Skip to content

Guardrails 节点#

¥Guardrails node

使用 Guardrails 节点强制执行文本的安全策略、隐私策略和内容策略。你可以使用它在将用户输入发送到 AI 模型之前对其进行验证,或者在将 AI 模型的输出用于工作流程之前对其进行检查。

¥Use the Guardrails node to enforce safety, security, and content policies on text. You can use it to validate user input before sending it to an AI model, or to check the output from an AI model before using it in your workflow.

Chat Model Connection Required for LLM-based Guardrails

当使用基于 LLM 的防护措施并执行“检查违规文本”操作时,此节点需要将“聊天模型”节点连接到其“模型”输入。许多防护检查(例如越狱、NSFW 和主题对齐)都基于 LLM,并使用此连接来评估输入文本。

¥This node requires a Chat Model node to be connected to its Model input when using the Check Text for Violations operation with LLM-based guardrails. Many guardrail checks (like Jailbreak, NSFW, and Topical Alignment) are LLM-based and use this connection to evaluate the input text.

节点参数#

¥Node parameters

使用这些参数来配置 Guardrails 节点。

¥Use these parameters to configure the Guardrails node.

操作#

¥Operation

此节点的操作模式,用于定义其行为。

¥The operation mode for this node to define its behavior.

  • 检查文本违规:提供一整套安全防护措施。任何违规都会将项目发送到失败分支。

¥Check Text for Violations: Provides a full set of guardrails. Any violation will send items to Fail branch.

  • 文本清理:提供部分防护措施,可检测 URL、正则表达式、密钥或个人身份信息 (PII),例如调用号码和信用卡号。该节点会将检测到的违规项替换为占位符。

¥Sanitize Text: Provides a subset of guardrails that can detect URLs, regular expressions, secret keys, or personally identifiable information (PII), such as phone numbers and credit card numbers. The node replaces detected violations with placeholders.

待检查文本#

¥Text To Check

防护栏评估的文本。通常,你可以使用来自先前节点的表达式来映射此文本,例如用户查询中的文本或 AI 模型的响应。

¥The text the guardrails evaluate. Typically, you map this text using an expression from a previous node, such as text from a user query or a response from an AI model.

Guardrails#

选择一个或多个要应用于“要检查的文本”的保护规则。从列表中添加护栏后,其具体配置选项将显示在下方。

¥Select one or more guardrails to apply to the Text To Check. When you add a guardrail from the list, its specific configuration options appear below.

  • 关键字:检查指定的关键字是否出现在输入文本中。

¥Keywords: Checks if specified keywords appear in the input text.

  • 关键字:要阻止的单词列表(以逗号分隔)。

    ¥Keywords: A comma-separated list of words to block.

  • 越狱:检测绕过 AI 安全措施或利用模型漏洞的尝试。

¥Jailbreak: Detects attempts to bypass AI safety measures or exploit the model.

  • 自定义提示:(布尔值)启用此选项后,将显示一个文本输入框,其中包含越狱检测模型的默认提示。你可以更改此提示以微调防护措施。

    ¥Customize Prompt: (Boolean) If you turn this on, a text input appears with the default prompt for the jailbreak detection model. You can change this prompt to fine-tune the guardrail.

  • 阈值:介于 0.0 和 1.0 之间的值。此表示 AI 模型将输入标记为越狱尝试所需的置信度级别。更高的阈值更加严格。

    ¥Threshold: A value between 0.0 and 1.0. This represents the confidence level required from the AI model to flag the input as a jailbreak attempt. A higher threshold is stricter.

  • NSFW:检测生成不适宜工作场所观看 (NSFW) 内容的尝试。

¥NSFW: Detects attempts to generate Not Safe For Work (NSFW) content.

  • 自定义提示:(布尔值)启用此选项后,将显示一个文本输入框,其中包含 NSFW 检测模型的默认提示。你可以更改此提示以微调防护措施。

    ¥Customize Prompt: (Boolean) If you turn this on, a text input appears with the default prompt for the NSFW detection model. You can change this prompt to fine-tune the guardrail.

  • 阈值:介于 0.0 和 1.0 之间的值,表示将内容标记为 NSFW 所需的置信度。

    ¥Threshold: A value between 0.0 and 1.0 representing the confidence level required to flag the content as NSFW.

  • PII:检测文本中的个人身份信息 (PII)。

¥PII: Detects personally identifiable information (PII) in the text.

  • 类型:选择要扫描的 PII 实体:

    ¥Type: Choose which PII entities to scan for:

    • 全部:扫描所有可用的实体类型。

    ¥All: Scans for all available entity types.

