Skip to content

What's New in elsai Guardrails

Stay up to date with the latest features and improvements in elsai Guardrails.

Latest Release

Version 0.1.5 - July 2026

This release adds ARMS-backed run persistence and output data exfiltration detection:

ARMS Storage (Multi-Database)

Persist guardrail runs through the ARMS Backend to MongoDB, DynamoDB, or ClickHouse — automatically selected by your deployment.

Key Features:

  • Backend API persistence with automatic db_type discovery
  • ARMS correlation via link_arms(), link_run_context(), or environment variables
  • Buffered collection of checks, generate results, tool auth, and rate-limit events
  • Optional SHA-256 text redaction with store_raw_text: false

Learn more about ARMS Storage →

Quick Example:

yaml
guardrails:
  storage:
    enabled: true
    project: my-app
    arms_correlation: true
bash
export API_BASE_URL=https://your-arms-backend
export ELSAI_ARMS_API_KEY=your-api-key

Data Exfiltration Detection

Block or mask LLM responses that leak credentials, bulk PII, or export-style payloads.

Key Features:

  • Secret, bulk sensitive, and abnormal output detectors with risk scoring
  • Configurable warn (mask) and block thresholds
  • Output-only checks integrated with GuardrailSystem and LLMRails
  • Results persisted when ARMS storage is enabled

Learn more about Data Exfiltration Detection →

Quick Example:

yaml
guardrails:
  data_exfiltration:
    enabled: true
    action_thresholds:
      warn: 20
      block: 80
    detectors:
      secrets: true
      bulk_sensitive: true
      abnormal_patterns: true

Migration Note

Direct database storage (storage.backend: mongodb|dynamodb|clickhouse) was removed. Use ARMS Backend storage instead. See ARMS Storage.


Version 0.1.4 - June 2026

This release adds agent safety controls for tool access and abuse prevention:

Tool Authorization

Ensure agents can access only approved tools through policy-driven allowlists and role-based permissions.

Key Features:

  • Global denied_tools and role-based allowed_tools lists
  • Sensitive tool gating with explicit approval metadata
  • Pre-execution hooks via before_tool_call() for agent frameworks
  • LangGraph integration with authorization nodes

Learn more about Tool Authorization →

Quick Example:

yaml
guardrails:
  tool_authorization:
    enabled: true
    denied_tools:
      - execute_shell
    roles:
      analyst:
        allowed_tools:
          - search_web
          - calculator

Rate Limiting & Abuse Prevention

Protect systems from excessive requests, infinite loops, and denial-of-wallet attacks.

Key Features:

  • Per-session request and tool call quotas
  • Cumulative tool execution time limits
  • Session tracking with create_session() and agent hooks
  • LangGraph integration with rate-limit nodes

Learn more about Rate Limiting →

Quick Example:

yaml
guardrails:
  rate_limit:
    enabled: true
    max_requests_per_session: 5
    max_tool_calls_per_session: 50
    max_tool_execution_seconds: 60

Token Budget Enforcement Update

New block_on_exceeded policy option controls enforcement behavior:

  • true — Block requests that exceed the token budget
  • false — Emit a warning and allow processing to continue
yaml
guardrails:
  token_budget:
    enabled: true
    block_on_exceeded: true

Learn more about Token Budget Enforcement →


Version 0.1.3 - June 2026

This release adds enterprise-grade data protection and resource controls:

PII/PHI Detection and Data Masking

Identify sensitive personal and health information with configurable policies, confidence thresholds, and data masking.

Key Features:

  • Entity-based detection powered by Microsoft Presidio Analyzer
  • Support for PERSON, LOCATION, EMAIL_ADDRESS, PHONE_NUMBER, CREDIT_CARD, NRP, MEDICAL_LICENSE, US_SSN, IBAN_CODE, and IP_ADDRESS
  • Configurable confidence thresholds with per-entity overrides
  • Policy-driven actions: flag, block, review, or pass
  • Data masking and regex-based PHI pattern detection
  • Audit logging with entity type, confidence score, action taken, session ID, and timestamp

Learn more about PII/PHI Detection →

Quick Example:

yaml
guardrails:
  pii:
    enabled: true
    input_checks: true
    output_checks: true
    default_confidence_threshold: 0.5
    default_action: flag
    default_mask: true
    enable_phi_detection: true
    entity_types:
      - PERSON
      - EMAIL_ADDRESS
      - PHONE_NUMBER
      - US_SSN
    entity_policies:
      US_SSN:
        action: block
        mask: true

Token Budget Enforcement

Control token usage by computing the full request context and rejecting oversized requests before LLM processing.

Key Features:

  • Full-context token calculation including system prompts and conversation history
  • Configurable per-request and per-run token limits
  • Reserved output token allocation
  • Rejection of requests that exceed configured budgets

Learn more about Token Budget Enforcement →

Quick Example:

yaml
guardrails:
  token_budget:
    enabled: true
    input_checks: true
    max_request_tokens: 50
    max_run_tokens: 80
    reserved_output_tokens: 10

Version 0.1.2 - May 2026

Improvements:

  • Fixed bugs in off-topic detection
  • Added large text processing support for toxicity and sensitive data detection
  • Added support for elsai-model 2.0.0

Version 0.1.1 - January 2026

We're excited to announce two powerful new features that expand guardrail capabilities:

Off-Topic Detection

Keep your AI conversations focused and on-track with configurable topic boundaries.

