "Do not allow personally identifiable information",
              "professional_tone": "Ensure responses maintain a professional tone"
            }
          }
        },
        {
          "id": 8,
          "provider_name": "patronus-ai",
          "policy_name": "Patronus Quality Checks",
          "enabled": true,
          "config": {
            "api_key": "env.PATRONUS_API_KEY",
            "base_url": "https://api.patronus.ai",
            "evaluators": [
              {
                "evaluator": "pii",
                "explain_strategy": "on-fail"
              },
              {
                "evaluator": "judge",
                "criteria": "patronus:is-concise",
                "explain_strategy": "on-fail"
              }
            ],
            "capture": "none"
          }
        }
      ]
    }
  }

guardrails_config:
  guardrail_providers:
    - id: 1
      provider_name: "secrets"
      policy_name: "Block Leaked Credentials"
      enabled: true
      config:
        ignored_secret_keywords:
          - "example"
          - "dummy"
    - id: 2
      provider_name: "regex"
      policy_name: "PII Detection"
      enabled: true
      config:
        patterns:
          - pattern: "\\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,}\\b"
            description: "Email address"
            flags: "i"
          - pattern: "\\b\\d{3}-\\d{2}-\\d{4}\\b"
            description: "US Social Security Number"
    - id: 3
      provider_name: "bedrock"
      policy_name: "PII Detection Profile"
      enabled: true
      config:
        guardrail_arn: "arn:aws:bedrock:us-east-1:123456789:guardrail/abc123"
        guardrail_version: "1"
        region: "us-east-1"
        # AWS Authentication (choose one method):
        # Option 1: Explicit credentials
        access_key: "env.AWS_ACCESS_KEY_ID"
        secret_key: "env.AWS_SECRET_ACCESS_KEY"
        # Option 2: IAM Role - omit access_key and secret_key
        # (Bifrost will use IAM credentials from the environment)
    - id: 4
      provider_name: "azure"
      policy_name: "Content Safety Profile"
      enabled: true
      config:
        endpoint: "https://your-resource.cognitiveservices.azure.com/"
        api_key: "env.AZURE_CONTENT_SAFETY_API_KEY"
        analyze_enabled: true
        analyze_severity_threshold: "medium"
        jailbreak_shield_enabled: true
    - id: 5
      provider_name: "model-armor"
      policy_name: "Google Model Armor Production"
      enabled: true
      timeout: 30
      config:
        auth_type: "default_credential"
        project_id: "env.GCP_PROJECT_ID"
        location: "env.GCP_LOCATION"
        template_id: "env.GMA_TEMPLATE_ID"
    - id: 6
      provider_name: "crowdstrike-aidr"
      policy_name: "CrowdStrike AIDR Production"
      enabled: true
      timeout: 30
      config:
        api_key: "env.CS_AIDR_TOKEN"
        base_url: "env.CS_AIDR_BASE_URL"
        app_id: "bifrost-production"
        collector_instance_id: "prod-us-east-1"
    - id: 7
      provider_name: "grayswan"
      policy_name: "Custom Safety Rules"
      enabled: true
      config:
        api_key: "env.GRAYSWAN_API_KEY"
        violation_threshold: 0.5
        reasoning_mode: "hybrid"
        rules:
          no_pii: "Do not allow personally identifiable information"
          professional_tone: "Ensure responses maintain a professional tone"
    - id: 8
      provider_name: "patronus-ai"
      policy_name: "Patronus Quality Checks"
      enabled: true
      config:
        api_key: "env.PATRONUS_API_KEY"
        base_url: "https://api.patronus.ai"
        evaluators:
          - evaluator: "pii"
            explain_strategy: "on-fail"
          - evaluator: "judge"
            criteria: "patronus:is-concise"
            explain_strategy: "on-fail"
        capture: "none"

Provider Capabilities

Third-party guardrail providers offer different capabilities. Bifrost-native providers are documented separately: Secrets Detection covers credential leakage, and Custom Regex covers deterministic pattern checks, including the PII Detection template.

Capability	AWS Bedrock	Azure Content Safety	Google Model Armor	CrowdStrike AIDR	GraySwan	Patronus AI
PII Detection	Yes	No	Yes	Policy-dependent	No	Yes
Content Filtering	Yes	Yes	Yes	Policy-dependent	Yes	Yes
Prompt Injection	Yes	Yes	Yes	Policy-dependent	Yes	Yes
Hallucination Detection	No	No	No	No	No	Yes
Toxicity Screening	Yes	Yes	Yes	Policy-dependent	Yes	Yes
Custom Policies	Yes	Yes	Yes	Policy-dependent	Yes	Yes
Custom Natural Language Rules	No	No	No	No	Yes	No
Image Support	Yes	No	No	No	No	No
IPI Detection	No	Yes	Yes	Policy-dependent	Yes	No
Mutation Detection	No	No	No	No	Yes	No
Output Redaction	Yes	No	Yes	Yes	No	No

CrowdStrike AIDR capabilities depend on the AIDR policy and detectors configured in CrowdStrike. Bifrost sends the request to AIDR, then enforces the returned blocked or transformed decision.

