Production Ready
Built for the Enterprise
Real-world patterns for ensuring safety and compliance in your AI applications. Copy, paste, and ship with confidence.
Example 01
Financial Compliance
Prevent your AI from making unauthorized guarantees ('100% no risk') or acting like a regulated financial advisor.
What this enforces
- Blocks '100% no risk', 'guaranteed return'
- Prevents regulatory exposure
- Deterministic compliance gate
finance-agent.ts
1import { verify } from "gateia";
2import { z } from "zod";
3
4const FinancialReply = z.object({
5 message: z.string(),
6 disclaimer_required: z.boolean(),
7});
8
9const result = await verify({
10 output: llmResponse,
11 contract: FinancialReply,
12 policies: ["finance-safe"],
13 mode: "enforce",
14});
15
16if (!result.allowed) {
17 // Block non-compliant guarantees
18 return send("This request requires manual review.");
19}
20
21send(result.safeOutput.message);
customer-support.ts
1import { verify } from "gateia";
2import { z } from "zod";
3
4const SupportReply = z.object({
5 reply_text: z.string(),
6});
7
8const result = await verify({
9 output: llmResponse,
10 contract: SupportReply,
11 policies: ["pii-safe"],
12 mode: "enforce",
13});
14
15if (!result.allowed) {
16 return send("I can’t share personal contact details here.");
17}
18
19send(result.safeOutput.reply_text);
Example 02
Customer Support Privacy
Automatically redact or block sensitive PII like emails and phone numbers before they reach the user.
What this enforces
- Blocks or redacts emails & phone numbers
- Prevents accidental PII leakage
- Safe for customer-facing bots
Example 03
Secret Leakage Prevention
Ensure your internal debug agents never accidentally output valid API keys or credentials.
What this enforces
- Detects AWS, Stripe, OpenAI, Slack keys
- Prevents credential exfiltration
- Protects infra & accounts
internal-tool.ts
1import { verify } from "gateia";
2import { z } from "zod";
3
4const DebugOutput = z.object({
5 explanation: z.string(),
6});
7
8const result = await verify({
9 output: llmDebugResponse,
10 contract: DebugOutput,
11 policies: ["secrets-safe"],
12 mode: "enforce",
13});
14
15if (!result.allowed) {
16 audit.log("Secret leak blocked", result.enforcement);
17 throw new Error("Sensitive credentials detected");
18}
19
20return result.safeOutput.explanation;
frontend-render.ts
1import { verify } from "gateia";
2import { z } from "zod";
3
4const HtmlContent = z.object({
5 html: z.string(),
6});
7
8const result = await verify({
9 output: llmGeneratedHtml,
10 contract: HtmlContent,
11 policies: ["markup-safe"],
12 mode: "enforce",
13});
14
15if (!result.allowed) {
16 return render("<p>Content blocked for security reasons.</p>");
17}
18
19render(result.safeOutput.html);
Example 04
Frontend Security
Render AI-generated HTML safely by automatically blocking XSS vectors and malicious scripts.
What this enforces
- Blocks <script>, iframe, javascript: URLs
- Prevents XSS attacks
- Safe rendering in browsers
Roadmap
Upcoming Enterprise Policies
We are building the most comprehensive guardrail library for mission-critical AI. Here is what is shipping next.
| Policy ID | Category | Description | Status |
|---|---|---|---|
execution-safety | Security | Execution Safety Guard Blocks shell commands, SQL mutations, filesystem & network instructions to prevent accidental destructive commands. | In Development |
unsafe-automation | Reliability | Automation Reliability Enforces required fields, strict enums, and no placeholders ('N/A') to prevent broken or unsafe automated actions. | Planned |
data-loss-prevention | Security | Data Exfiltration Guard Detects internal IDs, internal URLs, and system identifiers to prevent leakage of internal business data. | In Development |
format-stability | Reliability | Output Format Stabilizer Enforces stable keys, casing, types, enums, and no extra fields to prevent output format regressions. | Planned |
overreach-prevention | Compliance | Authority Boundary Blocks capability claims ('I will approve', 'I can reset') to prevent false authority or unsafe promises. | In Development |
cost-explosion-guard | Cost Control | Resource Cost Control Requires explicit limits and blocks fan-out language to prevent unbounded or expensive actions. | Planned |
audience-boundary | Security | Internal Audience Guard Blocks internal jargon, system names, and org-only references to prevent internal context leaking externally. | In Development |
Ready to secure your AI?
Start validating your LLM outputs with deterministic guardrails today.