◬Guardrails

Safety that runs with
your workloads.

Guardrails run automatically inside the engine on every intent call. Layered policy enforcement, PII protection, bias detection, output validation, and audit logging — all below 13ms total. Safety that developers don't route around.

Start building View docs

guardrails.sh

# Guardrails apply automatically on every API call.
# Configure policies per-pack in your dashboard or via API.

curl -X POST https://api.liyaengine.com/v1/run \
  -H "x-api-key: $LIYA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "pack": "healthcare",
    "intent": "summarize-clinical-note",
    "input": { "note": "Patient John D., DOB 1984-03-22..." },
    "guardrails": {
      "pii": { "action": "redact", "fields": ["name", "dob"] },
      "content": { "policy": "clinical-professional" },
      "audit": { "enabled": true, "retention_days": 2555 }
    }
  }'

# PII is redacted before the response leaves Liya Engine
# Audit entry written — tamper-evident, queryable via dashboard

< 5ms

Pre-filter latency

0.03%

False positive rate

< 13ms

Total policy latency

SOC 2

Type II compliant

Architecture

Three-phase enforcement

Guardrails run in parallel with your workloads — not in front of them. The tiered architecture keeps fast checks synchronous and heavy compliance work asynchronous.

Pre-filter

runtime phase

Fast, lightweight checks run synchronously before the model call. Catches obvious policy violations — harmful inputs, PII in prompts, out-of-scope requests — with near-zero overhead.

< 5ms

avg latency

Async validator

runtime phase

Heavier compliance checks run in parallel with the model response stream. PII redaction, bias detection, and grounding verification run here — without blocking time-to-first-token.

~30ms

avg latency

Post-filter

runtime phase

Final output review before the response is returned to the caller. Applies role-based masking, removes flagged content, and injects compliance metadata into the response envelope.

< 8ms

avg latency

Output Validation Pipeline

Runs after the post-filter,
before the response leaves.

Every intent response passes through a domain-aware validation pipeline before it reaches your caller. Validators enforce structural constraints — minimum recommendation counts, required fields, grounding confidence — and post-processors clean up the output (stripping empty sections, normalising keywords, removing placeholder text). Policies are registered per domain pack and run transparently inside the engine.

Policies

Built-in guardrail policies

◬

PII Redaction & Masking

Detect and redact personally identifiable information in both inputs and outputs. Configurable per field — mask, hash, or replace with typed placeholders. GDPR and HIPAA-aware.

◎

Content Filtering

Block harmful, off-topic, or brand-unsafe content using layered classifiers. Configurable thresholds per deployment, with separate policies for different user segments.

◈

Bias & Fairness Filters

Detect and flag outputs with demographic bias. Includes pre-built hiring, lending, and clinical bias detectors calibrated against established fairness benchmarks.

⬡

Role-Based Output Policies

Define what each user role can see, ask, and receive. Policy rules are evaluated at runtime against the authenticated user's attributes — no application-level logic required.

◇

Grounding Verification

Verify that agent outputs are grounded in retrieved context. Flag or block hallucinated claims that lack source attribution. Configurable confidence thresholds per domain.

▷

Full Audit Logging

Every input, output, and guardrail decision is logged with a tamper-evident audit trail. Query logs in real time via the dashboard or export to your SIEM or data warehouse.

Safety that runs withyour workloads.