Skip to main content
You want a content policy in place fast, without hand-writing regexes or PII entity lists. The template library is the shortcut: a set of ready-made guardrail presets, grouped by use case, that each seed a working policy in one click. Pick one, name it, and you have a complete ordered rule set you can attach to a key — or edit first. This is a focused landing for the preset use case. For the full guardrail engine — every rule type, field, action, and route — see the Guardrails reference.

1. What the ai guardrail templates library gives you

A preset is a named starting point that drops a complete Policy (one or more ordered rules) into the create modal. The presets are authored server-side, so the console picker, the Test sandbox, and these docs all describe the exact same behavior — there is one source of truth. Every preset is a seed, not a lock. Once you apply one, you own the copy: rename it, add or delete rules, change a rule’s action or stage, retune a detector. Nothing about the original template constrains your edits.
Applying a preset, like all guardrail authoring, is a console action under your own workspace session, and creating or editing a guardrail requires Developer+ in the workspace. Only the final /v1/* relay call uses an sk-orca-... key.

2. Preset categories

The picker groups presets into eight categories. Each maps to a common control you’d otherwise build by hand:
Detect and mask (or block) emails, phones, SSNs, cards, IPs and more. Start with PII Shield for one-rule masking, or a strict blocker when PII must never reach the provider.
Block AWS / OpenAI / GitHub keys, PEM private keys, cloud tokens and crypto-wallet addresses before they leave the gateway. See Block secrets.
PCI card blocks, EU/UK identifier blocks, healthcare-identifier blocks, and an observe-only compliance logger that records PII occurrences without changing traffic.
Keyword denylists for profanity, competitor mentions, and region-specific banned terms — block or mask. See Brand safety and Sensitive words.
Keyword/regex rails for prompt-injection phrases, jailbreak / role-play patterns, system-prompt leak detection, and self-harm denylists. See Prompt injection.
max_chars caps on the request prompt and the model response to bound cost and latency. See Cost guardrails.
URL filters, markdown-image blocks (image-exfil defense), shell-injection patterns, and SQL-injection-in-output filters for agent flows. See Agentic guardrails.
.env / secret-file assignment blocks, strong-copyleft license flags (GPL / AGPL / LGPL / SSPL) on requests and model output, and a non-blocking advisory that annotates prompts referencing high-risk sinks (eval, os.system, pickle.loads). See Code security.
Presets only seed the deterministic rule types — keyword, regex, PII, and max-chars. The advanced rule types (external vendor, LLM judge, contextual grounding) are added from the rule builder, not from a template, because they need a connection or a model you choose.

3. Apply a preset as a seed

Every step here is a console action. The relay key shows up only in the final request.
1

Open the template picker

In the console, open Guardrails and click the New guardrail split-button. The picker opens grouped by the eight categories above.
2

Pick a preset

Choose one — e.g. PII Shield from the PII category. It seeds a complete policy (here, a single masking pii rule). The picker shows each preset’s description so you know what it does before you apply it.
3

Name it and edit freely

Give it a name (≤ 64 chars). The seeded rules are now yours — add, delete, or retune any of them. A preset is a seed, not a lock.
4

Test before you attach

Open the Test tab, paste a sample, pick a stage, and run the policy locally — no upstream call, no quota. Prove it does what you expect before any key points at it.
5

Attach a key

Edit an API key and pick the guardrail from the Guardrail dropdown (sets guardrail_id on the key), or mark it the workspace default. See Attach to a key and Account default.

4. One concrete example: seed, then enforce

Apply the PII Shield preset. It seeds exactly one rule: 
{
  "type": "pii",
  "stage": "both",
  "action": "mask",
  "entities": ["email", "phone", "ssn", "credit_card", "ip"]
}
That’s a usable masking policy out of the box. But because the preset is a seed, you can immediately tighten it — for example, swap two entities to block with a per-entity override so cards and SSNs are rejected outright while the rest are masked: 
{
  "type": "pii",
  "stage": "input",
  "action": "mask",
  "entities": ["email", "phone", "ip", "credit_card", "ssn"],
  "entity_actions": {
    "credit_card": "block",
    "ssn": "block"
  }
}
Save, attach to a key, and call the gateway exactly as before — no SDK change, no redeploy: 
curl https://api.orcarouter.ai/v1/chat/completions \
  -H "Authorization: Bearer sk-orca-..." \
  -H "Content-Type: application/json" \
  -d '{
    "model": "openai/gpt-4o-mini",
    "messages": [
      {"role": "user", "content": "Reply to jane@acme.com please"}
    ]
  }'
The gateway masks the email to [EMAIL] before forwarding. A request carrying a card number is rejected with HTTP 400 guardrail_blocked — which costs no quota (an input block fires before metering) and is marked skip-retry. See the guardrail_blocked error.
The PII Shield preset seeds a both-stage masking rule, but live masking of model output and streamed responses is on the roadmap — input-stage masking is the live path (the gateway scrubs the request before the model sees it). To gate model responses today, an output block rule is enforced both streaming and non-streaming. See Output-stage rules and Streaming coverage.

5. After you apply — the rest is the engine

A preset is just a fast way to author rules. Everything downstream is the normal guardrail engine:
You getWhere
Per-rule actionsActions
Test + evalTesting & eval
What firedMatches feed
Roll back a changeVersioning
Every create, update, and delete on a guardrail — including the moment you apply a preset and save — writes a versioned history row. You can diff any two versions and revert to an earlier one, so editing a seeded policy is never a one-way door. See Versioning.

6. Where to go next

PII Shield

The one-click PII-masking preset, start to finish.

Block secrets

The Secrets Blocker preset — catch keys and credentials in the request.

Agentic guardrails

URL, markdown-image, shell, and SQL filters for agent flows.

Guardrails reference

The complete engine — every rule type, field, and route.
Presets seed content policies. To govern an agent’s tool calls — deny destructive actions, redact tool-call arguments, require approval — start with the Firewall and Securing AI agents. For how the two layers split the work, see Guardrails vs. Firewall.