NeMo Guardrails Terminology#

The following terms identify the key concepts related to managing LLM safety by using NeMo Guardrails microservice.

LLM provider

A hosted or managed service for using an LLM. The provider can be NVIDIA API Catalog, a locally deployed NIM for LLMs, or another API endpoint such as the OpenAI API.

LLM endpoint

The endpoint for submitting completion requests to an LLM.

Guardrail configuration

A guardrail configuration supported by the NeMo Guardrails open-source toolkit. The configuration specifies the LLM provider, endpoint, and the rails to apply to user input and LLM output.

Rail, or guardrail

A specific way of controlling the interaction with an LLM. This includes:

  • Input Rails

  • Dialog Rails

  • Retrieval Rails

  • Execution Rails

  • Output Rails

Input rails

Applied to the user input. An input rail can reject the input, stopping any additional processing, or alter the input–such as masking potentially sensitive data–to rephrase.

Dialog rails

Influence how the LLM is prompted. Dialog rails operate on canonical form messages and determine the next action to take. For example, should the LLM generate the next step, generate a response, or should NeMo Guardrails return a predefined response instead? For more information, refer to Colang Guide in the NeMo Guardrails toolkit documentation.

Retrieval rails

Applied to the retrieved chunks in the case of a retrieval augmented generation (RAG) deployment. A retrieval rail can reject a chunk, preventing it from being used to prompt the LLM, or alter the relevant chunks, such as masking potentially sensitive data.

Execution rails

Applied to input and output of the custom actions, referred to as tools, for the LLM to call.

Output rails

Applied to the output generated by the LLM. An output rail can reject the output, preventing it from being returned to the user, or alter it, such as removing sensitive data.

Configuration store provider

A hosted or managed service for storing guardrail configurations. In most cases, a local directory is used, but the microservice supports PostgreSQL.

Configuration store

A specific location from which guardrail configurations can be loaded, such as a directory or database, accessible through a configuration store provider.