GuardRails — Security & Reliability Framework

What GuardRails Does Every node execution in BizFirst AI runs through a configurable pipeline of guards. Guards check inputs, enforce rate limits, detect PII, apply timeouts, and redact sensitive data from outputs — all automatically, with zero changes to individual node code.

The Core Idea

In a multi-tenant AI workflow platform, every node execution is a potential risk surface. A single unguarded node can leak customer PII, allow runaway API calls, or fail silently when a downstream dependency goes down. GuardRails solves this by adding a policy enforcement layer that is:

Universal — the same guards work for any node type: HTTP, email, AI, database, or custom
Configurable per node — each node gets its own guard pipeline from a JSON config
Pluggable — built-in guards cover the common cases; you can add your own via the plugin system
Fail-secure by default — security-critical guards block on failure; infrastructure guards fail open with a warning
Non-invasive — node executors need zero changes; guards attach at the BaseNodeExecutor level

Three Execution Phases

GuardRails intercepts every node execution at three points:

Pre — Before the node runs

Validates inputs, checks rate limits, verifies circuit breaker health, starts the timeout clock, and detects PII in the incoming data. If any security-critical guard blocks, the node never executes.

Node Execution

The actual node logic runs: sends email, calls API, queries database, invokes AI model, etc.

Post — After the node succeeds

Checks the elapsed time against the timeout, redacts PII from the output before it reaches the caller, and validates the output schema.

Error — When the node throws

Records circuit breaker state, writes audit violations, logs the exception. Error handlers never block — they observe and record only.

Built-in Guards

TimeoutGuard

Enforces a maximum execution time. Blocks or warns when a node runs too long.

PrePost

InputValidationGuard

Validates the node's input against a JSON schema. Blocks or warns on schema violations.

Pre

RateLimitingGuard

Enforces requests-per-second limits at global, tenant, or user scope.

Pre

CircuitBreakerGuard

Opens the circuit when downstream dependencies (Redis, rate limiter) are unhealthy.

Pre

PiiDetectionGuard

Scans node input for 10 PII types (SSN, email, credit card, phone…) and blocks if found.

Pre

PiiRedactionGuard

Redacts PII from node output using mask, hash, or partial methods before returning to caller.

Post

What's in This Guide

How It Works

Four-layer architecture, execution flow, and the contract between guards and nodes.

Business Benefits

Why GuardRails matters: compliance, reliability, cost control, and security posture.

Built-in Guards

Complete reference for Timeout, InputValidation, RateLimiting, and CircuitBreaker guards.

PII Guards

PII detection (10 patterns), redaction methods, anonymization, and the composite NodeGuard.

Configuration

Full JSON config schema: groups, mandatoryGroups, per-guard settings, and caching.

Use Cases

Seven real-world scenarios showing how GuardRails solves common enterprise problems.

Bring Your Own Guard

Build a custom guard, register it as a plugin, and wire it into the pipeline.

Integration

How GuardRails hooks into BaseNodeExecutor and the ProcessEngine execution pipeline.

Status: Phases 1–4 Complete 81 tests passing. Domain contracts, Service layer, Provider.Core, Provider.PII guards, and BaseNodeExecutor integration are all production-ready. Phase 5 (full PII pipeline dispatch) and Phase 6 (Octopus agent integration) are planned.

Next: How It Works →