Issue Station
Sign In
Tools hereToolbox

litellm - ✅(Solved) Fix [Feature]: Add PromptGuard as a first-class guardrail provider [1 pull requests, 1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
BerriAI/litellm#24272Fetched 2026-04-08 01:08:55
View on GitHub
Comments
0
Participants
1
Timeline
3
Reactions
0
Author
acebot712acebot712
Participants
acebot712acebot712
Timeline (top)
labeled ×2cross-referenced ×1

Error Message

guardrails:

  • guardrail_name: "promptguard-guard" litellm_params: guardrail: promptguard mode: "pre_call" api_key: os.environ/PROMPTGUARD_API_KEY api_base: os.environ/PROMPTGUARD_API_BASE # optional block_on_error: true # optional, fail-closed by default

Fix Action

Fixed

PR fix notes

PR #24268: Add PromptGuard guardrail integration

Description (problem / solution / changelog)

Closes #24272

Summary

Add PromptGuard as a first-class guardrail vendor in LiteLLM's proxy, appearing alongside existing partners in the Guardrail Garden UI.

PromptGuard is an AI security gateway that provides:

  • Prompt injection detection with 94.9% F1 score (100% precision, 90.4% recall on 5,384 test cases)
  • PII detection & redaction with configurable entity types
  • Topic filtering and entity blocklists
  • Hallucination detection
  • Self-hostable with drop-in proxy integration

What's included

Backend (Python):

  • PROMPTGUARD added to SupportedGuardrailIntegrations enum
  • PromptGuardGuardrailCustomGuardrail subclass implementing apply_guardrail via POST /api/v1/guard
    • decision: "allow" → pass through unchanged
    • decision: "block" → raise GuardrailRaisedException with threat details
    • decision: "redact" → return modified inputs with redacted content (updates both texts and structured_messages)
  • Configurable block_on_error (fail-closed by default, fail-open optional)
  • Explicit supported_event_hooks declaration (pre_call, post_call)
  • Image passthrough via GenericGuardrailAPIInputs.images
  • Pydantic config model with api_key, api_base, block_on_error, ui_friendly_name()
  • Auto-discovered via guardrail_hooks/promptguard/__init__.py registries (zero manual wiring)

Frontend (TypeScript):

  • Partner card in Guardrail Garden with eval scores
  • Preset configuration for quick setup
  • Logo in guardrailLogoMap

Documentation:

  • Full docs page at docs/proxy/guardrails/promptguard.md
  • Added to sidebar navigation

Tests:

  • 40 unit tests across 8 test classes covering configuration, allow/block/redact decisions, fail-open resilience, image passthrough, request payload construction, error handling, config model, and registry wiring
  • All tests use mocked HTTP responses (no real API calls)

Architecture

App → LiteLLM Proxy → PromptGuard API (/api/v1/guard) → decision: allow/block/redact
                    → LLM Provider (if allowed/redacted)

Files changed

FileType
litellm/types/guardrails.pyModified — enum entry
litellm/types/proxy/guardrails/guardrail_hooks/promptguard.pyNew — config model
litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.pyNew — guardrail hook
litellm/proxy/guardrails/guardrail_hooks/promptguard/__init__.pyNew — registry
tests/test_litellm/proxy/guardrails/guardrail_hooks/test_promptguard.pyNew — 40 tests
ui/litellm-dashboard/public/assets/logos/promptguard.svgNew — logo
ui/litellm-dashboard/src/components/guardrails/guardrail_garden_data.tsModified — partner card
ui/litellm-dashboard/src/components/guardrails/guardrail_garden_configs.tsModified — preset
ui/litellm-dashboard/src/components/guardrails/guardrail_info_helpers.tsxModified — logo map
docs/my-website/docs/proxy/guardrails/promptguard.mdNew — documentation
docs/my-website/sidebars.jsModified — sidebar entry

Test plan

  • poetry run black --check passes on all new/modified Python files
  • poetry run ruff check passes on all new/modified Python files
  • poetry run mypy --ignore-missing-imports passes (0 issues)
  • check-circular-imports passes
  • check-import-safety passes (from litellm import * succeeds)
  • 40/40 unit tests pass (pytest tests/test_litellm/proxy/guardrails/guardrail_hooks/test_promptguard.py)
  • npm run build succeeds (UI compiles with no errors)
  • npm run test passes (373 test files, 3626 tests)
  • CLA signed

Changed files

  • docs/my-website/docs/proxy/guardrails/promptguard.md (added, +258/-0)
  • docs/my-website/sidebars.js (modified, +1/-0)
  • litellm/proxy/guardrails/guardrail_hooks/promptguard/__init__.py (added, +42/-0)
  • litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py (added, +211/-0)
  • litellm/types/guardrails.py (modified, +5/-0)
  • litellm/types/proxy/guardrails/guardrail_hooks/promptguard.py (added, +37/-0)
  • tests/test_litellm/proxy/guardrails/guardrail_hooks/test_promptguard.py (added, +797/-0)
  • ui/litellm-dashboard/public/assets/logos/promptguard.svg (added, +95/-0)
  • ui/litellm-dashboard/src/components/guardrails/guardrail_garden_configs.ts (modified, +6/-0)
  • ui/litellm-dashboard/src/components/guardrails/guardrail_garden_data.ts (modified, +17/-0)
  • ui/litellm-dashboard/src/components/guardrails/guardrail_info_helpers.tsx (modified, +1/-0)

Code Example

guardrails:
  - guardrail_name: "promptguard-guard"
    litellm_params:
      guardrail: promptguard
      mode: "pre_call"
      api_key: os.environ/PROMPTGUARD_API_KEY
      api_base: os.environ/PROMPTGUARD_API_BASE  # optional
      block_on_error: true                        # optional, fail-closed by default
RAW_BUFFERClick to expand / collapse

Check for existing issues

  • I have searched the existing issues and checked that my issue is not a duplicate.

