Skip to main content

Guardrail Optimization

The guardrail workflow was refactored from an embedded LLM-driven async generator loop to a set of atomic CLI commands. An external agent (Claude Code, etc.) orchestrates these commands in a loop following the protocol defined in AGENTS.md.

Atomic Commands

The four commands form a create-apply-eval-revert cycle:

CommandWhat it does
topics createCreate or update a custom topic definition (validates AIRS constraints, upserts by name)
topics applyAssign a topic to a security profile (additive, preserves existing topics)
topics evalScan a static CSV prompt set against the profile, compute metrics (TPR, TNR, coverage, F1), return FP/FN details
topics revertRemove topic from profile and delete the topic definition

Agent Loop Protocol

The external agent follows AGENTS.md:

  1. Establish baseline by running eval on the unmodified profile
  2. Create/update a topic definition
  3. Apply it to the profile
  4. Evaluate against the prompt set
  5. If metrics improve, keep the change; if they regress, revert
  6. Repeat indefinitely until interrupted

Key Design Decisions

  • No embedded LLM — the CLI is stateless; the agent provides all intelligence
  • No cross-run memory — the agent maintains its own context
  • No run persistence — no RunState JSON files; the agent tracks state externally
  • Atomic operations — each command succeeds or fails independently, making the workflow recoverable at any point

Topic Name Locking

The topic name is used as the upsert key. The create command validates AIRS constraints:

ConstraintLimit
Topic name100 characters
Description250 characters
Each example250 characters
Max examples5
Combined (description + all examples)1000 characters