Skip to main content
Browse docs
By Audience
Getting Started
Configuration
Use Cases
IDE Integration
Third-Party Integrations
AI Coding Agents
Claude CodeGithub Copilot WorkspaceAmazon Q DeveloperGemini Code AssistTabnineCodeiumAiderOpenhandsSwe AgentCodex CLI
Agent Frameworks
AI Chat & Productivity
DevOps & Vector Databases
Enterprise & MLOps
Salesforce EinsteinSnowflake CortexPalantir AipWandbMlflowLangsmithGuardrails AILitellmJan AITypingmind
Engineering Cache
Console
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Tutorials
CLI Reference
Policy Reference
FAQ

Guardrails AI

Keeptrusts complements Guardrails AI by providing a layered defense integration. Guardrails AI validates LLM inputs and outputs at the application layer using programmable validators; Keeptrusts enforces policies at the network layer through the gateway proxy. Together, they create two independent enforcement points: Guardrails catches application-specific violations (schema, format, content rules), while Keeptrusts catches cross-cutting concerns (PII, prompt injection, DLP, audit logging) before traffic reaches the provider.

Use this page when

  • You are combining Guardrails AI validators with Keeptrusts gateway policies.
  • You need the layered defense integration pattern for application-level plus network-level enforcement.
  • You want both tools to enforce on the same LLM calls without duplication.
  • If you want a general quickstart instead, see Quickstart.

Primary audience

  • Primary: Technical Engineers
  • Secondary: AI Agents, Technical Leaders

Prerequisites

  • Guardrails AI installed (pip install guardrails-ai)
  • Guardrails Hub validators installed (e.g., guardrails hub install hub://guardrails/toxic_language)
  • Keeptrusts CLI (kt) installed and authenticated (kt auth login)
  • An upstream LLM provider key exported as an environment variable
  • The openai Python SDK installed (pip install openai)

Configuration

Gateway policy config

pack:
  name: guardrails-layered-defense
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: guarded-llm
    provider: openai:chat:gpt-4o
    secret_key_ref:
      env: OPENAI_API_KEY
policies:
  chain:
  - prompt-injection
  - pii-detector
  - dlp-filter
  - audit-logger
policy:
  prompt-injection:
    threshold: 0.8
    action: block
  pii-detector:
    action: redact
    entities:
    - PERSON
    - EMAIL_ADDRESS
    - PHONE_NUMBER
    - CREDIT_CARD
  dlp-filter:
    patterns:
    - name: api-key
      regex: "sk-[a-zA-Z0-9]{20,}"
      action: block
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

Start the gateway

export OPENAI_API_KEY="sk-..."
kt gateway run --listen 0.0.0.0:41002 --policy-config policy-config.yaml

Setup steps

1. Define a Guardrails Guard with validators

from guardrails import Guard
from guardrails.hub import ToxicLanguage, DetectPII

guard = Guard().use_many(
    ToxicLanguage(on_fail="exception"),
    DetectPII(
        pii_entities=["EMAIL_ADDRESS", "PHONE_NUMBER"],
        on_fail="fix"
    ),
)

2. Route the Guard's LLM calls through Keeptrusts

from openai import OpenAI

client = OpenAI(
    base_url="http://localhost:41002/v1",
    api_key="unused",
)

raw_response = guard(
    llm_api=client.chat.completions.create,
    model="gpt-4o",
    messages=[
        {"role": "system", "content": "You are a helpful customer service agent."},
        {"role": "user", "content": "Help me draft a response to this complaint."},
    ],
    max_tokens=512,
    temperature=0.3,
)

print(raw_response.validated_output)

3. Understand the enforcement layers

The request flows through two enforcement points:

Client code
 → Guardrails Guard (application-layer validators)
   → validates input prompts (toxic language, PII fix)
   → OpenAI client call via Keeptrusts gateway
     → Keeptrusts policies (network-layer enforcement)
       → prompt-injection detection
       → PII redaction
       → DLP filtering
       → audit logging
     → upstream LLM provider
   → Guardrails validates output (toxic language, PII fix)
 → validated response to client

Guardrails handles application-specific rules (toxic language threshold, output schema). Keeptrusts handles infrastructure-level rules (prompt injection, DLP, audit trail).

