Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.hoop.dev/docs/llms.txt

Use this file to discover all available pages before exploring further.

Guardrails use pattern matching to evaluate queries and block dangerous operations before they execute. This page covers configuration options and rule syntax.
For an introduction to what Guardrails do and common use cases, see Guardrails Overview.

Prerequisites

Guardrails are evaluated by the Microsoft Presidio Analyzer — patterns and word lists are sent to Presidio as ad-hoc recognizers, and matching happens inside Presidio.
Presidio is required. There is no fallback engine. If a resource role has a guardrail assigned and Presidio is not deployed or the gateway cannot reach it, queries on that resource role will fail.
Before configuring guardrails, deploy Presidio and point the gateway at it:

Deploy Presidio

Helm chart, sizing, and autoscaling for the Analyzer, Anonymizer, and Envoy Proxy.

Microsoft Presidio Integration

Required gateway environment variables and integration overview.

Creating a Guardrail

1

Navigate to Guardrails

Go to Manage > Guardrails in the sidebar
2

Create New Guardrail

Click Create New Guardrail in the top-right corner
3

Set Basic Information

  • Name: A short identifier (e.g., block-ddl, read-only-mode)
  • Description: Explain what this guardrail protects against
4

Add Rules

Configure Input Rules and/or Output Rules (see below)
5

Assign Resource Roles

Select which resource roles this guardrail applies to
6

Save

Click Save to activate the guardrail

Rule Configuration

Input Rules

Input rules evaluate queries before they execute. Use these to block dangerous commands.
FieldDescriptionExample
PatternRegex pattern to match(?i)DROP\s+TABLE
ActionWhat to do when pattern matchesBlock, Warn, Require Approval
MessageError message shown to userDDL commands are blocked

Output Rules

Output rules evaluate query results after execution. Use these to filter or redact output.
FieldDescriptionExample
PatternRegex pattern to match in output\b\d{3}-\d{2}-\d{4}\b (SSN)
ActionWhat to do when pattern matchesRedact, Block, Warn
ReplacementText to replace matches with[REDACTED]
For data masking that automatically detects PII, see Live Data Masking instead.

Pattern Syntax

Guardrail patterns are compiled by Microsoft Presidio, which uses Python’s re module. Write patterns using Python regex syntax — not JavaScript/ECMAScript and not Go’s RE2.

Basic Syntax

SyntaxMeaningExample
(?i)Case-insensitive(?i)drop matches DROP, Drop, drop
\s+One or more whitespaceDROP\s+TABLE matches DROP TABLE
\s*Zero or more whitespaceDROP\s*TABLE matches DROPTABLE too
\bWord boundary\bDROP\b won’t match BACKDROP
^Start of string^SELECT only matches SELECT at start
$End of string;\s*$ matches trailing semicolon
.*Any charactersSELECT.*FROM matches anything between
(?!...)Negative lookahead(?!.*WHERE) means “not followed by WHERE”

Common Patterns

Block UPDATE without WHERE: 
(?i)^\s*UPDATE\s+\w+\s+SET\s+(?!.*WHERE)
Block DELETE without WHERE: 
(?i)^\s*DELETE\s+FROM\s+\w+(?!.*WHERE)
Block all DDL: 
(?i)^\s*(DROP|CREATE|ALTER|TRUNCATE)\s+(TABLE|DATABASE|INDEX|SCHEMA|VIEW)
Block SELECT * on specific tables: 
(?i)SELECT\s+\*\s+FROM\s+(users|orders|transactions)
Require LIMIT clause: 
(?i)SELECT\s+(?!.*\bLIMIT\b).*FROM

Testing Patterns

Before deploying a pattern, test it at regex101.com:
  1. Select Flavor: Python
  2. Paste your pattern in the Regular Expression field
  3. Enter test queries in the Test String field
  4. Verify matches highlight correctly
Inline flags ((?i), (?m), (?s)), lookaheads ((?!...)), lookbehinds ((?<=...)), and word boundaries (\b) are all supported by Python’s re. Avoid JavaScript-only constructs — for example, Python’s named groups use (?P<name>...), not (?<name>...).

