Guardrails

The Guardrails block checks content against one validation type and reports whether it passed. Use it to catch malformed JSON, off-pattern text, ungrounded answers, or PII before the content moves on. Each block runs one check; chain several to apply more than one.

Guardrails

Content to Validate-

Validation TypeValid JSON

error

Validation Types

Valid JSON

Checks that the content parses as valid JSON. Use it before a Function or downstream block reads a model's structured output.

<guardrails.passed> — true if the content is valid JSON
<guardrails.error> — the parse error when it isn't, like Invalid JSON: Unexpected token

Regex Match

Checks the content against a regular expression — an email, a phone number, a URL, or any pattern you define.

Regex Pattern — the expression to match, like ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ for an email
<guardrails.passed> — true if the content matches; <guardrails.error> otherwise

Hallucination Check

Scores how well AI output is grounded in a knowledge base. The block retrieves relevant context, sends it to a model with the output, and the model returns a confidence score from 0 (completely ungrounded) to 10 (fully supported). Validation passes when the score meets the threshold.

Knowledge Base — the knowledge base to check against
Model — the model that scores grounding. Use a strong reasoning model; the default is claude-sonnet-4-6. The API key is supplied for you on hosted Sim
Confidence — the minimum score to pass, from 0 to 10 (default 3)
Top K (advanced) — how many knowledge base chunks to retrieve (default 5)

Outputs <guardrails.score> (0–10) and <guardrails.reasoning> (why the model scored it that way) alongside passed.

PII Detection

Detects personally identifiable information with Microsoft Presidio — over 30 entity types across several countries and languages.

PII Types to Detect — pick the entity types from the modal, grouped by region:
- Common — person name, email, phone, credit card, IP address, and more
- USA — SSN, driver's license, passport, bank account, ITIN
- UK — NHS number, national insurance number
- Spain — NIF, NIE · Italy — fiscal code, driver's license, identity card, passport · Poland — PESEL · Singapore — NRIC/FIN
- Australia — ABN, ACN, TFN, Medicare · India — Aadhaar, PAN, vehicle registration, voter number, passport
Action — Block fails validation when any selected type is found (default); Mask also replaces the PII with masked values
Language — the detection language (default English)

Outputs <guardrails.detectedEntities> (each with type, location, and confidence) and, in Mask mode, <guardrails.maskedText>. passed is false when any selected PII is found.

Configuration

Content to Validate

The input to check. Usually an earlier output like <agent.content>, <function.result>, or an API response.

Validation Type

Which of the four checks to run: Valid JSON, Regex Match, Hallucination Check, or PII Detection.

Outputs

Every validation type returns:

Output	What it is
`<guardrails.passed>`	Whether the check passed
`<guardrails.validationType>`	The check that ran
`<guardrails.input>`	The content that was checked
`<guardrails.error>`	The failure message, when there is one

Hallucination adds <guardrails.score> and <guardrails.reasoning>; PII adds <guardrails.detectedEntities> and <guardrails.maskedText>.

Examples

Validate JSON before parsing

Check the Agent's output is valid JSON, then branch on <guardrails.passed> before a Function parses it.

Prevent hallucinations

Score the answer against a knowledge base, then gate on <guardrails.score> to send a grounded answer or flag a weak one.

Block PII in user input

Detect PII in the input and branch on <guardrails.passed> to process clean input or reject it.

Best Practices

Branch on the result. Read <guardrails.passed> in a Condition to route valid and invalid content down different paths.
Validate JSON before you parse it. A check upstream is cheaper than a parse error in a Function block.
Pick only the PII types you need. Selecting fewer entity types keeps detection fast and focused.
Tune the hallucination threshold. Raise the confidence floor for stricter grounding, lower it to allow more latitude.
Mask when you log. Use Mask mode for content you store or log, so PII never lands in plain text.
Chain checks. One block runs one type, so place several in sequence to validate format and then scan for PII.

Guardrails runs synchronously in the workflow. For hallucination checks where latency matters, choose a faster model.

Common Questions

Each Guardrails block runs one validation type. To apply several, chain Guardrails blocks in sequence — for example validate JSON, then scan for PII.

It ranges from 0 to 10. A 0 means the content is completely ungrounded (full hallucination), and a 10 means it is fully supported by the knowledge base. Validation passes when the score meets or exceeds your threshold (default 3).

Five by default. You can raise it up to 20 in Advanced settings. More chunks give broader context but add latency and tokens.

Microsoft Presidio. It supports over 30 entity types across the US, UK, Spain, Italy, Poland, Singapore, Australia, and India.

Block fails the validation (passed = false) when any selected PII is detected. Mask also detects it but replaces it with masked values in the output, so the content is safe to use downstream. Both return the list of detected entities.

English, Spanish, Italian, Polish, and Finnish. The language setting selects the NLP models used for entity recognition, so matching it to your content improves accuracy.

Just syntax — it confirms the content parses as valid JSON, not that it matches a particular schema. For schema validation, use a Function block after the check.

Guardrails

Common Questions

On this page