guardrail-registry

npm-style registry of versioned, composable AI safety guardrail packs.

Install PII redaction, toxicity filters, jailbreak shields, prompt injection protection, and compliance packs in one line and compose them as middleware pipelines.

Quickstart

npm install
node server.js
# → http://localhost:4722/guardrail-registry/

Features

• Browse & search guardrail packs by category, compliance standard, author, or keyword
• Pack detail pages — source code viewer, version history, usage examples, config schema
• Publish packs — submit your own createGuard(config) middleware factory
• Pipeline Composer — visually stack packs and generate ready-to-use code
• Compliance Map — find packs certified for GDPR, COPPA, GUARD Act, EU AI Act, etc.
• Star & review — community ratings and reviews
• REST API — fully open, no authentication required

API Endpoints

All routes under /guardrail-registry/api/:

| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | /packs | List packs (pagination, sort, filter) |
| GET | /packs/categories | Categories with counts |
| GET | /packs/:name | Pack detail + latest version |
| GET | /packs/:name/versions | All versions |
| GET | /packs/:name/:version | Specific version with source code |
| POST | /packs | Publish a new pack or version |
| POST | /packs/:name/star | Star/unstar a pack |
| POST | /packs/:name/reviews | Post a review |
| GET | /packs/:name/reviews | Get reviews |
| GET | /search | Search packs |
| GET | /search/suggest | Autocomplete suggestions |
| GET | /stats | Registry-wide statistics |
| GET | /stats/trending | Trending packs |
| GET | /stats/top-starred | Most starred packs |
| GET | /stats/by-category | Stats grouped by category |
| GET | /stats/compliance | Packs by compliance standard |
| GET | /health | Health check ({ok:true}) |

Data

This registry stores user-published guardrail packs — the registry itself is the data source. The initial seed packs are community-maintained starter packs authored by RNDLAB that demonstrate the guardrail middleware pattern. They are real, working JavaScript middleware code.

No live external data is fetched — all data in the registry is user-generated (published packs, reviews, stars). No mock data, no random generators, no fake download counts.

Pack Format

Each pack must export a createGuard(config) factory function that returns an async middleware:

export function createGuard(config = {}) {
  return async (ctx, next) => {
    // guardrail logic: inspect/modify ctx.input
    const result = await next(ctx);
    // optionally inspect/modify result.output
    return result;
  };
}

Environment Variables

See .env.example. Required:
- PORT — default 4722
- NODE_ENV — production or development
- DB_PATH — SQLite database path (default: ./guardrail-registry.db)
- OPENROUTER_API_KEY — for future LLM-assisted review features
- BRAVE_API_KEY — for future web-sourced compliance updates

Tech Stack

• Node.js 22+ / ESM
• Express 4
• better-sqlite3 (WAL mode)
• helmet + compression
• Vanilla JS SPA (no framework)