Best Practices

Profile Organization:

Create separate profiles for different use cases (PII, content filtering, etc.)
Use descriptive policy names that indicate the profile’s purpose
Keep credentials secure using environment variables

Performance Considerations:

Enable only the profiles you need to minimize latency
Use sampling rates on rules for high-traffic endpoints
Set appropriate timeouts to prevent slow requests

Security:

Store API keys and credentials in environment variables or secrets managers
Regularly rotate credentials
Use least-privilege IAM roles for AWS Bedrock
Use least-privilege Google IAM roles for Google Model Armor, such as roles/modelarmor.user or a higher Model Armor role

Using Guardrails in Requests

Attaching Guardrails to API Calls

Once configured, attach guardrails to your LLM requests using custom headers: Single Guardrail:

curl -X POST http://localhost:8080/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "x-bf-guardrail-id: bedrock-prod-guardrail" \
  -d '{
    "model": "gpt-4o-mini",
    "messages": [
      {
        "role": "user",
        "content": "Help me with this task"
      }
    ]
  }'

Multiple Guardrails (Sequential):

curl -X POST http://localhost:8080/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "x-bf-guardrail-ids: bedrock-prod-guardrail,azure-content-safety-001" \
  -d '{
    "model": "gpt-4o-mini",
    "messages": [
      {
        "role": "user",
        "content": "Help me with this task"
      }
    ]
  }'

Guardrail Configuration in Request:

curl -X POST http://localhost:8080/v1/chat/completions \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o-mini",
    "messages": [
      {
        "role": "user",
        "content": "Help me with this task"
      }
    ],
    "bifrost_config": {
      "guardrails": {
        "input": ["bedrock-prod-guardrail"],
        "output": ["patronus-ai-001"],
        "async": false
      }
    }
  }'

Guardrail Response Handling

Successful Validation (200):

{
  "id": "chatcmpl-abc123",
  "object": "chat.completion",
  "created": 1699564800,
  "model": "gpt-4o-mini",
  "choices": [
    {
      "index": 0,
      "message": {
        "role": "assistant",
        "content": "I'd be happy to help you with your task..."
      },
      "finish_reason": "stop"
    }
  ],
  "extra_fields": {
    "guardrails": {
      "input_validation": {
        "guardrail_id": "bedrock-prod-guardrail",
        "status": "passed",
        "violations": [],
        "processing_time_ms": 245
      },
      "output_validation": {
        "guardrail_id": "patronus-ai-001",
        "status": "passed",
        "violations": [],
        "processing_time_ms": 312
      }
    }
  }
}

Validation Failure - Blocked (446):

{
  "error": {
    "message": "Request blocked by guardrails",
    "type": "guardrail_violation",
    "code": 446,
    "details": {
      "guardrail_id": "bedrock-prod-guardrail",
      "validation_stage": "input",
      "violations": [
        {
          "type": "PII",
          "category": "SSN",
          "severity": "HIGH",
          "action": "block",
          "text_excerpt": "My SSN is ***-**-****"
        },
        {
          "type": "prompt_injection",
          "severity": "CRITICAL",
          "action": "block",
          "confidence": 0.95
        }
      ],
      "processing_time_ms": 198
    }
  }
}

Validation Warning - Logged (246):

{
  "id": "chatcmpl-def456",
  "object": "chat.completion",
  "created": 1699564800,
  "model": "gpt-4o-mini",
  "choices": [
    {
      "index": 0,
      "message": {
        "role": "assistant",
        "content": "Response with redacted content..."
      },
      "finish_reason": "stop"
    }
  ],
  "bifrost_metadata": {
    "guardrails": {
      "output_validation": {
        "guardrail_id": "azure-content-safety-001",
        "status": "warning",
        "violations": [
          {
            "type": "profanity",
            "severity": "LOW",
            "action": "redact",
            "modifications": 2
          }
        ],
        "processing_time_ms": 187
      }
    }
  }
}

​Overview

​Supported Providers

Secrets Detection

Custom Regex

AWS Bedrock Guardrails

Azure Content Safety

Google Model Armor

CrowdStrike AIDR

GraySwan Cygnal

Patronus AI

​Core Concepts

​Key Features

​Navigating Guardrails in the UI

​Architecture

​Guardrail Rules

​Rule Properties

​Creating Rules

​CEL Expression Examples

​Linking Rules to Profiles

​Managing Profiles

​Profile Properties

​Creating Profiles

​Provider Capabilities

​Best Practices

​Using Guardrails in Requests

​Attaching Guardrails to API Calls

​Guardrail Response Handling

Overview

Supported Providers

Core Concepts

Key Features

Navigating Guardrails in the UI

Architecture

Guardrail Rules

Rule Properties

Creating Rules

CEL Expression Examples

Linking Rules to Profiles

Managing Profiles

Profile Properties

Creating Profiles

Provider Capabilities

Best Practices

Using Guardrails in Requests

Attaching Guardrails to API Calls

Guardrail Response Handling