Skip to content

List Configurations

GET /v1/guardrails/configs

Returns all policy IDs currently discoverable in the server's policy directory.

Response

[
  {"id": "default"},
  {"id": "permissive"},
  {"id": "strict"}
]

Each id value is a valid guardrails.config_id that can be passed to POST /v1/chat/completions.

Policy discovery rules

The server scans MEND_GUARDRAILS_POLICY_DIR (default: ./policies) at request time and returns everything it finds. No pre-loading occurs — the list reflects what is on disk at the moment the endpoint is called.

A path is included in the list when:

Path Included as
policies/strict.json "strict"
policies/permissive.yaml "permissive"
policies/default.yml "default"
policies/my-policy/policy.json "my-policy"
policies/my-policy/config.json "my-policy"
policies/my-policy/policy.yaml "my-policy"

Recognised top-level file extensions: .json, .yaml, .yml.

Recognised filenames inside a subdirectory: policy.json, policy.yaml, policy.yml, config.json, config.yaml, config.yml.

Results are returned in alphabetical order.

Example

curl

curl http://localhost:8000/v1/guardrails/configs

Python

import httpx

configs = httpx.get("http://localhost:8000/v1/guardrails/configs").json()
policy_ids = [c["id"] for c in configs]
print(policy_ids)  # ['default', 'permissive', 'strict']

Organising multiple policies

A common pattern is one policy per risk tier:

policies/
├── permissive.json   # Alert-only, no blocking
├── default.json      # Block obvious threats; alert on borderline
└── strict.json       # Block broadly; alert on anything suspicious

Clients then select the appropriate tier per request:

response = client.chat.completions.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": prompt}],
    extra_body={"guardrails": {"config_id": "strict"}},
)

GET /health

A lightweight liveness endpoint suitable for load-balancer and container health checks.

curl http://localhost:8000/health

{"status": "ok"}

Returns HTTP 200 as long as the server process is running. It does not validate whether any policies are loaded or whether the upstream LLM is reachable.