Skip to content

Guardrails Library Overview

The elsai Guardrails library provides core classes and functions for implementing guardrails in your LLM applications.

Core Classes

GuardrailSystem

The main class for performing guardrail checks on text content.

Key Features:

  • Toxicity detection
  • Sensitive data detection
  • Content classification
  • Off-topic detection
  • SQL syntax validation
  • PII/PHI detection and data masking
  • Token budget enforcement
  • Tool authorization (agent hooks)
  • Rate limiting (agent hooks)
  • Data exfiltration detection (output)
  • ARMS storage (Backend persistence)
  • Input and output validation

See GuardrailSystem for details.

LLMRails

High-level class that combines LLM generation with guardrail checks.

Key Features:

  • Integrated LLM and guardrails
  • Automatic input/output validation
  • Token budget enforcement (when enabled in config)
  • Detailed result reporting
  • Async support

See LLMRails for details.

GuardrailResult

Result object returned from guardrail checks.

Contains:

  • passed: Whether checks passed
  • toxicity: Toxicity detection results
  • sensitive_data: Sensitive data detection results
  • semantic_class: Content classification result
  • exfiltration: Data exfiltration detection result (output checks)
  • message: Human-readable message

See GuardrailResult for details.

TokenBudgetEnforcer

Standalone class for token budget enforcement in custom LLM pipelines.

Key Features:

  • Pre-flight input context validation
  • Post-flight response token validation
  • YAML or programmatic configuration
  • Full-context calculation including system prompts, history, and RAG context

See Token Budget Enforcement for details.

Agent Hook Methods

For tool authorization and rate limiting, initialize with GuardrailPolicy and use hook methods in your agent graph:

python
from elsai_guardrails.guardrails import GuardrailSystem, ToolCallCheckResult
from elsai_guardrails.guardrails.guardrail_policy import GuardrailPolicy

guardrails = GuardrailSystem(
    guardrail_policy=GuardrailPolicy.from_file("config.yaml"),
)
MethodPurpose
before_tool_call(tool_name, user_role, metadata, raise_on_block)Authorize a tool call before execution
before_request(session_id, raise_on_block)Check per-session request limit before LLM call
check_tool_call_limit(session_id, raise_on_block)Peek at tool call quota before execution
record_tool_call(session_id)Record a tool call when it actually runs
start_execution_timer() / end_execution_timer(t)Track cumulative tool execution time
create_session() / get_session(session_id)Manage rate-limit session state
link_arms(arms) / link_run_context(...)Align storage with ARMS run ids
begin_run() / end_run()Start and flush a storage run lifecycle
storage_run_context(...)Context manager for pinned run ids

See Tool Authorization, Rate Limiting, ARMS Storage, and Data Exfiltration Detection for integration examples.

Configuration Classes

RailsConfig

Configuration container for the entire rails system.

GuardrailConfig

Configuration for guardrail behavior and thresholds.

Quick Example

python
from elsai_guardrails.guardrails import GuardrailSystem, GuardrailConfig

# Create guardrail system with all features
config = GuardrailConfig(
    check_toxicity=True,
    check_sensitive_data=True,
    check_semantic=True,
    check_off_topic=True,
    check_sql_syntax=True,
    allowed_topics=[
        {"name": "Support", "description": "Customer support topics"}
    ],
    sql_dialect="mysql"
)
guardrail = GuardrailSystem(config=config)

# Check text
result = guardrail.check_input("Hello, this is a test")
print(f"Passed: {result.passed}")

Next Steps

Copyright © 2026 elsai foundry.