Skip to main content

Guardrails Library

NeMo Guardrails includes a library of pre-built guardrails that can be activated in any configuration without writing custom code. These guardrails provide enterprise-grade protection against common LLM risks.

What is the Guardrails Library?

The guardrails library is located in nemoguardrails/library/ and contains ready-to-use implementations for:
  • Input validation - Detecting jailbreaks, prompt injections, and unsafe user inputs
  • Output filtering - Checking for hallucinations, policy violations, and unsafe responses
  • Retrieval validation - Fact-checking against retrieved documents
  • Dialog control - Managing conversation flows and enforcing policies
  • Execution safety - Validating tool calls and action parameters
The library contains pre-built rails that can be activated in any config. You don’t need to write custom actions or prompts - just enable them in your config.yml.

Categories of Built-in Guardrails

Guardrails are organized by the stage where they execute:

Input Rails

Execute before the LLM processes user input:
  • Jailbreak Detection - Heuristic and model-based detection
  • Content Safety - Using models like Llama Guard or NeMoGuard
  • Self Check Input - LLM-based input validation
  • Sensitive Data Detection - PII masking with Presidio
  • Prompt Injection Detection - Protection against injection attacks

Output Rails

Execute after the LLM generates a response:
  • Content Safety - Validating bot responses
  • Self Check Output - LLM-based output validation
  • Hallucination Detection - Self-consistency checking
  • Sensitive Data Masking - Removing PII from responses

Retrieval Rails

Execute during RAG pipelines:
  • Fact Checking - Using AlignScore or self-check methods
  • Self Check Facts - LLM-based factual validation
  • Sensitive Data Detection - Filtering PII from retrieved chunks

Dialog Rails

Execute during multi-turn conversations:
  • Topic Control - Enforcing allowed conversation topics
  • Flow Management - Guided conversation patterns
  • Policy Enforcement - Custom business rules

Execution Rails

Execute during tool/action calls:
  • Action Input Validation - Checking parameters
  • Action Output Validation - Verifying results
  • Tool Call Authorization - Access control

Available Integrations

The library includes integrations with third-party services:
ProviderRail TypeUse Case
Llama GuardInput/OutputMeta’s content safety model
NeMoGuardInput/OutputNVIDIA’s content safety models
PresidioInput/Output/RetrievalMicrosoft’s PII detection
AlignScoreRetrievalFact checking with alignment
AutoAlignOutputAutomated fact verification
ActiveFenceInput/OutputContent moderation API
CleanlabInput/OutputData quality checking
ClavataInputPrompt injection detection
CrowdStrike AIDRInputAI threat detection
FiddlerInput/OutputML monitoring
GLiNERInput/OutputEntity recognition
Guardrails AIInput/OutputGuardrails Hub integration
PangeaInput/OutputSecurity platform
PatronusAIOutputLLM evaluation
Private AIInput/OutputPII detection
Prompt SecurityInputInjection detection
RegexInput/OutputPattern matching
Trend MicroInput/OutputSecurity scanning

Quick Start

Enable a built-in guardrail in your config.yml: 
models:
  - type: main
    engine: openai
    model: gpt-3.5-turbo

  - type: content_safety
    engine: nim
    model: nvidia/llama-3.1-nemoguard-8b-content-safety

rails:
  input:
    flows:
      - content safety check input $model=content_safety
  output:
    flows:
      - content safety check output $model=content_safety

Next Steps

Input Rails

Validate and sanitize user inputs before processing

Output Rails

Filter and validate LLM responses before delivery

Dialog Rails

Control conversation flows and enforce policies

Retrieval Rails

Validate retrieved knowledge and check facts

Execution Rails

Secure tool calls and action execution