Skip to main content
Guardrails validate agent output against your criteria and automatically retry if the output fails. The user sends a prompt; guardrails validate input and output before the agent responds or calls tools.

Quick Start

1

Simple Usage

Pass a validation function to an agent:
2

With Configuration

Use GuardrailConfig for LLM-based validation with retry settings:

Which Validator Should I Use?

Pick a validator strategy based on how you need to check the output.

How It Works

Guardrails work identically in sync (.start(), .chat()) and async (.astart(), .achat()) execution paths.

Configuration Options

GuardrailConfig SDK Reference

Full parameter reference for GuardrailConfig
Precedence ladder — choose the level you need:

Common Patterns

Function-Based Validation

Natural Language Validation

Multi-Agent with Guardrails


Best Practices

Vague guardrails like “be good” are hard to enforce. Use concrete criteria: “must be between 100 and 200 words” or “must contain a JSON array”.
When validating JSON, code, or data formats, use a function validator. LLM validators are slower and better suited for qualitative criteria like tone or completeness.
The (False, "reason") message is passed back to the agent as feedback. Make it actionable — tell the agent exactly what to fix.
Start with max_retries=2. Increasing retries adds latency and cost. If the agent fails repeatedly, the validator criteria or instructions may need refinement.

Guardrails validate an agent’s output and can retry. To block an action before it happens (a tool call, an inbound message, or an LLM request), see Blocking Plugins in Plugins.

Approval

Add human-in-the-loop approval steps

Hooks

Intercept and modify agent behavior at lifecycle points

Gateway Self-Lifecycle Guard

Block agent commands that would stop or restart this gateway