Guardrails on every prompt — before the model ever sees it.
DVARA inspects every LLM request and response for prompt injection, jailbreak attempts, and unsafe content, then blocks, flags, or logs by policy. Detection runs inline on the gateway — in-process checks plus optional ML classifiers and your own HTTP plugins — so the protection travels with the call, not with each application.
Guardrails ship in every DVARA install — see pricing.
The model can't tell your instructions from an attacker's.
A poisoned document, a crafted user message, or a malicious tool response can override the system prompt, exfiltrate context, or push the model into unsafe output. Bolting a filter onto one app doesn't help the next app, the batch job, or the agent — “the model is usually fine” is not a control. DVARA enforces guardrails at the gateway, so every call is covered.
Input and output protection, on every call
Controls spanning 7 of the 10 categories — prompt injection, insecure output handling, sensitive-information disclosure, unbounded consumption, and more.
Cap input tokens, messages per request, message length, and default max-response tokens to stop resource-exhaustion abuse (OWASP LLM10).
Require responses to match a JSON Schema, with automatic retry on validation failure — so downstream code gets the shape it expects.
Flag claims in a response that aren’t supported by the source documents you provide, and block, flag, or log them.
Warn or prune as a request approaches the model’s context window, with configurable thresholds and pruning strategy.
Plug in Lakera or Google Shield Gemini for ML-based injection and jailbreak detection alongside the in-process checks.
Call your own detector over HTTP (HMAC-signed), per tenant or platform-wide, with fail-open or fail-closed behavior.
Guardrails run on streamed SSE output with a rolling window that catches patterns spanning chunk boundaries.
Scan, enforce, scan again, audit
- 1
Inbound scan
The prompt is checked for prompt injection, jailbreak attempts, and content violations before it is dispatched to any provider.
- 2
Enforce
Block, flag, or log per policy. Size limits — tokens, messages, message length — reject oversized requests early.
- 3
Outbound scan
The response is scanned for the same violations, optionally schema-validated and grounding-checked, before it returns to the caller.
- 4
Audit
Every guardrail decision is recorded in the signed audit trail and exported to Prometheus metrics.
Guardrail policy in DVARA Flightdeck


Common questions about LLM guardrails
Inbound prompts are scanned inline on the gateway with regex and heuristic detection, with optional ML classifiers (Lakera, Shield Gemini) and custom HTTP plugins. Matches above a configurable risk threshold are blocked, flagged, or logged.
Yes. Responses are scanned for the same content and injection patterns, can be required to match a JSON Schema, and can be grounding-checked against source documents — including on streaming responses.
Controls span 7 of the 10 categories, including prompt injection, insecure output handling, sensitive-information disclosure, and unbounded consumption via input, message, and response limits.
Yes. Register a custom HTTP guardrail plugin (HMAC-signed) per tenant or platform-wide, with fail-open or fail-closed behavior, alongside the built-in checks.
No. They run at the gateway, so any OpenAI-compatible client and any agent are covered on the first call with no code changes.
Put a guardrail on every call.
Guardrails ship in every DVARA install. Start a free 30-day trial, or read how it works.