Defend
Concepts

Architecture

Where Defend’s input and output guards sit relative to your application and the LLM.

View on GitHub

Defend assumes a three-hop pattern: your user (or upstream system) sends text to your app, your app may call an LLM, and your app returns a response. Defend evaluates text at the first and last hops.

Pipeline detail

For the ordered stages on the input path (normalization through classifier and modules), see Pipeline.

Input guard

Your application calls POST /v1/guard/input with the inbound user text (or equivalent). The service returns an action (pass, flag, or block) and a session_id. If the action is block, you should not call the LLM with that input.

Your LLM

Defend does not call your model for you. After a passing or flagged input (your policy), your app invokes the LLM as usual.

Output guard

After the model responds, call POST /v1/guard/output with the model text and the same session_id when possible. Output evaluation can incorporate stored input context for that session.

Session store

Input context for linking turns is stored server-side and expires based on configuration (see Sessions). Operational monitoring uses Health and Production.

Concepts

How Defend fits into your application, how the pipeline layers work, and how sessions tie input and output together.

Pipeline

Stages of the input guard pipeline from raw text through heuristics, session scoring, and the Defend classifier.

On this page

Input guardYour LLMOutput guardSession store