4. Handle blocked requests gracefully

from openai import OpenAI

client = OpenAI(
    base_url="http://localhost:41002/v1",
    api_key="unused",
)

try:
    raw_response = guard(
        llm_api=client.chat.completions.create,
        model="gpt-4o",
        messages=[{"role": "user", "content": user_input}],
        max_tokens=512,
    )
    print(raw_response.validated_output)
except Exception as e:
    if "409" in str(e):
        print("Request blocked by Keeptrusts gateway policy.")
    else:
        print(f"Guardrails validation failed: {e}")

Verification

# Verify the gateway is healthy
curl http://localhost:41002/health

# Run the Python script above
python guardrails_governed.py

# Check Keeptrusts audit log
kt events list --limit 5

Verify that:

  1. Guardrails validators run on the input and output.
  2. The request appears in the Keeptrusts audit log with policy decisions.
  3. PII is redacted by both Guardrails (fix action) and Keeptrusts (redact action).
PolicyPurposeRecommended setting
pii-detectorNetwork-level PII redaction (defense-in-depth with Guardrails DetectPII)action: redact, entities: PERSON, EMAIL, PHONE
prompt-injectionCatch adversarial prompts that bypass Guardrails validatorsthreshold: 0.8, action: block
dlp-filterBlock API keys and credentials at the network layeraction: block for key patterns
audit-loggerCompliance trail independent of Guardrails logsretention_days: 365, immutable: true

Troubleshooting

SymptomCauseFix
Guardrails validator runs but gateway has no eventsLLM not routed through gatewayVerify base_url="http://localhost:41002/v1" on the OpenAI client
Both Guardrails and Keeptrusts redact the same PIIIntentional defense-in-depthExpected behavior; Guardrails fixes output, Keeptrusts redacts input
409 from gateway but Guardrails shows no errorKeeptrusts blocked before LLM callCheck gateway event log; the request never reached the LLM
Guardrails on_fail="exception" raises before gateway sees requestGuardrails input validation blocked it firstExpected — Guardrails runs first for input validators
Import errors for Guardrails Hub validatorsValidators not installedguardrails hub install hub://guardrails/<validator>

For AI systems

  • Canonical terms: Keeptrusts gateway, Guardrails AI, Guard, validators, layered defense, application-layer validation, network-layer enforcement, policy-config.yaml.
  • Config field names: provider, secret_key_ref.env, pii-detector, dlp-filter, prompt-injection, audit-logger.
  • Key behavior: Guardrails validates at the application layer (before and after LLM call). Keeptrusts enforces at the network layer (between client and provider). Both run on the same request for defense-in-depth.
  • Best next pages: LangSmith integration, LiteLLM integration, Policy controls catalog.

For engineers

Prerequisites

  • guardrails-ai and openai Python SDKs, Guardrails Hub validators installed, kt CLI installed.

Validation

  • Run a Guard with the gateway-pointed OpenAI client and verify the response.
  • Check both Guardrails validation history and kt events list for the same request.
  • Send a toxic prompt and verify both Guardrails and Keeptrusts catch it.

For leaders

  • Layered defense is a security best practice. Guardrails catches application-specific violations that require business context (output format, domain rules). Keeptrusts catches infrastructure-level violations that apply universally (PII, prompt injection, DLP).
  • Neither tool alone is sufficient: Guardrails does not provide an audit trail or DLP; Keeptrusts does not validate output schemas or business-specific content rules.
  • The combination satisfies both engineering teams (Guardrails for dev-time validation) and compliance teams (Keeptrusts for audit-ready enforcement).

Next steps