Quickstart

Junior-proof. Five steps from composer require to a guarded agent.

  1. Install the package

    composer require padosoft/laravel-ai-guardrails

  2. Publish the config

    php artisan vendor:publish --tag=ai-guardrails-config

  3. (Optional) Publish + run the audit migration — only if you want database-backed audit:

    php artisan vendor:publish --tag=ai-guardrails-migrations
php artisan migrate

    then set AI_GUARDRAILS_AUDIT_STORE=database in your .env.

  4. Guard a tool call (Control A) anywhere in your app:

    use Padosoft\AiGuardrails\Facades\AiGuardrails;

$safeTool = AiGuardrails::guard($refundTool); // re-scopes owner keys + validates args

  5. Screen a prompt or sanitize output:

    $verdict = AiGuardrails::screen($userPrompt);     // ->blocked, ->ruleId, ->refusalMessage
$clean   = AiGuardrails::sanitize($modelOutput);  // HTML/markdown sanitized + PII redacted

That’s it. Add the agent middleware to screen prompts and sanitize output automatically on every agent run.

The four controls are on by default — that is the point. The HITL bridge (hitl.enabled) and the HTTP API (api.enabled) are default-OFF because they need optional dependencies or an explicit opt-in.

What you just enabled

flowchart LR U[User prompt] --> B[Control B<br/>screen + audit] B -->|allowed| M[Model] B -.->|blocked| R[Refusal<br/>model never called] M --> C[Control C<br/>sanitize output] M --> A[Control A<br/>firewall tool args] A --> D[Control D<br/>HITL gate] C --> Out[Safe response]

Next steps

Understand the controls

A walkthrough of each defensive layer and the threat it closes.

The four controls →

Wire the middleware

Screen prompts and sanitize output automatically on your agents.

Middleware guide →

previous Introduction next Installation