Built-in Guardrails Overview
Pydantic AI Guardrails includes 16 ready-to-use guardrails for common validation scenarios. All guardrails are factory functions that return configured InputGuardrail or OutputGuardrail instances.
Input Guardrails
Section titled “Input Guardrails”Input guardrails validate user prompts before they reach the LLM.
| Guardrail | Purpose | Import |
|---|---|---|
length_limit() | Limit prompt length by chars or tokens | guardrails.input |
pii_detector() | Detect PII (email, phone, SSN, etc.) | guardrails.input |
prompt_injection() | Detect prompt injection attacks | guardrails.input |
toxicity_detector() | Detect toxic/harmful content | guardrails.input |
blocked_keywords() | Block specific words or phrases | guardrails.input |
rate_limiter() | Rate limit requests | guardrails.input |
Quick Import
Section titled “Quick Import”from pydantic_ai_guardrails.guardrails.input import ( length_limit, pii_detector, prompt_injection, toxicity_detector, blocked_keywords, rate_limiter,)Output Guardrails
Section titled “Output Guardrails”Output guardrails validate LLM responses after generation but before returning to users.
| Guardrail | Purpose | Import |
|---|---|---|
secret_redaction() | Detect leaked secrets/API keys | guardrails.output |
llm_judge() | LLM-as-a-judge quality evaluation | guardrails.output |
json_validator() | Validate JSON output structure | guardrails.output |
regex_match() | Match output against regex patterns | guardrails.output |
no_refusals() | Detect when LLM refuses to answer | guardrails.output |
min_length() | Ensure minimum response length | guardrails.output |
require_tool_use() | Ensure specific tools were called | guardrails.output |
tool_allowlist() | Restrict which tools can be called | guardrails.output |
validate_tool_parameters() | Validate tool call arguments | guardrails.output |
hallucination_detector() | Detect potential hallucinations | guardrails.output |
Quick Import
Section titled “Quick Import”from pydantic_ai_guardrails.guardrails.output import ( secret_redaction, llm_judge, json_validator, regex_match, no_refusals, min_length, require_tool_use, tool_allowlist, validate_tool_parameters, hallucination_detector,)Usage Example
Section titled “Usage Example”from pydantic_ai import Agentfrom pydantic_ai_guardrails import GuardedAgentfrom pydantic_ai_guardrails.guardrails.input import ( length_limit, pii_detector, prompt_injection,)from pydantic_ai_guardrails.guardrails.output import ( secret_redaction, llm_judge,)
agent = Agent('openai:gpt-4o')
guarded_agent = GuardedAgent( agent, input_guardrails=[ length_limit(max_chars=2000), pii_detector(), prompt_injection(sensitivity='high'), ], output_guardrails=[ secret_redaction(), llm_judge(criteria='Is the response helpful?', threshold=0.7), ],)Choosing the Right Guardrails
Section titled “Choosing the Right Guardrails”For Security
Section titled “For Security”| Concern | Recommended Guardrails |
|---|---|
| Prompt injection | prompt_injection(), blocked_keywords() |
| Data leakage | pii_detector(), secret_redaction() |
| Abuse prevention | rate_limiter(), length_limit(), toxicity_detector() |
| Tool safety | tool_allowlist(), validate_tool_parameters() |
For Quality
Section titled “For Quality”| Concern | Recommended Guardrails |
|---|---|
| Response quality | llm_judge(), min_length() |
| Format compliance | json_validator(), regex_match() |
| Completeness | no_refusals(), require_tool_use() |
| Accuracy | hallucination_detector(), llm_judge() |
For Compliance
Section titled “For Compliance”| Requirement | Recommended Guardrails |
|---|---|
| GDPR/HIPAA | pii_detector() |
| Content moderation | toxicity_detector() |
| Audit trail | Enable telemetry |
| Human review | Human-in-the-loop |
Performance Considerations
Section titled “Performance Considerations”Guardrails have different performance characteristics:
| Speed | Guardrails |
|---|---|
| Fast (under 5ms) | length_limit(), blocked_keywords(), rate_limiter() |
| Medium (10-50ms) | pii_detector(), prompt_injection(), secret_redaction(), regex_match() |
| Slow (100ms+) | llm_judge(), toxicity_detector() (ML-based) |
Extending Built-in Guardrails
Section titled “Extending Built-in Guardrails”All built-in guardrails can be customized via parameters. For more complex logic, see Custom Guardrails.
Next Steps
Section titled “Next Steps”- Explore individual guardrail documentation in the sidebar
- Learn about Custom Guardrails
- Set up Logfire Integration for observability