Docs menu

Guides

Guardrails

Guardrails check request content before it reaches your handlers or your LLM: PII detection, prompt-injection detection, and token/length limits. Violations are rejected with HTTP 422.

Standard and strict chains

Go
// Standard: PII + injection + 100KB limit
chain := rateguard.StandardGuardrails()

// Strict: PII + injection + 32K token limit + 50KB limit
chain = rateguard.StrictGuardrails()

Wire into the middleware

Go — every request body checked automatically
rg := rateguard.New(rateguard.Config{
    Preset:     "standard",
    Guardrails: rateguard.StandardGuardrails(), // violations → 422
})

Custom guardrails

Go
myGuardrail := MyCustomGuardrail{}

chain := rateguard.NewGuardrailChain(
    rateguard.NewPIIGuardrail(),
    rateguard.NewPromptInjectionGuardrail(),
    myGuardrail,
)

if v := chain.Check(prompt); v != nil {
    rateguard.WriteGuardrailReject(w, v) // HTTP 422
}

Note

Guardrails are a defense-in-depth layer, not a substitute for provider-side safety systems. They catch the obvious cases (a PAN number in a prompt, a "ignore previous instructions" injection) at zero added latency, inside your process.