Definitions

Project

A project tracks a single user application, and draws from our existing definitions of controls around projects. A project can contain multiple stages.

Stage

A set of rulesets that are applied during one invocation. A stage can be composed of multiple rulesets, each of which are executed independently and defined as a prioritized list (i.e. order matters). The action for the ruleset with the highest priority is chosen for composing the response.

Rule

A condition or rule you never want your application to break. It's composed of three ingredients: a metric, an operator, and a target value. Your Rules should evaluate to False for the base case, and to True for unwanted scenarios.

In the example above, the "input/output shall never contain PII" is encoded into a Rule like below:

                    { 
                        "metric": "pii",
                        "operator": "contains",
                        "target_value": "ssn",
                    },

Or:

gp.Rule(
    metric=gp.RuleMetrics.pii,
    operator=gp.RuleOperator.contains,
    target_value="ssn"
)

See Supported Metrics and Operators to learn more about defining Rules.

Ruleset

A collection of one or more Rules combined with an Action. The Ruleset gets triggered when all of the rules are broken (i.e. all their condition evaluate to True). Rules are AND-ed together, not OR-ed, so all of them have to be True for the Ruleset to Trigger.

All of the Rules within a Ruleset are executed in parallel, and the final resolution depends on all of the rules being completed.

For example, a ruleset can be defined as "PII metric contains SSN AND toxicity greater than 0.8". This ruleset would be triggered if the output text was detected to contain an SSN and the toxicity of the output text was greater than 0.8.

The order in which Rulesets appear in the list matters. Only one Action gets taken In the example above, the ruleset is the list of Guardrail metrics stored in prioritized_rulesets.

gp.Ruleset(
    rules=[
        gp.Rule(
            metric=gp.RuleMetrics.pii,
            operator=gp.RuleOperator.contains,
            target_value="ssn"
        ),
        gp.Rule(
            metric=gp.RuleMetrics.toxicity,
            operator=gp.RuleOperator.gt,
            target_value=0.8
        )
    ],
)

Action

Actions are user-defined actions that are taken as a result of the ruleset being triggered. Galileo will provide a set of action types (override, passthrough), that the user can use, along with a configuration for each action type.

An action can be defined as:

gp.OverrideAction(
    choices=["Sorry, I cannot answer that question."]
)

The action would be included in the ruleset definition as:

gp.Ruleset(
    rules=[
        gp.Rule(
            metric=gp.RuleMetrics.pii,
            operator=gp.RuleOperator.contains,
            target_value="ssn"
        ),
        gp.Rule(
            metric=gp.RuleMetrics.toxicity,
            operator=gp.RuleOperator.gt,
            target_value=0.8
        )
    ],
    action=gp.OverrideAction(
        choices=["Sorry, I cannot answer that question."]
    )
)

Rules and Metrics

Each metric requires a specific operator and target value to be compared against. An exhaustive list of metrics supported along with the operators and target values can be found here.

At runtime, the rule is compared with the provided payload, and the metric is computed. If all of the rules are triggered, the ruleset is triggered and the action is applied.