The Feature

Add PromptGuard as a first-class guardrail provider in LiteLLM, on par with existing vendors like Lakera, Noma, Prompt Security, and Bedrock Guardrails.

PromptGuard is an AI security gateway that provides:

  • Prompt injection detection — 94.9% F1 score (100% precision, 90.4% recall on 5,384 test cases)
  • PII detection & redaction — configurable entity types with automatic masking
  • Topic filtering — block conversations on prohibited topics
  • Entity blocklists — prevent references to blocked entities
  • Hallucination detection — identify factually unsupported claims
  • Self-hostable — can be deployed on-premise for data sovereignty requirements

Desired integration scope

Backend:

  • PromptGuardGuardrail as a CustomGuardrail subclass calling POST /api/v1/guard
  • Three decision paths: allow (pass-through), block (raise GuardrailRaisedException), redact (mask PII and pass-through)
  • Configurable block_on_error for fail-open/fail-closed behaviour
  • supported_event_hooks for pre_call and post_call
  • Image passthrough support via GenericGuardrailAPIInputs.images
  • Pydantic config model for UI-driven configuration

Frontend:

  • Partner card in the Guardrail Garden with eval scores and logo
  • Preset configuration for quick one-click setup

Documentation:

  • Full docs page at docs/proxy/guardrails/promptguard.md with Quick Start, config reference, advanced configuration (fail-open, multiple guardrails, always-on), and security features summary

Testing:

  • 40 mocked unit tests covering configuration, allow/block/redact decisions, fail-open resilience, image passthrough, request payload construction, error handling, config model, and registry wiring

Example config.yaml

guardrails:
  - guardrail_name: "promptguard-guard"
    litellm_params:
      guardrail: promptguard
      mode: "pre_call"
      api_key: os.environ/PROMPTGUARD_API_KEY
      api_base: os.environ/PROMPTGUARD_API_BASE  # optional
      block_on_error: true                        # optional, fail-closed by default

Motivation, pitch

PromptGuard fills a gap in LiteLLM's guardrail ecosystem by offering a self-hostable security gateway with deep prompt injection detection, PII redaction, and hallucination detection - capabilities that complement LiteLLM's existing vendor options. Having it as a first-class integration lets LiteLLM users protect their LLM applications without leaving the proxy ecosystem.

A complete implementation is available in PR #24268.

What part of LiteLLM is this about?

Proxy

LiteLLM is hiring a founding backend engineer, are you interested in joining us and shipping to all our users?

Yes

Twitter / LinkedIn details

LinkedIn Twitter

extent analysis

Fix Plan

To integrate PromptGuard as a first-class guardrail provider in LiteLLM, follow these steps:

  • Create a PromptGuardGuardrail class as a subclass of CustomGuardrail:
from litellm.guardrails import CustomGuardrail

class PromptGuardGuardrail(CustomGuardrail):
    def __init__(self, config):
        self.config = config
        self.api_key = config.api_key
        self.api_base = config.api_base
        self.block_on_error = config.block_on_error

    def call(self, input_data):
        # Call PromptGuard API with input data
        response = requests.post(self.api_base + "/api/v1/guard", headers={"Authorization": f"Bearer {self.api_key}"}, json=input_data)
        # Handle response and make decisions (allow, block, redact)
        if response.status_code == 200:
            decision = response.json()["decision"]
            if decision == "allow":
                return input_data
            elif decision == "block":
                raise GuardrailRaisedException("Blocked by PromptGuard")
            elif decision == "redact":
                # Redact PII and return modified input data
                return self.redact_pii(input_data, response.json()["redacted_data"])
        else:
            if self.block_on_error:
                raise GuardrailRaisedException("Error calling PromptGuard API")
            else:
                return input_data
  • Implement the supported_event_hooks method to support pre_call and post_call events:
def supported_event_hooks(self):
    return ["pre_call", "post_call"]
  • Add image passthrough support via GenericGuardrailAPIInputs.images:
def call(self, input_data):
    # ...
    if input_data.get("images"):
        # Pass through images without modification
        return input_data
    # ...
  • Create a Pydantic config model for UI-driven configuration:
from pydantic import BaseModel

class PromptGuardConfig(BaseModel):
    api_key: str
    api_base: str = "https://api.promptguard.co"
    block_on_error: bool = True
  • Update the config.yaml file with the PromptGuard configuration:
guardrails:
  - guardrail_name: "promptguard-guard"
    litellm_params:
      guardrail: promptguard
      mode: "pre_call"
      api_key: ${PROMPTGUARD_API_KEY}
      api_base: ${PROMPTGUARD_API_BASE}
      block_on_error: true

Verification

To verify the integration, test the PromptGuardGuardrail class with various input data and scenarios, including:

  • Allow decisions
  • Block decisions
  • Redact decisions
  • Error handling
  • Image passthrough

Extra Tips

  • Ensure the PromptGuard

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#ssr#installation#tensor shape#autograd error#model loading#dependency error#configuration error#environment variable

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING