nat.plugins.security.middleware.guardrails.nemo_guardrails_middleware_config#

Configuration for NeMo Guardrails middleware.

Classes#

`GuardrailFunctionFields`	Field selection for one intercepted function.
`GuardrailsMiddlewareConfig`	Guardrails policy attached to a NAT workflow via dynamic middleware.

Module Contents#

class GuardrailFunctionFields#

Bases: pydantic.RootModel[dict[str, list[str]]]

Field selection for one intercepted function.

Maps each top-level field of the function’s input or output schema to the dotted sub-paths that reach the string(s) to guard. Each string leaf reached is evaluated in its own independent rail call, and a non-blocking rewrite is written back to that exact leaf so siblings are left untouched.

Configured in YAML under a function name within workflow_functions:

workflow_functions:
  retail_tools__get_all_products:
    description: []        # guard the string field ``description`` directly
    review_texts: []       # guard each string in the list field ``review_texts``
  retail_tools__get_product_info:
    reviews:               # guard ``review`` nested in each item of the list ``reviews``
      - review

Each entry takes one of two forms:

field: []: Guard the value of the top-level field itself. The field must: be a str or a list[str]; a list[str] fans out and each element is guarded in its own rail call.
field: [sub.path, ...]: Descend into field and guard each str reached: by every listed dotted sub.path. Any segment that crosses a list field fans out, guarding the leaf on each element.

For example, given a get_product_info output shaped like:

{
  "name": "Wireless Mouse",
  "description": "Ergonomic 2.4GHz mouse.",
  "reviews": [
    {"author": "Ada", "rating": 5, "review": "Loved it, works great!"},
    {"author": "Lin", "rating": 2, "review": "Stopped working after a week."},
  ],
}

the selection reviews: [review] reaches the review string on each item and guards each in its own rail call, leaving name, description, and every sibling field (author, rating) untouched:

rail call 1: "Loved it, works great!"
rail call 2: "Stopped working after a week."

root: dict[str, list[str]] = None#

class GuardrailsMiddlewareConfig#

Bases: nat.middleware.dynamic.dynamic_middleware_config.DynamicMiddlewareConfig

Guardrails policy attached to a NAT workflow via dynamic middleware.

guardrails: nemoguardrails.RailsConfig | None = None#

guardrails_root: str | None = None#

llm_bindings: dict[str, str] | None = None#

workflow_functions: list[str] | dict[str, GuardrailFunctionFields] | None = None#

stream_output_rails: bool = None#

_finalize_guardrails() → GuardrailsMiddlewareConfig#: Load guardrails from guardrails_root when needed and enforce Colang 1.0 at config load.