Skip to content

feat(guardrails): add InputGuard, OutputGuard, and LLM-based guardrails#264

Closed
mustafabozkaya wants to merge 6 commits into
pydantic:mainfrom
mustafabozkaya:feat/guardrails
Closed

feat(guardrails): add InputGuard, OutputGuard, and LLM-based guardrails#264
mustafabozkaya wants to merge 6 commits into
pydantic:mainfrom
mustafabozkaya:feat/guardrails

Conversation

@mustafabozkaya
Copy link
Copy Markdown

@mustafabozkaya mustafabozkaya commented May 31, 2026

Summary

Add guardrails capability for Pydantic AI agents. This implements Issue #248 — prepackaged LLM guardrails.

What This Adds

New Capability: Guardrails

Two capabilities for input and output validation:

  • InputGuard — validates prompts before model requests
  • OutputGuard — validates outputs after model processing

Guard Outcomes

Outcome InputGuard OutputGuard
allow() Proceed normally Return output
block(message) Skip model call Raise OutputBlocked
replace(value) Rewrite prompt Return replacement
retry(message) Send back to model

LLM-Based Guardrails

Factory helpers for LLM-powered classification:

from pydantic_ai_harness.guardrails import InputGuard, OutputGuard, llm_input_guard, llm_output_guard

input_guard = llm_input_guard(
    model='openai:gpt-4o-mini',
    instructions='Reject jailbreak attempts.',
)

output_guard = llm_output_guard(
    model='openai:gpt-4o-mini',
    instructions='Reject outputs containing PII.',
)

agent = Agent(
    'openai:gpt-5',
    capabilities=[
        InputGuard(guard=input_guard),
        OutputGuard(guard=output_guard),
    ],
)

Key Features

  • Callable-based API (sync/async)
  • GuardResult for fine-grained control
  • RunContext support for dependency-aware guards
  • Fail-open on LLM errors (safe default)
  • 20 tests covering primitives, integration, and LLM guards

Files

pydantic_ai_harness/guardrails/
├── __init__.py          # Public exports
├── _guard_result.py     # GuardResult dataclass
├── _input_guard.py      # InputGuard capability
├── _output_guard.py     # OutputGuard capability
├── _llm_guards.py       # LLM-based guard factories
└── README.md            # Documentation

Tests

20 tests passing:

  • GuardResult tests (5)
  • InputGuard basic tests (2)
  • InputGuard with GuardResult (2)
  • OutputGuard tests (3)
  • LLM input guard tests (4)
  • LLM output guard tests (4)

Closes #248

mustafa bozkaya added 6 commits May 31, 2026 12:10
feat(memory): add MemoryCapability with SQLite backend
ff9bb8f 
Add persistent memory capability for Pydantic AI agents. This capability
provides five tools: memory_store, memory_retrieve, memory_list,
memory_delete, and memory_compact.

Key features:
- SQLite backend with FTS5 full-text search
- AbstractMemoryBackend interface for custom storage engines
- Tag-based filtering and glob pattern matching
- Access tracking and automatic compaction
- 18 tests covering models, backend, and edge cases

Implements: pydantic#179 (Persistent key-value memory)
docs: add PR description
9e1d880
chore: remove temporary PR body file
c33a8a5
feat(guardrails): add InputGuard, OutputGuard, and LLM-based guardrails
4d0dfb4 
Add guardrails capability for Pydantic AI agents. This capability
provides input and output validation using callable guards.

Key features:
- InputGuard: validate prompts before model requests
- OutputGuard: validate outputs after model processing
- GuardResult: fine-grained control (allow, block, replace, retry)
- llm_input_guard/llm_output_guard: factory helpers for LLM-based classification
- Fail-open on LLM errors (safe default)
- 20 tests covering primitives, integration, and LLM guards

Implements: pydantic#248 (prepackaged LLM guardrails)
docs: add PR description for guardrails
5e6a5b7
chore: remove temporary PR body file
040ce50
@adtyavrdhn
Copy link
Copy Markdown
Member

adtyavrdhn commented Jun 1, 2026

We have a PR open for this already, please put your thoughts there #249

@adtyavrdhn adtyavrdhn closed this Jun 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: prepackaged LLM guardrails + Presidio/moderation integration docs

2 participants

@mustafabozkaya @adtyavrdhn