    • 已选:允许你从列表中选择特定实体。

    ¥Selected: Allows you to choose specific entities from a list.

  • 实体:(如果选择了“类型”,则会显示此信息)要检测的个人身份信息 (PII) 类型的多选列表(例如,CREDIT_CARDEMAIL_ADDRESSPHONE_NUMBERUS_SSN)。

    ¥Entities: (Appears if Type is Selected) A multi-select list of PII types to detect (for example, CREDIT_CARD, EMAIL_ADDRESS, PHONE_NUMBER, and US_SSN).

  • 密钥:检测文本中是否存在密钥或 API 凭据。

¥Secret Keys: Detects the presence of secret keys or API credentials in the text.

  • 权限范围:标记密钥时,检测的严格程度应该如何?

    ¥Permissiveness: How strict or permissive the detection should be when flagging secret keys:

    • 严格

    ¥Strict

    • 宽松权限

    ¥Permissive

    • 已平衡

    ¥Balanced

  • 主题对齐:确保对话保持在预定义的范围或主题(也称为 "业务范围")内。

¥Topical Alignment: Ensures the conversation stays within a predefined scope or topic (also known as "business scope").

  • 提示:定义允许主题的预设提示。此安全机制会检查“要检查的文本”是否与此提示一致。

    ¥Prompt: A preset prompt that defines the allowed topic. The guardrail checks if the Text To Check aligns with this prompt.

  • 阈值:介于 0.0 和 1.0 之间的值,表示将输入标记为离题所需的置信度。

    ¥Threshold: A value between 0.0 and 1.0 representing the confidence level required to flag the input as off-topic.

  • URL:管理节点在输入文本中查找的 URL。它会将所有 URL 检测为违规,除非你在“阻止所有 URL”中指定它们。

¥URLs: Manages URLs the node finds in the input text. It detects all URLs as violations, unless you specify them in Block All URLs Except.

  • 阻止除以下 URL 之外的所有 URL:(可选的)允许的 URL 列表(以逗号分隔)。

    ¥Block All URLs Except: (Optional) A comma-separated list of URLs that you permit.

  • 允许的协议:选择要允许的 URL 方案(例如,httpshttpftpmailto)。

    ¥Allowed Schemes: Select the URL schemes to permit (for example, https, http, ftp, and mailto).

  • 阻止用户信息:(布尔值)启用此选项后,节点会阻止包含用户凭据(例如 user:pass@example.com)的 URL,以防止凭据注入。

    ¥Block userinfo: (Boolean) If you turn this on, the node blocks URLs containing user credentials (for example, user:pass@example.com) to prevent credential injection.

  • 允许子域名:(布尔值)启用此选项后,节点会自动允许“阻止所有 URL”列表中任何 URL 的子域名(例如,如果列表中包含 example.com,则允许 sub.example.com)。

    ¥Allow subdomain: (Boolean) If you turn this on, the node automatically allows subdomains of any URL in the Block All URLs Except list (for example, sub.example.com would be allowed if example.com is in the list).

  • 自定义:自定义基于 LLM 的防护规则。

¥Custom: Define your own custom, LLM-based guardrail.

  • 名称:自定义防护栏的描述性名称(例如,"检查粗俗语言")。

    ¥Name: A descriptive name for your custom guardrail (for example, "Check for rude language").

  • 提示:指示 AI 模型要检查内容的提示。

    ¥Prompt: A prompt that instructs the AI model what to check for.

  • 阈值:介于 0.0 和 1.0 之间的值,表示将输入标记为违规所需的置信度。

    ¥Threshold: A value between 0.0 and 1.0 representing the confidence level required to flag the input as a violation.

  • 自定义正则表达式:自定义正则表达式模式。

¥Custom Regex: Define your own custom regular expression patterns.

  • 名称:自定义模式的名称。此节点在文本清理模式下使用此名称作为占位符。

    ¥Name: A name for your custom pattern. The node uses this name as a placeholder in the Sanitize Text mode.

  • 正则表达式:你的正则表达式模式。

    ¥Regex: Your regular expression pattern.

自定义系统消息#

¥Customize System Message

启用此选项后,将显示一个文本输入框,其中包含一条消息,该消息由防护机制用于强制执行阈值并根据模式输出 JSON 内容。更改它以修改全局护栏行为。

¥If you turn this on, a text input appears with a message that the guardrail uses to enforce thresholds and JSON output according to schema. Change it to modify the global guardrails behavior.