Overview
The NVIDIA NeMo Guardrails library (PyPI | GitHub) is an open-source Python package for adding programmable guardrails to LLM-based applications. Use it to block, alter, or validate unsafe, off-topic, malicious, or policy-violating user inputs and model responses.
The library provides configuration files, Colang flows, built-in guardrails, custom actions, and integration APIs so you can add safety and control logic without rewriting your application or model backend.
How It Fits in the NVIDIA NeMo Software Stack
NVIDIA NeMo is a suite of microservices, tools, and libraries for building, deploying, and scaling LLM-based applications. The NVIDIA NeMo Guardrails library provides the developer-facing Python package for building and testing guardrails, while the NVIDIA NeMo Guardrails microservice provides a production-ready container image built on top of the same guardrails configuration model.
Configurations are portable between the library and microservice, so you can develop locally with the library and deploy to production with the microservice.
Core Building Blocks
The NVIDIA NeMo Guardrails library is organized around the following building blocks:
- Rails: Input, retrieval, dialog, execution, and output rails run at different stages of an LLM interaction.
- Configuration: YAML files define models, prompts, rails, tracing, and other runtime settings.
- Colang flows: Colang defines conversational flows, guardrail logic, and event-driven behavior.
- Custom actions: Python functions, tools, or external APIs extend guardrails with application-specific checks.
- Runtime interfaces: The Python SDK and guardrails server let applications send messages through a guardrailed interface.
Benefits
The NVIDIA NeMo Guardrails library helps teams add policy enforcement and safety checks around LLM applications while keeping the application architecture flexible.
- Add guardrails before and after LLM calls without changing the application LLM.
- Reuse the same YAML and Colang configuration across local development and microservice deployment.
- Combine built-in guardrails, NVIDIA safety models, community models, third-party APIs, and custom Python actions.
- Inspect and control user inputs, retrieved content, tool calls, and model outputs in one guardrails workflow.
Use Cases
Teams use the NVIDIA NeMo Guardrails library in the following scenarios.
🛡️ Add Content Safety
Content safety guardrails help ensure that both user inputs and LLM outputs are safe and appropriate. The NeMo Guardrails library provides multiple approaches to content safety:
- LLM self-checking: Use the LLM itself to check inputs and outputs for harmful content.
- NVIDIA safety models: Integrate with Llama 3.1 NemoGuard 8B Content Safety for robust content moderation.
- Community models: Use LlamaGuard, Fiddler Guardrails, and other community content safety solutions.
- Third-party APIs: Integrate with ActiveFence, Cisco AI Defense, and other moderation services.
For practical examples, try the following tutorials:
🔒 Add Jailbreak Protection
Jailbreak protection helps prevent adversarial attempts from bypassing safety measures and manipulating the LLM into generating harmful or unwanted content. The NeMo Guardrails library provides multiple layers of jailbreak protection:
- Self-check jailbreak detection: Use the LLM to identify jailbreak attempts.
- Heuristic detection: Use pattern-based detection for common jailbreak techniques.
- NVIDIA NemoGuard: Integrate with NemoGuard Jailbreak Detection NIM for advanced threat detection.
- Third-party integrations: Use Prompt Security, Pangea AI Guard, and other services.
For practical examples, try the following tutorial:
🎯 Control Topic Conversation
Topic control guardrails ensure that conversations stay within predefined subject boundaries and prevent the LLM from engaging in off-topic discussions. This is implemented through:
- Dialog rails: Pre-define conversational flows using the Colang language.
- Topical rails: Control what topics the bot can and cannot discuss.
- NVIDIA NemoGuard: Integrate with NemoGuard Topic Control NIM for semantic topic detection.
For practical examples, try the following tutorial:
🔐 Detect and Mask PII
Personally Identifiable Information (PII) detection helps protect user privacy by detecting and masking sensitive data in user inputs, LLM outputs, and retrieved content. The NeMo Guardrails library supports PII detection through multiple integrations:
- Gliner: Use NVIDIA GLiNER-PII for detecting entities such as names, email addresses, phone numbers, social security numbers, and more.
- Presidio-based detection: Use Microsoft Presidio for detecting entities such as names, email addresses, phone numbers, social security numbers, and more.
- Private AI: Integrate with Private AI for advanced PII detection and masking.
- Polygraf: Integrate with Polygraf for advanced PII detection and masking.
- AutoAlign: Use AutoAlign PII detection with customizable entity types.
- GuardrailsAI: Access GuardrailsAI PII validators from the Guardrails Hub.
PII detection can be configured to either detect and block content containing PII or to mask PII entities before processing.
For more information, refer to the Presidio Integration and PII Detection in the Guardrail Catalog.
🤖 Add Agentic Security
Agentic security provides specialized guardrails for LLM-based agents that use tools and interact with external systems. This includes:
- Tool call validation: Execute rails that validate tool inputs and outputs before and after invocation.
- Agent workflow protection: Integrate with LangGraph for multi-agent safety. Requires the LangChain opt-in (
NEMOGUARDRAILS_LLM_FRAMEWORK=langchain) and the matchinglangchain-*packages. - Secure tool integration: Review guidelines for safely connecting LLMs to external resources (refer to Security Guidelines).
- Action monitoring: Monitor detailed logging and tracing of agent actions.
Key security considerations for agent systems:
- Isolate all authentication information from the LLM.
- Validate and sanitize all tool inputs.
- Apply execution rails to tool calls.
- Monitor agent behavior for unexpected actions.
For more information, refer to the Tools Integration Guide, Security Guidelines, and LangGraph Integration.
🔧 Build Your Own or Use Third-party Guardrail Solutions
The NeMo Guardrails library provides extensive flexibility for creating custom guardrails tailored to your specific requirements. You can either build your own guardrails or use third-party guardrails. If you have a script or tool that runs a custom guardrail, you can use it in NeMo Guardrails by following one of these approaches:
-
Python actions: Create custom actions in Python for complex logic and external integrations. For more information, refer to the Custom Actions.
-
LangChain tool integration: Register LangChain tools as custom actions. Requires the LangChain framework. For more information, refer to the Tools Integration.
-
Third-party API integration: Integrate external moderation and validation services. For a complete list of supported third-party guardrail services, refer to Third-Party APIs in the Guardrail Catalog.
🔌 Integrate NeMo Guardrails Library into Your Application
You can integrate the NeMo Guardrails library into your application using the tools provided by the library.
-
Python SDK: Use the Python SDK to add guardrails directly into your Python application.
The
generatemethod accepts the same message format as the OpenAI Chat Completions API. -
API Server: You can solely set up a guardrails server after programming guardrails using the Python SDK. You can then start a local NeMo Guardrails server with the following command.
The server exposes API endpoints such as
/v1/chat/completionsfor guardrailed chat completions.
Integration Paths
You can integrate the NVIDIA NeMo Guardrails library directly into a Python application or run a FastAPI service and call endpoints over HTTP/REST.
Learn More
Continue exploring the NVIDIA NeMo Guardrails library through these resources:
- How It Works for the request flow and runtime layers.
- Guardrail Types for the stages where rails run.
- About Configuring Guardrails for YAML files, Colang flows, custom actions, and related settings.
- Get Started to install the library and run the first examples.