Overview

View as Markdown

The NVIDIA NeMo Guardrails library (PyPI | GitHub) is an open-source Python package for adding programmable guardrails to LLM-based applications. Use it to block, alter, or validate unsafe, off-topic, malicious, or policy-violating user inputs and model responses.

The library provides configuration files, Colang flows, built-in guardrails, custom actions, and integration APIs so you can add safety and control logic without rewriting your application or model backend.

How It Fits in the NVIDIA NeMo Software Stack

NVIDIA NeMo is a suite of microservices, tools, and libraries for building, deploying, and scaling LLM-based applications. The NVIDIA NeMo Guardrails library provides the developer-facing Python package for building and testing guardrails, while the NVIDIA NeMo Guardrails microservice provides a production-ready container image built on top of the same guardrails configuration model.

LibraryMicroservice
DistributionPyPI packageContainer image backed by this library
DeploymentSelf-managed Python environmentKubernetes with Helm
ScalingApplication-levelManaged by the orchestrator
ConfigurationYAML and ColangSame YAML and Colang format

Configurations are portable between the library and microservice, so you can develop locally with the library and deploy to production with the microservice.

Core Building Blocks

The NVIDIA NeMo Guardrails library is organized around the following building blocks:

  • Rails: Input, retrieval, dialog, execution, and output rails run at different stages of an LLM interaction.
  • Configuration: YAML files define models, prompts, rails, tracing, and other runtime settings.
  • Colang flows: Colang defines conversational flows, guardrail logic, and event-driven behavior.
  • Custom actions: Python functions, tools, or external APIs extend guardrails with application-specific checks.
  • Runtime interfaces: The Python SDK and guardrails server let applications send messages through a guardrailed interface.

Benefits

The NVIDIA NeMo Guardrails library helps teams add policy enforcement and safety checks around LLM applications while keeping the application architecture flexible.

  • Add guardrails before and after LLM calls without changing the application LLM.
  • Reuse the same YAML and Colang configuration across local development and microservice deployment.
  • Combine built-in guardrails, NVIDIA safety models, community models, third-party APIs, and custom Python actions.
  • Inspect and control user inputs, retrieved content, tool calls, and model outputs in one guardrails workflow.

Use Cases

Teams use the NVIDIA NeMo Guardrails library in the following scenarios.

Content safety guardrails help ensure that both user inputs and LLM outputs are safe and appropriate. The NeMo Guardrails library provides multiple approaches to content safety:

For practical examples, try the following tutorials:

Jailbreak protection helps prevent adversarial attempts from bypassing safety measures and manipulating the LLM into generating harmful or unwanted content. The NeMo Guardrails library provides multiple layers of jailbreak protection:

  • Self-check jailbreak detection: Use the LLM to identify jailbreak attempts.
  • Heuristic detection: Use pattern-based detection for common jailbreak techniques.
  • NVIDIA NemoGuard: Integrate with NemoGuard Jailbreak Detection NIM for advanced threat detection.
  • Third-party integrations: Use Prompt Security, Pangea AI Guard, and other services.

For practical examples, try the following tutorial:

Topic control guardrails ensure that conversations stay within predefined subject boundaries and prevent the LLM from engaging in off-topic discussions. This is implemented through:

  • Dialog rails: Pre-define conversational flows using the Colang language.
  • Topical rails: Control what topics the bot can and cannot discuss.
  • NVIDIA NemoGuard: Integrate with NemoGuard Topic Control NIM for semantic topic detection.

For practical examples, try the following tutorial:

Personally Identifiable Information (PII) detection helps protect user privacy by detecting and masking sensitive data in user inputs, LLM outputs, and retrieved content. The NeMo Guardrails library supports PII detection through multiple integrations:

  • Gliner: Use NVIDIA GLiNER-PII for detecting entities such as names, email addresses, phone numbers, social security numbers, and more.
  • Presidio-based detection: Use Microsoft Presidio for detecting entities such as names, email addresses, phone numbers, social security numbers, and more.
  • Private AI: Integrate with Private AI for advanced PII detection and masking.
  • Polygraf: Integrate with Polygraf for advanced PII detection and masking.
  • AutoAlign: Use AutoAlign PII detection with customizable entity types.
  • GuardrailsAI: Access GuardrailsAI PII validators from the Guardrails Hub.

PII detection can be configured to either detect and block content containing PII or to mask PII entities before processing.

For more information, refer to the Presidio Integration and PII Detection in the Guardrail Catalog.

Agentic security provides specialized guardrails for LLM-based agents that use tools and interact with external systems. This includes:

  • Tool call validation: Execute rails that validate tool inputs and outputs before and after invocation.
  • Agent workflow protection: Integrate with LangGraph for multi-agent safety. Requires the LangChain opt-in (NEMOGUARDRAILS_LLM_FRAMEWORK=langchain) and the matching langchain-* packages.
  • Secure tool integration: Review guidelines for safely connecting LLMs to external resources (refer to Security Guidelines).
  • Action monitoring: Monitor detailed logging and tracing of agent actions.

Key security considerations for agent systems:

  1. Isolate all authentication information from the LLM.
  2. Validate and sanitize all tool inputs.
  3. Apply execution rails to tool calls.
  4. Monitor agent behavior for unexpected actions.

For more information, refer to the Tools Integration Guide, Security Guidelines, and LangGraph Integration.

The NeMo Guardrails library provides extensive flexibility for creating custom guardrails tailored to your specific requirements. You can either build your own guardrails or use third-party guardrails. If you have a script or tool that runs a custom guardrail, you can use it in NeMo Guardrails by following one of these approaches:

  1. Python actions: Create custom actions in Python for complex logic and external integrations. For more information, refer to the Custom Actions.

  2. LangChain tool integration: Register LangChain tools as custom actions. Requires the LangChain framework. For more information, refer to the Tools Integration.

  3. Third-party API integration: Integrate external moderation and validation services. For a complete list of supported third-party guardrail services, refer to Third-Party APIs in the Guardrail Catalog.

You can integrate the NeMo Guardrails library into your application using the tools provided by the library.

  1. Python SDK: Use the Python SDK to add guardrails directly into your Python application.

    1from nemoguardrails import LLMRails, RailsConfig
    2
    3config = RailsConfig.from_path("./config")
    4rails = LLMRails(config)
    5
    6response = rails.generate(
    7 messages=[{"role": "user", "content": "Hello!"}]
    8)

    The generate method accepts the same message format as the OpenAI Chat Completions API.

  2. API Server: You can solely set up a guardrails server after programming guardrails using the Python SDK. You can then start a local NeMo Guardrails server with the following command.

    $nemoguardrails server --config ./config --port 8000

    The server exposes API endpoints such as /v1/chat/completions for guardrailed chat completions.

    $curl -X POST http://localhost:8000/v1/chat/completions \
    > -H "Content-Type: application/json" \
    > -d '{
    > "config_id": "my-config",
    > "messages": [{"role": "user", "content": "Hello!"}]
    > }'

Integration Paths

You can integrate the NVIDIA NeMo Guardrails library directly into a Python application or run a FastAPI service and call endpoints over HTTP/REST.

PathBest ForEntry Point
Python SDKApplications that can call the library directly from Python.Using Python APIs
Guardrails serverApplications that need an HTTP endpoint compatible with OpenAI-style chat completions.Using the Guardrails Server
Framework integrationsApplications that already use frameworks such as LangChain or LangGraph.LangChain Integrations

Learn More

Continue exploring the NVIDIA NeMo Guardrails library through these resources: