Home Dashboard GitHub

Guardrails V2: 8 Composable Checks, Pipeline Builder, 47 Tests

2026-03-14

guardrailspipeline-executorcheck-registry

What We Built

A composable check pipeline system for BrainstormRouter guardrails. Operators compose ordered sequences of checks (regex, PII, jailbreak detection, model allowlists, JSON validation) into named pipelines. Each check has configurable parameters, per-check failure actions (block/warn/log), and confidence thresholds. The pipeline executor runs readonly checks in parallel batches and transforming checks sequentially, with short-circuit on first block.

Phase A ships 8 built-in checks, the pipeline executor, full CRUD API, a dashboard builder with inline testing, and lockstep SDK updates. V1 provider-based guardrails continue working unchanged alongside V2 pipelines.

Why It Matters

Portkey offers 60+ composable guardrail checks in a visual builder. BrainstormRouter's V1 guardrails were coarse-grained: toggle a provider on/off, set a global mode. No per-check configuration, no composition, no pipeline testing. This gap was the #1 feature request from enterprise prospects evaluating the platform.

V2 closes that gap with a clean abstraction (CheckDefinition/CheckInstance pattern), a FormField schema that the dashboard renders with zero ambiguity, and a mutation policy that requires explicit opt-in before any check can modify request text.

How It Works

Check abstraction: Each check is a CheckDefinition with metadata (category, phase, tier, mutability, pricing) and a create(params) factory that returns a CheckInstance. The instance's execute(text, context) returns a CheckVerdict with pass/fail, confidence, reason, and optional transformed text.

Pipeline executor: Partitions checks into parallel batches (consecutive readonly) and sequential steps (transforming). First blocking verdict stops the pipeline. Confidence threshold filtering skips low-confidence verdicts. Per-pipeline timeout with fail-open/fail-closed policy. If the V2 executor itself errors, it fails open to the existing V1 guardrail chain (which may still block) — so "fail-open" means "fall back to V1 guardrails," not "pass through unchecked."

Param validation: Pipeline CRUD validates each check's params against the FormField schema declared by its CheckDefinition — required fields, type constraints, min/max bounds, select option enumeration, and array-of-strings structure are all enforced server-side before persistence.

8 built-in checks: regex_match, regex_replace (transforming), contains, word_count, json_schema, pii_regex (transforming), jailbreak_patterns, model_allowlist.

Dashboard: Three-tab layout (Pipelines, Check Catalog, Legacy Config). Pipeline editor with ordered check list, per-check param forms rendered from FormField types, up/down reorder, inline test runner showing per-check verdicts with timing.

The Numbers

  • 8 built-in checks covering structural, content, and policy categories
  • 47 unit tests (30 check tests + 17 executor tests), all passing
  • 8 new API endpoints with full CRUD + test capability
  • 7 new SDK methods in both TypeScript and Python
  • 0 lint errors, 0 TypeScript errors
  • V1 guardrails untouched: zero risk to existing behavior

Competitive Edge

BrainstormRouter is the only AI gateway that combines composable guardrail pipelines with Thompson sampling, memory, and autonomous agent orchestration. Portkey has composable checks but no intelligence layer. OpenRouter has no guardrails at all. With V2, operators get Portkey-grade check composition inside a platform that also routes, learns, and remembers.

Lockstep Checklist

  • [x] API Routes: src/api/routes/guardrails.ts — 8 new endpoints (catalog, pipeline CRUD, test)
  • [x] TS SDK: packages/sdk-ts/src/resources/guardrails.ts — 7 new methods + types
  • [x] Python SDK: packages/sdk-py/src/brainstormrouter/resources/guardrails.py — 7 new methods (sync + async)
  • [x] MCP Schemas: Not applicable (no MCP tool changes in Phase A)
  • [x] Auth Bridge: src/api/routes/auth.ts — 7 dashboard bridge routes added