0% platform fee — first 1,000,000 customersClaim 0% fee
← All releases
v0.1· Release

v0.1 — Guardrails: pre/post-call enforcement

Guardrails in the request path on every plan — PII redaction, prompt-injection detection, keyword & regex filtering, custom webhook checks, and post-call response scanning — scoped at org, team, and key level.

Nemo Team2 min read
guardrailssecuritypii

Guardrails are live. Every chat completion, embedding, and image request now flows through a configurable safety pipeline before it reaches the provider — and the response flows back through it before it reaches the caller. No Enterprise paywall: every guardrail is available on every plan from day one.

What ships

Five guardrail providers, all in-path:

  • PII redaction — Microsoft Presidio. Detects and masks emails, phone numbers, SSNs, credit cards, names, addresses before the prompt leaves our infrastructure.
  • Prompt injection — heuristic detection across a weighted library of known injection patterns (instruction-override, role-switching, exfiltration). Blocks the request with a structured 400 when a pattern is matched.
  • Keyword / regex blocklists — bring your own term list or regex. Useful for compliance words, competitor names, internal codenames.
  • Custom guardrails — point at any HTTP endpoint that returns { allowed: bool, redacted_text?: string }. We call it pre- and post-call.
  • Response scanning — same providers run on the assistant message before the caller sees it.

Scope hierarchy

Guardrails are scoped at org, team, and key level, and they combine — a key-scoped guardrail adds to (rather than replaces) the team- and org-scoped ones, so every applicable guardrail runs. Per-request narrowing is also supported via extra_body.nemo_guardrail_ids — pass an array of IDs to prefer those for this call (block/redact guardrails always still run).

curl https://api.nemorouter.ai/v1/chat/completions \
  -H "Authorization: Bearer sk-nemo-..." \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gemini-2.5-flash",
    "messages": [{"role": "user", "content": "Email me at jane@example.com"}],
    "extra_body": { "nemo_guardrail_ids": ["pii-redact-default"] }
  }'

When a guardrail blocks, the response is a 400 with error.code = guardrail_blocked — never a silent pass-through.

Configure guardrails at /{org}/guardrails. Audit hits at /{org}/observability.