OpenGuardrailsOpenGuardrailsDocs

What is OpenGuardrails

OpenGuardrails (OGR) is a vendor-neutral protocol for AI agent safety & security. It defines a small, stable contract — GuardEvent, Verdict, provenance, and policy composition — so that any agent, any sandbox, and any safety/security detector can interoperate without custom glue.

You wire OGR into an agent once, then swap detectors and enforcement backends as data, not code — and every decision can allow, block, or require approval before the action runs.

One policy. Every agent, every sandbox, every detector.

The problem

Securing an agent today is an N×M×L×S mess: every Agent framework integrates with every safety Model, every LLM protocol, and every Sandbox, by hand. Change one and you rewrite the glue. OGR collapses this to N+M+L+S: each side speaks one protocol.

How it fits together

An agent emits GuardEvents at up to three altitudes — the LLM gateway, the agent's tool hooks, and the sandbox where code actually runs. A Runtime fans each event out to one or more detectors (your config rules, an LLM judge, a third-party guard model), composes their Verdicts into one decision (allow / block / require_approval / modify / redact), and enforces it. Provenance labels (trusted vs. untrusted inputs) travel with the event, so the same command can be allowed from the user but blocked when it originated from an untrusted web page.

Start here

OGR is Apache-2.0 and governance-neutral. Detectors compete on a neutral benchmark; you compose the winners.