Configuration: YAML Guard Rules, Env Vars, and Presets

Guards config file

OpenGuard loads guard rules from a YAML file (default: ./guards.yaml). Override with:

uvx openguard serve --config path/to/config.yaml
# or via environment variable:
OPENGUARD_CONFIG=path/to/config.yaml uvx openguard serve
# multiple files, merged in order:
OPENGUARD_CONFIG=base.yaml,overrides.yaml uvx openguard serve

In Docker, mount your config file into the container at /app/guards.yaml:

docker run -p 23294:23294 \
  -v ./guards.yaml:/app/guards.yaml \
  ghcr.io/Jitera-Labs/openguard:main

To use a file at a different path inside the container, set OPENGUARD_CONFIG:

docker run -p 23294:23294 \
  -v ./my-config.yaml:/etc/openguard/guards.yaml \
  -e OPENGUARD_CONFIG=/etc/openguard/guards.yaml \
  ghcr.io/Jitera-Labs/openguard:main

Structure

guards:
  - match: <filter>
    apply:
      - type: <guard_type>
        config: { ... }

Each rule has a match filter and an ordered list of guards to apply. Rules are evaluated sequentially — multiple rules can match the same request, and all matching guards run in order.

Match filters

Filters use a Hasura-style query syntax evaluated against the request context. Available fields: model, user, provider, and any other request parameters.

Operators

Operator	Description
_eq, _neq	Equality
_gt, _lt, _gte, _lte	Comparison
_in, _nin	Array membership
_is_null	Null check
_like, _ilike	SQL-style wildcard (%) matching
_regex, _iregex	Regex matching
_and, _or, _not	Logical composition

Examples

# Match all models
match:
  model:
    _ilike: "%"

# Match GPT-4 variants
match:
  model:
    _ilike: "%gpt-4%"

# Combine conditions
match:
  _and:
    - model:
        _iregex: "claude|gpt-4"
    - user:
        _eq: "admin"

Environment variables

Variable	Default	Description
OPENGUARD_CONFIG	./guards.yaml	Comma-separated guard config paths
OPENGUARD_OPENAI_URL_*	http://localhost:11434/v1	Downstream OpenAI-compatible URLs
OPENGUARD_OPENAI_KEY_*	—	API keys for OpenAI-compatible providers
OPENGUARD_ANTHROPIC_URL_*	—	Downstream Anthropic URLs
OPENGUARD_ANTHROPIC_KEY_*	—	API keys for Anthropic providers
OPENGUARD_API_KEY	—	Single key to protect this proxy
OPENGUARD_API_KEYS	—	Semicolon-separated additional proxy keys
OPENGUARD_PORT	23294	Server port
OPENGUARD_HOST	0.0.0.0	Server bind address
OPENGUARD_LOG_LEVEL	INFO	Log level
OPENGUARD_CORS_ORIGINS	—	Semicolon-separated allowed CORS origins
OPENGUARD_MODEL_FILTER	—	Hasura-style filter for downstream model list

Wildcard variables (* suffix) accept any name — e.g., OPENGUARD_OPENAI_KEY_PROD, OPENGUARD_OPENAI_KEY_2. All matching values are gathered automatically.

Persistent config file

As an alternative to environment variables, create ~/.config/openguard/config.yaml:

port: 23294
providers:
  - type: openai
    key: sk-proj-...
  - type: anthropic
    key: sk-ant-...
log_level: INFO

Presets

OpenGuard ships with ready-made guard configs so you don’t have to write one from scratch:

Preset	What it covers
presets/agentic.yaml	Secrets leakage, PII exposure, prompt injection, dangerous shell commands. Tailored for coding agents. Default when running via the Docker wrapper.
presets/full.yaml	Exercises every guard type. Used by integration tests — also useful as a reference for all available options.

Using a preset

# Serve
uvx openguard serve --config presets/agentic.yaml

# Launch
OPENGUARD_CONFIG=presets/agentic.yaml uvx openguard launch claude

In Docker, the presets are already baked into the image at /app/presets/:

docker run -p 23294:23294 \
  -e OPENGUARD_CONFIG=/app/presets/agentic.yaml \
  -e OPENGUARD_OPENAI_KEY_1="sk-..." \
  ghcr.io/Jitera-Labs/openguard:main

You can also layer a preset with your own overrides — files are merged in order:

OPENGUARD_CONFIG=presets/agentic.yaml,./my-overrides.yaml uvx openguard serve