Guardrails
Guardrails for AI agents, with a proof they ran.
Check every prompt and completion for secrets, PII, prompt injection, off-contract output, and toxicity. Block it, redact it, or fall back to a safer model. Then hand anyone a signed receipt that the guardrail ran and what it decided, verifiable offline.
Free to start. Input and output checks. No SDK lock-in.
Set AWS_ACCESS_KEY_ID=AKIA…EXAMPLE before you deploy.
The checks
Eight checks on every prompt and completion.
Deterministic detectors run on the hot path with no added latency. Structured-output, format, and a model-judged moderation check guard the response before it reaches your app.
Secrets
API keys, tokens, and private keys in the prompt or the model's output.
PII
Emails, government ids, and Luhn-validated card numbers leaking into a reply.
Prompt & indirect injection
Injection and jailbreak attempts in the input, instruction overrides and hidden Unicode in the output.
Destructive intent
rm -rf, DROP and TRUNCATE, unscoped DELETE, and force-push in the prompt.
Suspicious egress
Exfiltration to suspicious destinations referenced in the prompt or output.
Structured output
Require valid JSON, optionally matching a schema you provide.
Output format
Bound length, block source code, or require a Latin script.
Toxicity & groundedness
A model judges each completion for toxic content and, with a source, for groundedness.
Try it live
Paste a completion. Watch the guardrail fire.
This runs the real AxioRank detector engine, here in your browser, with no key and nothing sent anywhere.
- SecretscriticalAWS access key idredacted · sha256:96bca470
Runs the real AxioRank detector engine in your browser. Nothing you type leaves this page.
Output contracts
Guarantee the shape, not just the content.
Require the model to return valid JSON that matches your schema. Off-contract responses are caught before they break your code. Edit the output or the schema and watch the verdict change.
Valid JSON that matches every required field and type.
Actions
Five ways to act on a verdict.
Observe
Watch and log every verdict without changing the response. Roll out in monitor mode first.
Redact
Mask secrets and PII in place with fixed-length tokens, then serve the cleaned output.
Deny
Block the prompt or the completion outright with a clear policy reason.
Hold
Pause a risky call for a human to approve or reject, with the decision signed.
Fall back
Re-issue an off-contract completion with a safer model, and serve that instead.
Always provable
Whatever the action, the verdict is sealed and verifiable offline.
The difference
Every verdict is provable.
Most gateways show you a log line. AxioRank hands you a cryptographic receipt. Each verdict, and each agent run, is an Ed25519-signed seal that proves the guardrail ran and what it decided, verifiable by anyone offline against the published key. No trust in us required.
Per-verdict seal
Mint a signed proof for a single prompt or completion verdict, on demand.
Per-run seal
One Merkle-rooted proof over every guardrail verdict in an agent run.
Drop it in
One base URL, one header.
Point your OpenAI-compatible client at the gateway and add your AxioRank key. Spend tracking is on for everyone; the guardrails run when you enable them. Your provider key rides through and is never stored.
curl https://www.axiorank.com/api/proxy/v1/chat/completions \
-H "Authorization: Bearer $OPENAI_API_KEY" \
-H "X-AxioRank-Key: $AXIORANK_KEY" \
-H "content-type: application/json" \
-d '{ "model": "gpt-4o", "messages": [{ "role": "user", "content": "hello" }] }'Keep exploring
Continue across the control plane.
Provable guardrails, free to start.
Turn on input and output checks in minutes. Seal every verdict when you are ready to prove it.