Key Features:

  • Define multiple allowed topics with descriptive guidelines
  • Semantic matching to detect off-topic user inputs
  • Flexible blocking or detection-only modes
  • Perfect for specialized bots and assistants

Learn more about Off-Topic Detection →

Quick Example:

yaml
guardrails:
  check_off_topic: true
  block_off_topic: true
  allowed_topics:
    - name: "Product Support"
      description: "Questions about our products and services"
    - name: "Order Management"
      description: "Order tracking, shipping, and delivery inquiries"

SQL Syntax Validation

Validate SQL queries before execution to catch errors early and improve reliability.

Key Features:

  • Support for 7 major SQL dialects (PostgreSQL, MySQL, SQL Server, SQLite, MongoDB, Oracle, Redshift)
  • Detect syntax errors in user input or LLM-generated queries
  • Prevent malformed queries from reaching your database
  • Essential for text-to-SQL applications

Learn more about SQL Syntax Validation →

Quick Example:

yaml
guardrails:
  check_sql_syntax: true
  sql_dialect: "postgresql"  # or mysql, sqlserver, sqlite, mongodb, oracle, redshift

Getting Started with New Features

Try ARMS Storage

yaml
guardrails:
  storage:
    enabled: true
    project: my-app
    arms_correlation: true
python
from elsai_guardrails.guardrails import LLMRails

rails = LLMRails.from_config("config.yml")
rails.guardrail_system.link_run_context(
    run_id="run-1",
    project_id="project-1",
)
rails.generate(messages=[{"role": "user", "content": "Hello"}])
rails.guardrail_system.end_run()

Try Data Exfiltration Detection

yaml
guardrails:
  data_exfiltration:
    enabled: true
    action_thresholds:
      warn: 20
      block: 80
python
from elsai_guardrails.guardrails import GuardrailSystem, GuardrailConfig
from elsai_guardrails.guardrails.guardrail_policy import GuardrailPolicy

policy = GuardrailPolicy.from_yaml("config.yml")
guardrail = GuardrailSystem(
    config=GuardrailConfig(check_toxicity=False, check_sensitive_data=False),
    output_checks=True,
    guardrail_policy=policy,
)
result = guardrail.check_output(llm_response)
print(result.exfiltration)

Try PII/PHI Detection

python
from elsai_guardrails.guardrails import GuardrailSystem, GuardrailConfig

config = GuardrailConfig.from_yaml("config.yml")
guardrail = GuardrailSystem(config=config.guardrails)
result = guardrail.check_input("Contact John at john@example.com or 555-123-4567")

Try Token Budget Enforcement

yaml
guardrails:
  token_budget:
    enabled: true
    input_checks: true
    max_request_tokens: 50
    max_run_tokens: 80
    reserved_output_tokens: 10

Try Off-Topic Detection

python
from elsai_guardrails.guardrails import GuardrailSystem, GuardrailConfig

config = GuardrailConfig(
    check_off_topic=True,
    block_off_topic=True,
    allowed_topics=[
        {
            "name": "Tech Support",
            "description": "Technical questions and troubleshooting"
        }
    ]
)

guardrail = GuardrailSystem(config=config)
result = guardrail.check_input("What's the weather today?")  # Off-topic, will be blocked

Try SQL Syntax Validation

python
from elsai_guardrails.guardrails import GuardrailSystem, GuardrailConfig

config = GuardrailConfig(
    check_sql_syntax=True,
    sql_dialect="postgresql"
)

guardrail = GuardrailSystem(config=config)
result = guardrail.check_input("SELECT * FROM users WHERE active = true")  # Valid SQL

Previous Features

Core Guardrails

All existing guardrails continue to work seamlessly:

  • Toxicity Detection - Identify and block harmful content
  • Sensitive Data Protection - Detect PII like emails, phone numbers, credit cards
  • Semantic Classification - Prevent jailbreak attempts and malicious requests
  • Multi-LLM Support - Works with OpenAI, Anthropic, Gemini, AWS Bedrock, and more

View Documentation →

Migration Guide

Upgrading to v0.1.5 is seamless for standard guardrail configurations — all existing check policies work without changes.

Opt-in Features

New features in 0.1.5 are disabled by default:

yaml
guardrails:
  storage:
    enabled: false
  data_exfiltration:
    enabled: false

Adding New Features

yaml
guardrails:
  storage:
    enabled: true
    project: my-app
    arms_correlation: true

  data_exfiltration:
    enabled: true
    action_thresholds:
      warn: 20
      block: 80

  tool_authorization:
    enabled: true
    denied_tools:
      - execute_shell

  rate_limit:
    enabled: true
    max_requests_per_session: 5

Resources

Feedback

We'd love to hear your thoughts on the new features! If you have questions, suggestions, or issues:


Ready to get started? Quick Start Guide →

Copyright © 2026 elsai foundry.