Skip to content

Built-in Guardrails Overview

Pydantic AI Guardrails includes 16 ready-to-use guardrails for common validation scenarios. All guardrails are factory functions that return configured InputGuardrail or OutputGuardrail instances.

Input guardrails validate user prompts before they reach the LLM.

GuardrailPurposeImport
length_limit()Limit prompt length by chars or tokensguardrails.input
pii_detector()Detect PII (email, phone, SSN, etc.)guardrails.input
prompt_injection()Detect prompt injection attacksguardrails.input
toxicity_detector()Detect toxic/harmful contentguardrails.input
blocked_keywords()Block specific words or phrasesguardrails.input
rate_limiter()Rate limit requestsguardrails.input
from pydantic_ai_guardrails.guardrails.input import (
length_limit,
pii_detector,
prompt_injection,
toxicity_detector,
blocked_keywords,
rate_limiter,
)

Output guardrails validate LLM responses after generation but before returning to users.

GuardrailPurposeImport
secret_redaction()Detect leaked secrets/API keysguardrails.output
llm_judge()LLM-as-a-judge quality evaluationguardrails.output
json_validator()Validate JSON output structureguardrails.output
regex_match()Match output against regex patternsguardrails.output
no_refusals()Detect when LLM refuses to answerguardrails.output
min_length()Ensure minimum response lengthguardrails.output
require_tool_use()Ensure specific tools were calledguardrails.output
tool_allowlist()Restrict which tools can be calledguardrails.output
validate_tool_parameters()Validate tool call argumentsguardrails.output
hallucination_detector()Detect potential hallucinationsguardrails.output
from pydantic_ai_guardrails.guardrails.output import (
secret_redaction,
llm_judge,
json_validator,
regex_match,
no_refusals,
min_length,
require_tool_use,
tool_allowlist,
validate_tool_parameters,
hallucination_detector,
)
from pydantic_ai import Agent
from pydantic_ai_guardrails import GuardedAgent
from pydantic_ai_guardrails.guardrails.input import (
length_limit,
pii_detector,
prompt_injection,
)
from pydantic_ai_guardrails.guardrails.output import (
secret_redaction,
llm_judge,
)
agent = Agent('openai:gpt-4o')
guarded_agent = GuardedAgent(
agent,
input_guardrails=[
length_limit(max_chars=2000),
pii_detector(),
prompt_injection(sensitivity='high'),
],
output_guardrails=[
secret_redaction(),
llm_judge(criteria='Is the response helpful?', threshold=0.7),
],
)
ConcernRecommended Guardrails
Prompt injectionprompt_injection(), blocked_keywords()
Data leakagepii_detector(), secret_redaction()
Abuse preventionrate_limiter(), length_limit(), toxicity_detector()
Tool safetytool_allowlist(), validate_tool_parameters()
ConcernRecommended Guardrails
Response qualityllm_judge(), min_length()
Format compliancejson_validator(), regex_match()
Completenessno_refusals(), require_tool_use()
Accuracyhallucination_detector(), llm_judge()
RequirementRecommended Guardrails
GDPR/HIPAApii_detector()
Content moderationtoxicity_detector()
Audit trailEnable telemetry
Human reviewHuman-in-the-loop

Guardrails have different performance characteristics:

SpeedGuardrails
Fast (under 5ms)length_limit(), blocked_keywords(), rate_limiter()
Medium (10-50ms)pii_detector(), prompt_injection(), secret_redaction(), regex_match()
Slow (100ms+)llm_judge(), toxicity_detector() (ML-based)

All built-in guardrails can be customized via parameters. For more complex logic, see Custom Guardrails.