guardrails-ai

Validates LLM outputs against developer-defined schemas and constraints using a declarative YAML/JSON configuration system. Guardrails-ai parses output specifications (Pydantic models, JSON schemas, or custom validators) and enforces them through a validation pipeline that intercepts model responses before returning to the application. The system supports both synchronous validation and asynchronous correction loops where invalid outputs trigger re-prompting or structured repair.

Implements an automatic feedback loop where validation failures trigger structured re-prompting of the LLM with detailed error messages and correction instructions. The system maintains context across iterations, appending validation failure reasons to the prompt and optionally providing examples of valid outputs. This enables the LLM to self-correct without requiring external intervention or manual prompt engineering.

Provides a provider-agnostic wrapper around multiple LLM APIs (OpenAI, Anthropic, Cohere, Azure, local models via Ollama/vLLM) with a unified Python interface. Guardrails-ai normalizes request/response formats, handles provider-specific quirks (token limits, function calling schemas, streaming behavior), and enables seamless switching between providers without code changes. The abstraction layer manages authentication, rate limiting, and error handling across heterogeneous APIs.

Extends schema validation with semantic guardrails that use the LLM itself to verify outputs against natural language constraints (e.g., 'output must be appropriate for children', 'response must cite sources'). These checks run after structural validation and invoke the LLM to evaluate semantic properties that cannot be expressed as regex or schema rules. The system caches semantic validation results to avoid redundant LLM calls for identical outputs.

Enables LLMs to invoke external functions or APIs by defining a schema of available functions and letting the model choose which to call based on the task. Guardrails-ai converts function definitions into provider-native function calling formats (OpenAI function calling, Anthropic tool_use, etc.) and routes the LLM's function call decisions to actual Python functions or HTTP endpoints. The system validates function arguments against the schema before execution and handles return values.

Validates LLM outputs in real-time as they stream token-by-token, performing incremental parsing and validation without waiting for the complete response. The system buffers tokens into logical chunks (e.g., JSON objects, code blocks) and validates each chunk as it arrives, enabling early error detection and correction before the full output is generated. This reduces latency for streaming applications and enables cancellation of invalid outputs mid-generation.

Allows developers to compose multiple guardrails (validators, correctors, semantic checks) into reusable pipelines that execute in sequence or parallel. Each guardrail is a modular component with defined inputs/outputs, and the system orchestrates their execution, passing outputs from one guardrail as inputs to the next. Pipelines can be defined declaratively in YAML/JSON or programmatically in Python, enabling complex validation workflows without custom code.

Provides comprehensive logging and metrics collection for all validation operations, including execution time, token usage, validation pass/fail rates, and correction attempts. Guardrails-ai exports structured logs in JSON format and integrates with observability platforms (Datadog, New Relic, etc.) to enable monitoring of guardrail performance in production. The system tracks validation failures by type and provides dashboards for identifying problematic outputs or guardrails.

Enables developers to implement custom validators as Python classes or functions that integrate seamlessly into the guardrails system. The framework provides base classes and decorators for defining validators with standard interfaces (validate method, error handling, caching), and a plugin registry for discovering and loading custom validators at runtime. Validators can be synchronous or asynchronous and can access external services (APIs, databases) for validation logic.

Processes multiple LLM outputs in batch mode, applying guardrails to all outputs before returning results. The system deduplicates validation work (e.g., if multiple outputs are identical, validation runs once), batches LLM calls for semantic validation to reduce API overhead, and provides cost/latency tradeoffs (e.g., validate all outputs vs. sample-based validation). Batch mode is optimized for throughput rather than latency.