Skip to main content

A local-first gate for LLM apps: define a check — keyword, regex, URL, length, JSON-schema — attach it to a stage (input, tool call, tool output, output). Deterministic, microsecond, $0, and every decision is audit-grade evidence.

Project description

cendor-guardrails

A local-first gate for LLM apps: define a check — keyword, regex, URL, length, JSON-schema — attach it to a stage (input, tool_call, tool_output, output), and block, redact, or flag before the model or a tool ever runs. No server, no account, no model call.

Deterministic checks in microseconds for $0 — and every decision lands in a tamper-evident audit chain.

PyPI license · pip install cendor-guardrails

from cendor.core import instrument
from cendor.guardrails import install, rules

client = instrument(OpenAI())
install([                                           # one interceptor gates every call
    rules.keyword_deny(["ignore previous instructions"], action="block"),
    rules.regex_rule(r"\bsk-[A-Za-z0-9]{20,}\b", action="redact", stage="input"),
    rules.url_allowlist(["docs.cendor.ai"], stage="input"),
])

client.chat.completions.create(model="gpt-4o", messages=msgs)
# blocked prompt -> raises GuardrailTripped BEFORE the request is sent ($0 spent)
# a leaked key -> the provider receives "[redacted]" instead

Highlights

  • Four intervention points — gate the user turn (input), the model's request to call a tool (tool_call), the tool's result (tool_output), and the model's final answer (output). Matches Azure Foundry's intervention points and OpenAI's four decorator types.
  • Deterministic built-ins, no heavy depskeyword_deny, regex_rule, url_allowlist / url_deny, length_bounds (char + exact token bounds via cendor.core.tokens), json_schema, and custom. Regex/arithmetic only — offline, deterministic, $0.
  • Evidence, not just enforcement — every trip or flag emits a GuardrailDecision on the cendor.core bus, so cendor-acttrace chains it as a tamper-evident guardrail_decision entry with no import between the two. "We blocked it" is in the hash chain, not a log line.
  • Three ways to use it — pure apply() / evaluate(); framework-independent install() on the core seam; and Agent(guardrails=[…]) in cendor-sdk (all four in-loop stages + per-run override).
from cendor.guardrails import apply, guardrail, Verdict, GuardrailTripped

@guardrail(stage="output")
def must_be_json(payload, ctx):
    if not payload.strip().startswith("{"):
        return Verdict("block", reason="expected a JSON object")

try:
    apply([must_be_json], "output", model_text)      # raises GuardrailTripped on a block
except GuardrailTripped as e:
    print(e.decisions)                                 # the recorded decisions, block last

How it plugs into your agent

guardrails is the Gate in the pipeline — contextkit → squeeze → tokenguard → guardrails → cassette → acttrace. It imports only cendor-core: checks ride the same instrument() seam and event bus every other library uses, so the same guardrail works under cendor-sdk, a bare instrumented client, or beneath another framework — in Python and TypeScript alike.

Honest limits: the built-ins are deterministic, so they do not stop a novel adversarial attack — a jailbreak they were never told about will pass. Pair them with a bring-your-own model judge (rules.llm_judge, an adapter contract — you supply the call, and the extra latency/cost is real) and treat the deterministic rules as the fast, free floor, not a ceiling. PII/secret detection lives in cendor-acttrace (guard(Policy…)), not here.

Part of the Cendor stack — github.com/cendorhq/cendor-libs. Powered by PowerAI Labs.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cendor_guardrails-1.0.0.tar.gz (21.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cendor_guardrails-1.0.0-py3-none-any.whl (18.8 kB view details)

Uploaded Python 3

File details

Details for the file cendor_guardrails-1.0.0.tar.gz.

File metadata

  • Download URL: cendor_guardrails-1.0.0.tar.gz
  • Upload date:
  • Size: 21.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for cendor_guardrails-1.0.0.tar.gz
Algorithm Hash digest
SHA256 fd530908076fa284e1c2840a8c2cb968380348ff8f842407f4d7874f3cee778f
MD5 15e31e98e650689d223573ecc87d7489
BLAKE2b-256 d44299bb4cc6b905b98e84a53a55ad5e1c7ce81ed501b7bffb4df33bc7510979

See more details on using hashes here.

Provenance

The following attestation bundles were made for cendor_guardrails-1.0.0.tar.gz:

Publisher: release.yml on cendorhq/cendor-libs

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cendor_guardrails-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for cendor_guardrails-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 37e48aea31cdcac72d40850ab2c6e80fc2d5c9569709aa2c2f9d9a3a09a90fae
MD5 9d65378c53fa31b40b3a157536022925
BLAKE2b-256 126656e84d8ae5674ecd3eed36562bd248e70ae9f354a85021b7e0a276fd4182

See more details on using hashes here.

Provenance

The following attestation bundles were made for cendor_guardrails-1.0.0-py3-none-any.whl:

Publisher: release.yml on cendorhq/cendor-libs

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page