One signed binary. Every feature compiled in. Free to run. Install Crowkis →
← back to the Roost
guidesJune 14, 2026· 5 min read

Guardrails in your request path: CGUARD and COUTCHECK in code

Two commands wrap your model call in an input and an output gate — prompt-injection scanning before, PII and toxicity scanning after. No second model, no egress.

Safety is two checks bracketing your model call: scan the input for injection before you trust it, and scan the output for leaks before you ship it. CGUARD and COUTCHECK are those checks, as commands, running locally with no second model.

gate the input, gate the output
from crowkis import CrowkisClient
cache = CrowkisClient(host="127.0.0.1", port=6379)

def answer(user_prompt: str) -> str:
    # --- input gate: catch jailbreaks, even leetspeak / zero-width tricks ---
    verdict = cache.cguard(user_prompt)
    if verdict.blocked:
        return "I can't help with that request."   # verdict.category tells you why

    raw = call_your_model(user_prompt)

    # --- output gate: PII leak, toxicity, optional JSON validity ---
    out = cache.coutcheck(raw)
    if out.pii or out.toxic:
        raw = redact(raw, out.pii)                  # or regenerate / refuse
    return raw

The verdicts are structured for action: CGUARD returns a verdict, a category, and the matched span; COUTCHECK returns a pass/fail with the PII entities and toxic spans it found. You decide the policy — block, redact, or regenerate — per failure mode.

In plain words: Check what comes in before you trust it, and what goes out before you send it. Both checks run on your machine — no moderation API, no data leaving.