Skip to content
in/guard/out
in/guard/out

How it works

One base URL. Every request guarded.

The proxy speaks the OpenAI API on the front and your providers on the back. Your app keeps its SDK, its models, and its prompts – the guardrail pipeline runs on what crosses the wire, in both directions.

§01 Two steps to start
Step 1

Change one line of code

Update your base URL from your LLM provider to In Guard Out. Everything else stays the same.

client = OpenAI(
    base_url="https://api.inguardout.com/v1",
    api_key="gr-…",
)
Step 2

Whitelist your IP

Add your IPv4 and IPv6 addresses in the console. Our firewall won’t accept connections from anywhere else.

You’re now live. Requests flow through the full guardrail pipeline. Fine-tune policies and settings in the dashboard whenever you’re ready.

§02 The pipeline, both directions
Inbound – before the model sees it

PII screening

Names, emails, cards, IDs become reversible placeholders before anything leaves for the provider.

Injection defense

Deterministic patterns plus Prompt Guard 2 score the input; untrusted tool results get the same scan.

Input safety

Abusive or off-policy prompts are caught before they spend a single token upstream.

Budget & loop gate

On agent traffic: is this run still inside its cost, step, and tool budgets – and is it looping?

Outbound – before your app sees it

Grounding & fact-check

Arithmetic recomputed, figures matched to source, unsupported claims flagged by the judge.

Tool-call policy

Allow/deny, schema validation, risk tiers, action grounding, and taint checks on every proposed tool call.

Format & safety

Structured output validated and repaired; profanity and unsafe content censored or blocked.

PII restore

The very last stage swaps placeholders back to real values – inside your boundary, never the provider’s.

Every stage times itself, so the dashboard shows the exact overhead each check added to each request – the “guardrail tax” as a measured number, not a promise.

§03 Two modes: observe first, then enforce
FIX

Repair what’s repairable, record the rest

Wrong arithmetic corrected in place, malformed JSON re-parsed, profanity censored – and every finding flagged in headers and the dashboard. The mode to start in: you see what would be caught before anything blocks.

PREVENT

Fail closed

A violating request or response never gets through – your app receives a 422 with the reason and the findings. Set per key, per user, or per request, so one workflow can enforce while another still observes.

§06 Frequently asked questions

How long does integration actually take?

For the LLM boundary: the time it takes to change a base URL and issue a proxy API key. Agent features want one more header – X-Guardrails-Session-Id – so requests group into runs. Checkpoint and MCP gateway surfaces are opt-in additions, not prerequisites.

Do I need to change my prompts or models?

No. The proxy is model-agnostic and prompt-agnostic: it enforces on what crosses the wire. You keep your provider account, your models, and your prompts; you can also keep your provider key and let the proxy forward with it.

What happens when a check fails?

Depends on the mode. In FIX, safe repairs are applied (arithmetic corrected, JSON re-parsed, profanity censored) and everything is flagged in the response headers and dashboard. In PREVENT, the request fails closed with a 422 carrying the reason – your code handles it like any API error.

Does it support streaming?

Streaming responses are buffered in the current version: most guardrails need the complete output before they can pass judgment on it (you cannot fact-check half an answer). Documented, deliberate, and on the roadmap for token-level checks that allow it.

What latency does the pipeline add?

The deterministic stages run in milliseconds; classifier and judge stages cost a model call each and only run where enabled. Rather than quote one number, the proxy times every stage of every request and shows the per-stage overhead in the dashboard – measured on your traffic, not our benchmark.

Where does it run?

The proxy is a cloud-based SaaS service. Your applications point their LLM clients at our hosted proxy; traffic is screened and routed to your chosen upstream providers. A sandbox demo exists so you can test behavior before pointing production traffic at it.

The integration is a base URL. Try it.

We’re running a limited demo – sign up and we’ll get you in as soon as we can.