LLM Guardrails · In-Process Enforcement

LLM guardrails that runinside your process.

LLM guardrails intercept model outputs before they reach users — blocking prohibited content, requiring legal disclosures, and redacting PHI. Peekr enforces them synchronously in your Python process, with no proxy, no added latency, and a tamper-evident audit log on every violation.

Three guardrail types, one SDK

Every Peekr compliance pack is built from three primitives. You can combine them — or write your own custom rules using the same interface.

Blocked output

Block what the LLM says

Regex patterns matched against every model response before it reaches your caller. If the pattern fires, Peekr raises a GuardrailError — the response never leaves your process.

# "You have diabetes" → GuardrailError
# HIPAA: AI stating diagnosis as fact
pattern: "(diagnos|you have).{0,60}(cancer|HIV|diabetes)"
Blocked input

Block what goes into the model

Patterns matched against the prompt before the model sees it. Catches PHI injected via tool outputs, user messages, or retrieval — before it reaches the API.

# Medical history in prompt → GuardrailError
# ADA: Prohibited pre-offer disability inquiry
pattern: "do you have (a|an)? (disability|medical condition)"
Required text

Require what the LLM must say

A string that must appear somewhere in the response. If it's absent, the guardrail fires. Use this for legally required disclaimers your model sometimes skips.

# Missing disclaimer → GuardrailError or warn
# HIPAA: Required disclaimer for health information
required: "This is not a diagnosis or medical advice"

Why in-process guardrails matter

Proxy-based guardrails route every LLM call through an external service — adding latency, a new failure point, and another place your data travels. Peekr runs enforcement synchronously in your Python process, before any response reaches your caller:

Zero proxy latency

Rules are fetched from Peekr Cloud at startup and cached locally. Enforcement is a local regex match — no network hop on the hot path.

No data leaves your stack

PHI never travels to a proxy. Only PII-redacted span metadata is exported to Peekr Cloud — and only what you allow.

Audit log before error propagation

Violations are written to the span before GuardrailError propagates. Your compliance team always has the record, even if the caller catches the error.

Rules update without redeploys

Compliance packs live in Peekr Cloud. When a regulation changes, the new pattern is picked up at the next startup — no SDK release, no PR.

Add guardrails in 2 lines

Pass guardrails=[...] or compliance=["HIPAA"] to peekr.instrument(). Everything else — patching, enforcement, logging — is automatic.

import peekr
from peekr.guard import GuardrailError

peekr.instrument(
    exporter=peekr.HTTPExporter(
        endpoint="https://peekr.starkspherelabs.com",
        api_key="pk_live_...",
    ),
    compliance=["HIPAA", "FDCPA"],   # industry packs
    guardrails=[
        peekr.guard.PIIRedact(),
        peekr.guard.HallucinationBlock(threshold=0.5),
    ],
)

# GuardrailError carries the pack name + regulatory citation
try:
    resp = client.chat.completions.create(...)
except GuardrailError as e:
    log.warn(f"[{e.guardrail_name}] {e}")

Built-in guardrail primitives

Three SDK primitives ship on all plans. Combine them with any of the 17 industry compliance packs.

PIIRedact

Strips email, phone, SSN, credit card, and IP before spans are stored. Mutates the span in-place — no copy of raw PHI ever leaves your process.

peekr.guard.PIIRedact()

Blocklist

Block arbitrary terms, regex patterns, or API-key formats. COMMON_SECRETS catches OpenAI, Anthropic, AWS, and GCP key patterns out of the box.

peekr.guard.Blocklist(
  patterns=Blocklist.COMMON_SECRETS,
  action="redact",
)

HallucinationBlock

Raises GuardrailError when the faithfulness score falls below your threshold. The violation is stored on the span before the error propagates.

peekr.guard.HallucinationBlock(threshold=0.5)

Go deeper

Ship LLM guardrails today — free

10,000 spans/month free. All compliance packs included. No credit card, no proxy, no lock-in.