Guardrails

Content safety pipeline — providers, config, and testing.

Endpoints

Method	Path	Auth	Description
GET	`/v1/guardrails/providers`	API Key	List available providers
GET	`/v1/guardrails/templates`	API Key	List provider templates
POST	`/v1/guardrails/providers`	API Key	Register external provider
DELETE	`/v1/guardrails/providers/:id`	API Key	Remove external provider
GET	`/v1/guardrails/config`	API Key	Get pipeline config
PUT	`/v1/guardrails/config`	API Key	Update pipeline config
POST	`/v1/guardrails/test`	API Key	Test with sample text

List providers

curl https://api.brainstormrouter.com/v1/guardrails/providers \
  -H "Authorization: Bearer br_live_..."

Returns built-in scanners (builtin, pii, topic-restriction) plus any registered external providers.

Update config

curl -X PUT https://api.brainstormrouter.com/v1/guardrails/config \
  -H "Authorization: Bearer br_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": true,
    "mode": "block",
    "confidenceThreshold": 0.7,
    "providers": [
      {"id": "builtin", "enabled": true},
      {"id": "pii", "enabled": true}
    ]
  }'

Config fields

Field	Type	Description
`enabled`	boolean	Master switch
`mode`	string	`block`, `warn`, or `log`
`confidenceThreshold`	number	Minimum confidence to trigger (0-1)
`providers`	array	Ordered list of scanners to run

Register external provider

curl -X POST https://api.brainstormrouter.com/v1/guardrails/providers \
  -H "Authorization: Bearer br_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "id": "lakera",
    "name": "Lakera Guard",
    "endpoint": "https://api.lakera.ai/v1/guard",
    "api_key": "lk_...",
    "template": "lakera"
  }'

For custom providers without a template, specify result_mapping:

{
  "id": "custom-guard",
  "name": "My Guard",
  "endpoint": "https://guard.example.com/scan",
  "result_mapping": {
    "safe": "$.result.is_safe",
    "confidence": "$.result.score",
    "reason": "$.result.reason"
  }
}

Test pipeline

curl -X POST https://api.brainstormrouter.com/v1/guardrails/test \
  -H "Authorization: Bearer br_live_..." \
  -H "Content-Type: application/json" \
  -d '{"text": "My credit card is 4111-1111-1111-1111"}'

{
  "result": {
    "safe": false,
    "matches": [{ "type": "pii", "subtype": "credit_card" }],
    "scannersRun": 2,
    "durationMs": 3
  },
  "providers": {
    "resolved": ["builtin", "pii"],
    "failed": []
  }
}