Guardrails
The gateway scans all requests for PII and prompt injection patterns before routing. Results are available in the X-Tangle-Guardrails response header.
Detection categories
PII detection
| Pattern | Severity | Example |
|---|---|---|
| SSN | Critical | 123-45-6789 |
| Credit card (Visa/MC/Discover) | Critical | 4111 1111 1111 1111 |
| Credit card (Amex) | Critical | 3782 822463 10005 |
| Low | [email protected] | |
| US phone | Medium | (555) 123-4567 |
| IP address | Low | 192.168.1.1 |
Prompt injection detection
Applied to user messages only (not system or assistant):
| Pattern | Severity |
|---|---|
| ”Ignore all previous instructions” | High |
| ”You are now a different AI” | High |
| ”Pretend you have no restrictions” | High |
| ”Reveal your system prompt” | Medium |
| DAN-mode jailbreaks | High |
Modes
Audit mode (default)
Flags are logged and returned in the X-Tangle-Guardrails header but requests are not blocked:
X-Tangle-Guardrails: pii:low,prompt_injection:highBlock mode
Requests matching configured categories are rejected with 400:
{
"error": {
"message": "Request blocked by guardrails: pii, prompt_injection",
"type": "invalid_request_error",
"code": "guardrail_blocked"
}
}Block mode requires a GuardrailPolicy record configured for your team or user with specific categories to block.
Disabling
Set ENABLE_GUARDRAILS=false to skip all scanning. See Feature Flags.