capabilities.guardrails

Capability-native guardrails for pydantic-ai agents.

These capabilities are designed to bridge existing agent-runtimes guardrail specs with pydantic-ai's capability hooks.

GuardrailBlockedError Objects

class GuardrailBlockedError(RuntimeError)

Raised when a capability guardrail blocks execution.

TokenLimitCapability Objects

@dataclass
class TokenLimitCapability(AbstractCapability[Any])

Token/request/tool-call limits using capability hooks.

CostBudgetCapability Objects

@dataclass
class CostBudgetCapability(AbstractCapability[Any])

Cost budget guardrail with cumulative tracking.

ToolGuardCapability Objects

@dataclass
class ToolGuardCapability(AbstractCapability[Any])

Block or require approval for tool calls.

PermissionCapability Objects

@dataclass
class PermissionCapability(AbstractCapability[Any])

Permission gate for tools based on spec permission flags.

PromptInjectionCapability Objects

@dataclass
class PromptInjectionCapability(AbstractCapability[Any])

Prompt injection detector adapted from pydantic-ai-shields.

PiiDetectorCapability Objects

@dataclass
class PiiDetectorCapability(AbstractCapability[Any])

PII detector for input prompts.

SecretRedactionCapability Objects

@dataclass
class SecretRedactionCapability(AbstractCapability[Any])

Block secret leakage in model output.

BlockedKeywordsCapability Objects

@dataclass
class BlockedKeywordsCapability(AbstractCapability[Any])

Keyword/regex blocklist for prompts.

NoRefusalsCapability Objects

@dataclass
class NoRefusalsCapability(AbstractCapability[Any])

Block refusal-style model outputs.

InputGuardCapability Objects

@dataclass
class InputGuardCapability(AbstractCapability[Any])

Custom input guard function.

OutputGuardCapability Objects

@dataclass
class OutputGuardCapability(AbstractCapability[Any])

Custom output guard function.

AsyncGuardrailCapability Objects

@dataclass
class AsyncGuardrailCapability(AbstractCapability[Any])

Concurrent/monitoring guardrail wrapper capability.

DataScopeCapability Objects

@dataclass
class DataScopeCapability(AbstractCapability[Any])

Simple data-scope enforcement on tool args/results.

ContentSafetyCapability Objects

@dataclass
class ContentSafetyCapability(AbstractCapability[Any])

Detect prompt-injection patterns in tool output.

GuardrailBlockedError Objects​

TokenLimitCapability Objects​

CostBudgetCapability Objects​

ToolGuardCapability Objects​

PermissionCapability Objects​

PromptInjectionCapability Objects​

PiiDetectorCapability Objects​

SecretRedactionCapability Objects​

BlockedKeywordsCapability Objects​

NoRefusalsCapability Objects​

InputGuardCapability Objects​

OutputGuardCapability Objects​

AsyncGuardrailCapability Objects​

DataScopeCapability Objects​

ContentSafetyCapability Objects​