Inspect inputs and outputs
Attach input_guardrails before a prompt reaches the model and output_guardrails before a response returns, so risky content is caught on both sides of the call.
Guardrails
Safe AI with input and output guardrails
Validate and monitor every prompt and response that flows through FastRouter. Detect and redact PII, keep models on-topic, and block toxic or malformed content - with configurable Observe and Validate actions and full per-check logging, across any model you route.
No credit card required · Free to start
Guardrails
PII Check
gr_a8f3k9m2
Stage
Output
Action
Validate
4 checks on every request
input + output · stream: false
Topic AdherencePII CheckToxicity+1
Why FastRouter Guardrails
Safety controls that travel with every model
Put the same checks in front of every provider you route to - no per-model integration, and no rewrites when you switch models.
Deterministic and LLM-judge checks
Run fast regex checks in milliseconds, then layer LLM-judge guardrails for PII, topic adherence, and toxicity when a decision needs real reasoning.
Observe first, enforce when ready
Start in Observe mode to log results without changing behavior, then switch to Validate to block any request that fails a check.
How it works
A checkpoint on every request and response
Guardrails sit inline in the gateway. Each request runs your input checks before the model, and every completion runs your output checks before it reaches your app - passing, logging, or blocking based on the action you set.
Request
User prompt
A request enters the gateway.
Input
Input guardrails
Screened before the model.
PIITopicRegEx
Model
Any routed LLM
Runs only on content that passes.
Output
Output guardrails
Screened before the reply.
ToxicityPII
Response
Safe response
Returned to your application.
All checks pass
200Request and response continue.
Observe catches a fail
246Logged, but still served.
Validate catches a fail
446Blocked before it returns.
Both directions
Apply checks to the incoming prompt, the model output, or both on the same call.
Stacked in order
Combine several guardrails per stage and they evaluate in the order you list them.
Built for non-streaming
Guardrails run on complete requests, so set stream to false when you apply them.
End-to-end coverage
Guard the prompt and the response
Reference your guardrail Config IDs on any request. Input checks run before the model sees a token, output checks run before a completion reaches your users, and you can stack several at each stage.
Screen the input
input_guardrails inspect the user's prompt before it is ever sent to the model.
Filter the output
output_guardrails check the model's response before it returns to your application.
Evaluated in order
List multiple Config IDs per stage and they run in the exact order you specify.
Request inspected
input_guardrailsPassed
“Can you email me at j••••@acme.com about pricing?”
Topic Adherence
PII Check
RedactedRouted to the model
output_guardrailsPassed
“Sure — here is a summary of our current plans.”
Toxicity Detection
Checks run in the order you list them
Detection library
From regex rules to LLM-judge intelligence
Mix deterministic checks that run in milliseconds with LLM-judge guardrails that reason about meaning. Start from templates in the dashboard and tune each one to your policy.
RegEx Check
A basic, deterministic guardrail that validates content against your own regex patterns in milliseconds.
PII Check
Detect emails, phone numbers, SSNs, and credit cards, and optionally redact them from the content.
Topic and toxicity
LLM-judge checks keep conversations on allowed topics and catch hate, harassment, and violent content.
Guardrail templates
Browse templates- Basic
RegEx Check
Validate against custom patterns
- LLM Judge
PII Check
Emails, phones, SSN, cards
- LLM Judge
Topic Adherence
Stay on allowed topics
- LLM Judge
Toxicity Detection
Hate, harassment, violence
Layer basic and LLM-judge checks for full coverage
Actions & logging
Observe to learn, Validate to enforce
Every guardrail runs in one of two modes. Observe logs failures and keeps serving traffic, Validate blocks failing requests outright, and each check is recorded with its result and cost.
Observe mode (246)
Failing checks are logged and the request still completes, so you can measure impact before enforcing.
Validate mode (446)
A failing check blocks the request immediately, returning an error instead of an unsafe result.
Logged with cost
Each response carries a guardrails object recording every check's pass state and token cost.
POST /v1/chat/completions
JSONAction
ObserveValidate
{
"model": "openai/gpt-4",
"stream": false,
"input_guardrails": ["gr_e9k2v7h5"],
"output_guardrails": ["gr_a8f3k9m2", "gr_b2n7p1q4"]
}
PII Check · failed446Blocked
Guardrail types
Pick the right check for every risk
Combine deterministic regex rules with LLM-judge guardrails for PII, topic adherence, and toxicity - each running on the input or output stage in the action you choose.
| Capability | RegEx CheckBasic | PII CheckLLM Judge | Topic AdherenceLLM Judge | Toxicity DetectionLLM Judge |
|---|---|---|---|---|
| How it evaluates | ||||
| Deterministic, no LLM call | Included | Not included | Not included | Not included |
| LLM-judge evaluation | Not included | Included | Included | Included |
| What it catches | ||||
| Custom regex patterns | Included | Not included | Not included | Not included |
| PII: emails, SSN, cards | Not included | Included | Not included | Not included |
| Off-topic conversations | Not included | Not included | Included | Not included |
| Toxic or unsafe content | Not included | Not included | Not included | Included |
| Actions & stages | ||||
| Redact matched content | Not included | Included | Not included | Not included |
| Block in Validate mode | Included | Included | Included | Included |
| Run on input or output | Included | Included | Included | Included |
Every guardrail runs in Observe or Validate mode on the input or output stage. LLM-judge checks add roughly 0.5-2s of latency and use your Default Guardrails Key.
Use cases
Built for teams shipping AI to real users
From compliance-sensitive workloads to customer-facing assistants, guardrails keep risky content out of prompts and responses.
Stop PII from leaking
Detect and optionally redact emails, phone numbers, SSNs, and credit cards before they reach a model or your users.
Keep assistants on-topic
Use Topic Adherence so support and product assistants only answer within the subjects you allow.
Block toxic content
Catch hate speech, harassment, and violent content on inputs and outputs with an LLM-judge toxicity check.
Enforce output formats
Validate responses against custom regex patterns so downstream systems always receive clean, expected data.
FAQ
Guardrails questions, answered
Guardrails validate and monitor the requests and responses that flow through your LLM gateway. They help you prevent PII exposure, keep responses on allowed topics or formats, and block toxic or inappropriate content - on both the input prompt and the model's output.
input_guardrails are applied to the incoming user prompt before it is sent to the model, while output_guardrails are applied to the model's response before it is returned to your application. You can attach multiple Config IDs at each stage, and they are evaluated in the order you list them.
Observe mode is the default and logs a guardrail failure while still processing the request, returning status code 246 so you can monitor impact. Validate mode blocks a failing request entirely and returns status code 446. A request where every check passes always returns 200. We recommend starting in Observe mode on a subset of traffic before enforcing with Validate.
Basic guardrails like the RegEx Check are deterministic and run in milliseconds. LLM-judge guardrails - PII Check, Topic Adherence, and Toxicity Detection - use an additional LLM call for more nuanced decisions and can add roughly 500ms to 2s of latency. You can layer basic and LLM-judge checks for comprehensive coverage.
Yes. The PII Check can detect emails, phone numbers, SSNs, and credit cards, and optionally redact them from the content. Each guardrail is created from a template in the dashboard, where you set its name, action, stage, and template-specific settings before copying its Config ID into your requests.
No. Guardrails do not support streaming, so set stream to false in your request payload when applying them. Each response includes a guardrails object reporting whether every input and output check passed, along with each check's token cost. LLM-judge checks consume tokens from your Default Guardrails Key.
Put guardrails in front of every model
Create your first guardrail from a template, start in Observe mode, and enforce with Validate when you are ready - in minutes.