Skip to content

defineConfig

Creates a guardrails configuration object. Supports three calling patterns.

Signature

ts
// Zero-config (PII + secret protection by default)
const config = defineConfig();

// Preset / rule specification
const config = defineConfig(input);

// Pass through existing GuardrailsConfig
const config = defineConfig(config);

Parameters

When called with no arguments, PII + secret protection is enabled by default.

When passing a ConfigInput:

ParameterTypeDefaultDescription
rules(Rule | RuleBuilder)[]--Array of rules to apply
protectstring[]--Preset names to enable
serversServerConfig[]--Backend MCP server definitions
onViolation"block" | "warn" | "log""block"Default action on violation
traceTraceConfig--Trace settings
logLogConfig--Log settings

Preset names

PresetDescription
"pii"Detect and block email, phone numbers, credit cards, etc.
"secrets"Detect and block API keys, tokens, private keys, etc.
"prompt-injection"Detect and block prompt injection attacks

Returns

GuardrailsConfig — final config object with builders and presets resolved.

Examples

Zero-config

ts
import { defineConfig } from "open-mcp-guardrails";

export default defineConfig();

Presets

ts
import { defineConfig } from "open-mcp-guardrails";

export default defineConfig({
  protect: ["pii", "secrets", "prompt-injection"],
});

Custom rules

ts
import { defineConfig, pii, secrets, flow, tool } from "open-mcp-guardrails";

export default defineConfig({
  rules: [
    pii().block(),
    secrets().exclude("generic_secret").warn(),
    flow("get_website").to("send_email").block(),
    tool("send_email")
      .check(args => !(args.to as string)?.endsWith("@company.com"))
      .block("Only @company.com addresses allowed"),
  ],
});

Presets + custom rules

protect and rules can be used together. protect rules are applied first:

ts
export default defineConfig({
  protect: ["pii"],
  rules: [
    secrets().exclude("generic_secret").block(),
    flow("get_website").to("send_email").block(),
  ],
});