Skip to content
Everruns Everruns

Evaluate guardrail checks against sample text.

POST
/v1/capabilities/guardrails/dry-run
 
curl --request POST \
  --url https://app.everruns.com/api/v1/capabilities/guardrails/dry-run \
  --header 'Content-Type: application/json' \
  --data '{ "config": {}, "stage": "output", "text": "the model said something darn surprising", "tool_name": "bashkit_exec" }'

Request Body required

Section titled “Request Body required ”
Media type application/json

Request body for the dry_run_guardrails operation: evaluate a guardrails capability config against sample content without a session.

object
config
required

The guardrails capability config to evaluate (same shape persisted in AgentCapabilityConfig.config).

object
stage
required

Pipeline stage to evaluate.

string
Allowed values: output tool_use tool_output
Example 
output
text
required

Sample content: model output, serialized tool arguments, or tool output, depending on stage.

string
Example 
the model said something darn surprising
tool_name

Tool name for tool_use stage checks (tool_pattern rules).

string | null
Example 
bashkit_exec

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Triggered checks for the sample content

Media type application/json

Response for the dry_run_guardrails operation.

object
blocked
required

Whether any hit would block (i.e. the content would be suppressed or the tool call refused when this config runs active).

boolean
hits
required

All triggered checks, in config order.

Array<object>

One triggered check from a guardrails dry run.

object
action
required

Effective action (advisory mode downgrades block to log).

string
Allowed values: block log
check_id
required

The check’s id, or "<type>#<index>" when none was set.

string
check_index
required

Index of the check in the config’s checks array.

integer format: int32
matched

Bounded excerpt of what matched.

string | null
reason_code
required

Stable machine-readable code, guardrail.<rule_type>.

string
replacement

The check’s custom replacement text, if configured.

string | null
rule_type
required

Rule type: regex, blocklist, or tool_pattern.

string
stage
required

Stage the check ran in.

string
Allowed values: output tool_use tool_output
Example 
{
  "hits": [
    {
      "action": "block",
      "check_id": "profanity",
      "matched": "darn",
      "reason_code": "guardrail.blocklist",
      "rule_type": "blocklist",
      "stage": "output"
    }
  ]
}

400

Section titled “400 ”

Invalid guardrails config, stage, or oversized text

Media type application/json

Standard error response.

Wire shape is RFC 9457 Problem Details: every error response includes title and status, and may include detail, code, allowed_actions, retry_after_seconds, instance, and type. The content type is rewritten to application/problem+json by [problem_json_content_type].

object
allowed_actions

Recovery actions the caller can take next.

Array<object>

Agent-actionable link describing a follow-up the caller can take. Used in two contexts:

  • Error recoveryErrorResponse.allowed_actions carries rels like retry, retry-later, unarchive, get-existing so the agent knows the right next call after a 4xx/429.
  • Entity hypermediaWithUrls<T>.allowed_actions carries state-aware rels like cancel, events, self, update on the entity itself so the agent can follow links instead of reconstructing routes from prose.

The shape is intentionally identical across both contexts; the closed rel vocabulary documented in specs/api-conventions.md distinguishes them.

object
hint

Short, agent-readable hint (e.g. “Shorten ‘name’ to <= 200 chars.”, “Cancel the active turn for this session.”).

string | null
href

Absolute (preferred) or relative URL the caller may invoke directly. Always present on entity hypermedia actions (WithUrls<T>.allowed_actions); optional on error-recovery actions (ErrorResponse.allowed_actions) where the matching operation_id is enough and the URI is implicit from the failed call.

string | null
method

HTTP method to use against href. Required for entity hypermedia actions; usually omitted on error-recovery actions where the same operation is retried with its original method.

string | null
operation_id

OpenAPI operationId the caller should invoke. Lets an MCP client resolve the call without parsing href.

string | null
rel
required

Link relation describing the action. Closed vocabulary documented in specs/api-conventions.md — examples: self, cancel, pause, resume, events, retry, retry-later, unarchive, get-existing, delete, update.

string
schema_ref

OpenAPI $ref to the request-body schema, when the action takes one (e.g. #/components/schemas/UpdateSessionRequest). Lets a tool-calling agent fetch the input shape without scanning the whole spec.

string | null
code

Stable, machine-readable error code (snake_case).

string | null
detail

Human-readable explanation specific to this occurrence.

string | null
instance

Request URI for this occurrence.

string | null
retry_after_seconds

Seconds the caller should wait before retrying (429 / transient 503).

integer | null format: int32
status
required

HTTP status code; mirrors the response status line.

integer format: int32
title
required

Short, human-readable summary of the problem (e.g. “Not Found”).

string
type

RFC 9457 problem type URI. Optional; identifies the problem class.

string | null
Example 
{
  "allowed_actions": [
    {
      "method": "POST"
    }
  ],
  "code": "session_not_found",
  "detail": "Session session_01933b5a000070008000000000000001 not found in org org_01933b5a000070008000000000000001.",
  "instance": "/v1/sessions/session_01933b5a000070008000000000000001",
  "retry_after_seconds": 30,
  "status": 404,
  "title": "Session not found",
  "type": "https://docs.everruns.com/errors/session_not_found"
}