Guardrail Rules
Configurable rules that evaluate every AI request and response.
Rule Types
| Type | Description |
|---|---|
| contains_pii | Detects emails, phone numbers, SSNs, custom PII patterns |
| contains_secret | Detects API keys, tokens, AWS keys, high-entropy strings |
| token_limit_exceeded | Enforces maximum token limits per request |
| model_allowlist | Restricts which AI models can be used |
Actions
| Action | Behavior |
|---|---|
| allow | Log the violation but allow the request |
| warn | Log a warning and allow the request |
| block | Block the request entirely |
| redact | Replace matched spans with [REDACTED:pii] or [REDACTED:secret] before storage, then allow the request. The original text is never persisted. |
How Redaction Works
Redaction happens inside the ingest layer, before encryption — raw text never reaches the database.
- The
redactionsarray in the API response lists what was redacted and the character offsets where it occurred. - The dashboard prompt/response viewer shows the redacted version because the encrypted field stores the already-redacted text.
- Redaction applies to both
ai.requestprompts andai.responseoutputs. - When redaction fires, the raw
messages/outputkeys are also removed from the stored JSONB payload.
Decision Hierarchy
When multiple rules fire, the strictest action wins: block > redact > warn > allow.
Managing Rules
Rules are managed per-app in the dashboard under the Rules tab. You can create, edit, enable/disable, and delete rules. Each rule can be scoped to a specific environment or applied to all environments.