Guardrails-llm-filter-extproc masks PII and secrets in traffic to LLMs using Envoy ext_proc, with support for multiple backends and observability features. It includes a quickstart, Envoy config hints, REST/GRPC management APIs, and rules storage options.
Collecting history — the radar snapshots this repo daily. The trend line appears after 3 days of data (1 so far).
What it is
guardrails-llm-filter-extproc masks sensitive data in traffic to LLM providers by integrating as an Envoy external processor (ext_proc). It masks request bodies based on ~260 built-in regex rules and restores originals on responses. It supports streaming responses and tool-call arguments, and can operate with OpenAI and Anthropic endpoints. The project is a Go-based implementation with Apache-2.0 license (license shown in README). The repository started in 2026 and has releases like v0.1.0.
How it works
The filter sits alongside the Envoy proxy in the traffic path and processes data through ext_proc (gRPC). It scans requests for sensitive data using built-in rules and replaces matches with placeholders (e.g., <EMAIL_1>). On the return path, originals are restored. It supports per-request overrides via a header (x-guardrails-data-types) and can be configured to forward unmasked traffic if the filter is unavailable (failure_mode_allow). It operates over gRPC and exposes a management API for settings and rules.
Getting started
Quick start is provided via a Docker-based example:
cd examples/quickstart
docker compose up --build
# in another terminal:
bash demo.sh
Envoy configuration for ext_proc is documented under the Config/Envoy section, with processing_mode settings showing request/response modes and buffering/streaming behavior. The project describes a per-request override header and instructions to remove the override header from client requests using:
request_headers_to_remove: [x-guardrails-data-types]
There is a web console that can run separately and connect to the management API at GUARDRAILS_API_ADDR (default :9080).
Recent releases
Latest release: v0.1.0 (2026-07-13) with tag v0.1.0-alpha mentioned as well; repo includes CHANGELOG and release notes in README. The Docker-based quickstart demonstrates the behavior with a demo. The README includes examples of adding a custom rule via REST API at /v1/rules.
Traction
Stars: 24
Behind the repo
Not specified in the README, no startup/company link provided beyond Cloud.ru branding.
Caveats
- License: Apache-2.0
- Requires TLS if gRPC is exposed; default is plaintext on :9000 for ext_proc, with TLS configurable via GUARDRAILS_GRPC_SECURE for TLS and self-signed certs. The README notes plaintext is safe only within trusted networks.
- Per-request header-based narrowing is optional and must be enabled via config/API; per-request header is x-guardrails-data-types and the default is not to enable narrowing.
- Per-repo notes: created 2026-07-13, last_push 2026-07-14, open_issues 0, forks 0.