Actions

Block

Prevents the query from executing and returns an error. Use when: The operation should never be allowed (e.g., DROP TABLE in production) User sees: 
Error: Guardrail violation
Rule: block-ddl
Message: DDL commands are blocked in production

Warn

Allows the query but shows a warning message. Use when: You want to educate users without blocking work (e.g., missing LIMIT) User sees: 
Warning: Consider adding a LIMIT clause to prevent large result sets
Query executed successfully.

Require Approval

Blocks the query until an approver approves it. Use when: Some queries need human review before execution (e.g., bulk updates) User sees: 
This query requires approval.
Waiting for approval at https://use.hoop.dev/access-requests/abc123...
Require Approval uses the same workflow as Action Access Requests.

Resource Role Assignment

Each guardrail can be assigned to multiple resource roles. You can also have multiple guardrails on a single resource role.

Assignment Options

OptionDescription
Specific resource rolesSelect individual resource roles from the list
All resource rolesApply to every resource role in your organization
Resource role tagsApply to resource roles matching specific tags

Evaluation Order

When multiple guardrails apply to a resource role, they are evaluated in order of priority:
  1. Priority 1 (highest) evaluated first
  2. First matching rule determines the action
  3. If no rules match, query is allowed
To set priority:
  1. Go to Manage > Guardrails
  2. Drag guardrails to reorder them
  3. Higher position = higher priority

Environment Variables

Guardrails run inside Microsoft Presidio, so they share the same gateway environment variables as Live Data Masking. Configure these on the gateway — guardrails will not evaluate without them:
VariableDescriptionExample
DLP_PROVIDERMust be set to enable Presidio-backed guardrailsmspresidio
MSPRESIDIO_ANALYZER_URLURL of the Presidio Analyzer servicehttp://presidio-envoy-lb:3010
MSPRESIDIO_ANONYMIZER_URLURL of the Presidio Anonymizer servicehttp://presidio-envoy-lb:3010
DLP_MODEbest-effort or strict (shared with Live Data Masking)best-effort
For deployment details (workers, autoscaling, models), see Microsoft Presidio Deployment.

Monitoring Guardrails

Viewing Blocked Queries

  1. Go to Sessions in the sidebar
  2. Filter by Status: Blocked
  3. Click a session to see details
Each blocked session shows:
  • The query that was blocked
  • Which guardrail and rule triggered
  • The error message
  • User and timestamp

Audit Log

All guardrail evaluations are logged:
  • Blocked queries - Logged with full query text
  • Warnings - Logged with warning message
  • Approval requests - Logged with request status
Access audit logs in Sessions or export via the API.

Best Practices

Start with Warn

Use Warn mode first to understand impact before blocking

Test in Dev First

Apply guardrails to test resource roles before production

Be Specific

Use precise patterns to avoid false positives

Document Rules

Write clear descriptions explaining why each rule exists

Pattern Guidelines

  1. Always use (?i) for case-insensitive matching
  2. Use \b for word boundaries to avoid partial matches
  3. Use ^\s* to allow leading whitespace
  4. Test edge cases like multi-line queries and comments
  5. Keep patterns simple - complex regex is hard to maintain

Troubleshooting

Pattern Not Matching

Check:
  1. Test the pattern at regex101.com with the exact query
  2. Verify case sensitivity (add (?i) if needed)
  3. Check for leading/trailing whitespace in the query

Too Many False Positives

Fix:
  1. Make the pattern more specific
  2. Add word boundaries (\b)
  3. Use negative lookahead for exceptions
Example: Pattern DROP blocks DROP_SHIPPED_ITEMS table name Fix: (?i)^\s*DROP\s+(TABLE|DATABASE) only matches DDL commands

Performance Issues

If queries are slow:
  1. Reduce the number of rules per resource role
  2. Simplify complex regex patterns
  3. Avoid patterns with excessive backtracking (e.g., .*.*.*)

Guardrails Overview

Learn what guardrails do and see common recipes

Live Data Masking

Configure automatic PII detection and masking

Action Access Requests

Configure the “Require Approval” action

Access Control

Control who can access which resource roles