Interface IGuardrailService

Contract for implementing custom guardrail logic.

Guardrails intercept content at two points:

  1. Input - Before user messages enter the orchestration pipeline
  2. Output - Before agent responses are streamed to the client

Both methods are optional—implement only what you need.

Example: Basic content filter

class ContentFilterGuardrail implements IGuardrailService {
  async evaluateInput({ input }: GuardrailInputPayload) {
    if (input.textInput?.includes('prohibited')) {
      return {
        action: GuardrailAction.BLOCK,
        reason: 'Input contains prohibited content',
        reasonCode: 'CONTENT_BLOCKED'
      };
    }
    return null; // Allow
  }
}

Example: Mid-stream "changing mind" (cost ceiling)

class CostCeilingGuardrail implements IGuardrailService {
  config = { evaluateStreamingChunks: true };
  private tokenCount = 0;

  async evaluateOutput({ chunk }: GuardrailOutputPayload) {
    if (chunk.type === 'TEXT_DELTA') {
      this.tokenCount += chunk.textDelta?.length ?? 0;
      if (this.tokenCount > 5000) {
        // "Change mind" - stop mid-stream
        return {
          action: GuardrailAction.BLOCK,
          reason: 'Response exceeded cost ceiling'
        };
      }
    }
    return null;
  }
}

Example: PII redaction mid-stream

class PIIRedactionGuardrail implements IGuardrailService {
  config = { evaluateStreamingChunks: true, maxStreamingEvaluations: 100 };

  async evaluateOutput({ chunk }: GuardrailOutputPayload) {
    if (chunk.type === 'TEXT_DELTA' && chunk.textDelta) {
      const redacted = chunk.textDelta.replace(
        /\b\d{3}-\d{2}-\d{4}\b/g,
        '[SSN REDACTED]'
      );
      if (redacted !== chunk.textDelta) {
        return {
          action: GuardrailAction.SANITIZE,
          modifiedText: redacted,
          reasonCode: 'PII_REDACTED'
        };
      }
    }
    return null;
  }
}
interface IGuardrailService {
    config?: GuardrailConfig;
    evaluateInput?(payload): Promise<null | GuardrailEvaluationResult>;
    evaluateOutput?(payload): Promise<null | GuardrailEvaluationResult>;
}

Hierarchy (view full)

Methods

evaluateInput? evaluateOutput?

Properties

config?

Methods

Optional evaluateInput

  • evaluateInput(payload): Promise<null | GuardrailEvaluationResult>

  • Evaluate user input before orchestration.

    Called once per request before the orchestration pipeline starts. Use this to validate, sanitize, or block user messages.

    Parameters

    Returns Promise<null | GuardrailEvaluationResult>

    Evaluation result, or null to allow without action

    Remarks

    • Return BLOCK to prevent the request from being processed
    • Return SANITIZE with modifiedText to clean the input
    • Return null or ALLOW to let the request through

Optional evaluateOutput

Properties

Optional config

config?: GuardrailConfig

Configuration for evaluation behavior. Controls streaming vs final-only evaluation and rate limiting.

Settings

Member Visibility

Theme

On This Page

evaluateInputevaluateOutputconfig