Guardrails AI

Orchestrates a chain of validators through the Guard class that execute sequentially against LLM outputs, with each validator implementing a validate() method and specifying OnFailAction strategies (exception, reask, fix, filter, noop, refrain). The framework automatically routes validation failures to appropriate handlers—reask re-prompts the LLM with context about the failure, fix applies corrective transformations, filter removes invalid content, and exception halts execution. This enables declarative composition of validation logic without imperative error handling.

Converts unstructured LLM outputs into validated, typed data structures by accepting schema definitions in three formats: RAIL (Guardrails' XML-based specification language), Pydantic models, or JSON Schema. The framework maintains a type registry that maps schema definitions to Python types, automatically generating validators for type constraints and field requirements. When the LLM output is parsed, it's coerced into the target schema with validation applied at parse time, ensuring type safety and structural correctness without manual deserialization code.

Provides a standalone server mode (guardrails server) that exposes Guards as REST API endpoints, enabling remote validation without embedding Guardrails in the application. The server handles authentication, request routing, and response serialization. Clients can invoke validation by sending HTTP requests to the server, which executes the Guard and returns validation results. This enables centralized validation infrastructure shared across multiple applications.

Provides command-line tools for managing validators (install, update, remove), configuring authentication, and deploying the Guardrails server. The CLI supports commands like `guardrails hub install`, `guardrails hub list`, `guardrails configure`, and `guardrails server start`. Configuration is stored in a credentials file that can be shared across projects. The CLI enables non-developers to manage validators and configure Guardrails without writing code.

Integrates with Pydantic models by automatically generating validators from Pydantic field definitions (type annotations, constraints, validators). When a Guard is instantiated from a Pydantic model, the framework extracts field metadata and creates validators for type checking, required fields, and custom Pydantic validators. LLM outputs are parsed into Pydantic model instances with validation applied automatically, ensuring type safety and constraint compliance.

Integrates with JSON Schema and OpenAI's function calling API by accepting JSON Schema definitions and automatically converting them to OpenAI function schemas. The framework can invoke OpenAI's function calling mode with the schema, ensuring the LLM generates structured output that matches the schema. Validation is applied to the function call result, and re-asking is supported if validation fails.

Provides a centralized marketplace (Guardrails Hub) of pre-built validators for common use cases (PII detection, toxicity, bias, hallucination, regex matching, etc.) that can be installed via CLI commands like `guardrails hub install hub://guardrails/regex_match`. The framework maintains a validator registry that maps validator names to implementations, supports versioning and dependency resolution, and allows validators to be imported declaratively in RAIL specifications or programmatically via @register_validator decorators. Custom validators can be published back to the Hub, creating a community-driven ecosystem.

Supports four execution patterns through Guard and AsyncGuard classes: synchronous blocking (Guard.__call__()), asynchronous non-blocking (AsyncGuard.__call__()), synchronous streaming (Guard.__call__(stream=True)), and asynchronous streaming (AsyncGuard.__call__(stream=True)). Streaming validation processes LLM output tokens incrementally, applying validators to partial outputs and enabling early rejection or correction before the full response is generated. This architecture allows the same Guard definition to be used across different execution contexts without code duplication.

When a validator fails with OnFailAction.reask, the Guard automatically constructs a corrective prompt that includes the original LLM output, the validation error message, and instructions to fix the issue, then re-invokes the LLM. The framework tracks re-asking history (number of attempts, error messages, corrected outputs) and enforces configurable iteration limits to prevent infinite loops. Re-ask prompts are customizable via templates, allowing teams to define domain-specific correction instructions.

Abstracts over multiple LLM providers (OpenAI, Anthropic, LiteLLM, HuggingFace) through a unified Guard interface, allowing the same validation logic to work with different model backends without code changes. The framework handles provider-specific details like API authentication, request formatting, streaming protocol differences, and function calling conventions. LLM provider selection is configured at Guard instantiation time via the `llm_api` parameter, supporting both remote APIs and local models through LiteLLM.

Enables developers to define custom validators using the @register_validator decorator, which registers the validator in a global registry with metadata (name, description, on_fail_action, etc.). Custom validators implement a validate() method that receives the value to validate and returns a ValidationResult. The framework manages validator lifecycle including initialization, dependency injection, and cleanup. Validators can be registered programmatically or discovered from Python modules, and can be composed into Guards alongside Hub validators.

Maintains detailed execution history for each Guard call, including input prompts, LLM responses, validation results, re-ask attempts, and final outputs. The framework provides telemetry and tracing capabilities that log validation decisions, error messages, and performance metrics. History can be accessed programmatically via the Guard's call history API and exported for analysis. Telemetry integrates with external observability platforms for production monitoring.

Provides context management utilities (guardrails/stores/context.py) that isolate state across concurrent Guard executions, preventing validation context from one request from leaking into another. The framework uses thread-local and async-local storage to maintain separate validation state per execution context. This enables safe concurrent use of the same Guard instance across multiple threads or async tasks without race conditions.

Provides RAIL (Reliable AI Markup Language), an XML-based domain-specific language for declaratively defining validation schemas, validators, and failure handling strategies. RAIL specifications can define data structures, field constraints, validators to apply, and re-ask behavior in a single file. Guards can be instantiated directly from RAIL files using Guard.from_rail(), making validation logic portable and version-controllable. RAIL specifications are human-readable and can be edited without code changes.