Browse docs
--- title: "Enterprise Guardrails" description: "Enterprise guardrail enhancements: output-direction guardrails, enhanced dashboard management, and compliance audit integration." icon: "road-barrier" ---
Overview
Enterprise guardrails extend the OSS guardrails system with advanced capabilities for production content safety. OSS guardrails include system prompt rules, LLM-based content altering, regex blocking, PII redaction, and length limits — all available in the open-source edition. Enterprise adds output-direction guardrail support, enhanced rule configuration surfaces in the dashboard, and Enterprise compliance integration for audit trail immutability.
Guardrails intercept requests before they reach LLM providers and can optionally sanitize responses before returning to clients.
Guardrail Types
Enterprise adds enhanced guardrail capabilities beyond the OSS rule types:
Common Rule Fields
Every guardrail rule shares these optional fields:
LLM-Based Altering
The llm_based_altering guardrail rewrites selected message roles by calling an auxiliary model before the main provider request runs. This is useful for PII anonymization, prompt injection sanitization, and other content-preserving rewrites.
Configuration
guardrails:
enabled: true
rules:
- name: "privacy-rewrite"
type: "llm_based_altering"
user_path: "/team/privacy"
order: 1
llm_based_altering:
model: "gpt-4o-mini"
roles: ["user"]
max_tokens: 4096
skip_content_prefix: "### safe"Settings
How It Works
When llm_based_altering runs, Aurora calls the auxiliary model through the normal translated request path:
- Path:
/v1/chat/completions - User path:
{guardrail.user_path or caller user path}/guardrails/{guardrail name} - Request origin:
guardrail
Guardrails are explicitly skipped for the internal request to avoid recursion.
Regex Block
Block or sanitize messages that match configured regular expressions.
guardrails:
enabled: true
rules:
- name: "block-system-escape"
type: "regex_block"
order: 0
regex_block:
patterns:
- "ignore all previous instructions"
- "you are now.*"
action: "block"Settings
PII Redaction
Deterministically redact personally identifiable information from messages.
guardrails:
enabled: true
rules:
- name: "pii-filter"
type: "pii_redact"
order: 0
pii_redact:
kinds:
- email
- phone
- ssn
- credit_cardSettings
Length Limit
Enforce maximum character or estimated token counts on messages.
guardrails:
enabled: true
rules:
- name: "max-length"
type: "length_limit"
order: 0
length_limit:
max_chars: 100000
max_estimated_tokens: 32000Settings
Output Guardrails
Guardrails can also apply to provider responses. Configure the direction to control when rules run:
input — Run before the request reaches the provider (default)
output — Run on the provider response before returning to the client
both — Run in both directionsOutput guardrails use the same rule types and configuration as input guardrails.
Workflow Integration
Guardrails are enabled per-request through workflow policies. Each workflow payload controls which guardrails apply to matching requests:
curl -X POST http://your-aurora-host/admin/api/v1/workflows \
-H "Authorization: Bearer $AURORA_MASTER_KEY" \
-H "Content-Type: application/json" \
-d '{
"scope_provider_name": "openai_primary",
"scope_user_path": "/team/alpha",
"workflow_payload": {
"schema_version": 1,
"features": {
"guardrails": true
},
"guardrails": ["privacy-rewrite"]
}
}'Admin API
For endpoint reference see the Admin API section.
curl -X PUT "http://your-aurora-host/admin/api/v1/guardrails/privacy-rewrite" \
-H "Authorization: Bearer $AURORA_MASTER_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "privacy-rewrite",
"type": "llm_based_altering",
"order": 1,
"llm_based_altering": {
"model": "gpt-4o-mini",
"roles": ["user"]
}
}'Reference
See OSS Guardrails for the complete guardrails pipeline reference, execution order, and system prompt modes.