Skip to main content
Guardrails are an enterprise-only feature. They require the enterprise Bifrost image.
Credential and endpoint fields in guardrail provider config blocks support env.* references (e.g. env.AWS_SECRET_ACCESS_KEY). Bifrost resolves the value from the process environment at startup. See the Environment Variable Support section for the complete per-provider field list.
Guardrails are configured under bifrost.guardrails in your values file. The configuration has two parts:
  • providers - the backend that performs the check. Rules link to providers by id.
  • rules - CEL expressions that control when and where providers are invoked.

Providers

Runs entirely in-process with no external dependency. Patterns use RE2 syntax. Supports optional per-pattern flags: i (case-insensitive), m (multiline), s (dot-all). Each pattern can detect_only, block, or redact.
The Web UI’s PII Detection template is also a regex provider configuration. See Custom Regex for the full examples, and Guardrail Redaction for redaction mode behavior.

Environment Variable Support

Any field marked env.* supported below accepts a bare "env.VAR_NAME" string in addition to a literal value. Bifrost resolves the variable from the process environment at startup. Fields marked plain only must be a literal value (boolean, number, array, or string).

AWS Bedrock

Azure Content Safety

Microsoft Presidio

Azure AI Language PII

Google Model Armor

CrowdStrike AIDR

Patronus AI

Gray Swan

Regex

Secrets


Rules

Rules are CEL expressions that fire when their condition is met. Available CEL variables: Rule fields:

Full example