Regexp Guardrail
The Regexp Guardrail (regexp_rail) is a deterministic guardrail that checks whether the text matches a specified regular expression pattern. It can run in pre-generation (checking user input) and post-generation (checking AI responses and tool call arguments).
When to Use
Use this guardrail to: - Prevent users from submitting known banned patterns or phrases. - Block responses containing sensitive information (e.g., PII like emails, credit card numbers, or social security numbers). - Strip out or block system formatting leaks (e.g., matching unwanted markdown or raw JSON blocks).
Configurable Fields
| Field | Key | Type | Default | Description |
|---|---|---|---|---|
| Regexp Pattern | regexp_pattern |
Textfield | None | The regular expression pattern to match against, including delimiters. Example: /[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}/i (matches emails). |
| Violation Message | violation_message |
Textarea | The text contains invalid content matching the pattern: @pattern |
The message returned when a match is found. Supports the @pattern placeholder to display the matched pattern. |
How it Evaluates Outputs
When evaluated as a post-generation guardrail, it scans both the final assistant message body and any tool call arguments generated by the model. This prevents sensitive data or disallowed patterns from bypassing checks through structured tool inputs.
Example Configuration
Below is an example configuration that checks for and blocks email addresses in either inputs or outputs:
id: regexp_guardrail
regexp_pattern: "/[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}/i"
violation_message: "Personally identifiable information (emails) is not allowed. Detected pattern: @pattern"