What is a Grounding Score?

A grounding score is a measurable compliance metric that calculates what percentage of an AI agent's response is grounded in your SOPs. Green (80-100%) indicates auto-approve safe, Yellow (40-80%) routes to human review, Red (<40%) triggers block or escalation.

How is Rails different from eval platforms?

Eval platforms (BrainTrust, Arize) measure quality after the fact as an engineering metric. Rails enforces compliance in real-time as a legal requirement. They are complementary: evals measure, Rails enforces.

How is Rails different from generic guardrails?

Generic guardrails (Guardrails AI, NeMo) block harmful content like toxicity and PII. Rails enforces your domain-specific SOPs: clinical protocols, financial regulations, your specific business rules. They protect against general harms; Rails enforces your specific rules.

What industries does Rails support?

Rails is built for regulated industries, primarily Healthcare (prior authorization, claims processing, clinical decision support) and Financial Services (compliance workflows, regulatory reporting, customer communications).

Runtime Compliance Enforcement

SOPs are Code, Not Suggestions.

Rails ensures runtime enforcement of your SOPs. It intercepts agent responses, blocks violations, and ensures compliance before a user ever sees a message.

Deploy Enforcement See Live Demo

THE PROBLEM

The Enforcement Gap

Traditional compliance is documentation-first, enforcement-last. Rails flips that paradigm - your SOP becomes the firewall.

Traditional Approach

You write SOPs. You train teams. You hope they follow them. When they don't, you find out later - usually from an audit or incident report.

×Manual review required
×Retrospective enforcement
×Human error possible
×Training drift over time

With Rails

Your SOP is compiled into executable logic that sits between your agent and the outside world. Violations are blocked before they happen - not documented after.

✓Enforced at runtime
✓Proactive blocking
✓Zero human error
✓Deterministic compliance

Hope-Based

Code-Based

HOW IT WORKS

Runtime Firewall Architecture

Rails operates as a deterministic middleware layer between your agent and the real world. Every action is validated before execution—no exceptions, no probabilistic checks.

Agent Intent

Agent generates an action request (e.g., send message, update record, call API)

Rails intercept

Request hits Rails before execution. Context extracted: patient data, timestamps, user role, etc.

Rule Evaluation

Compiled SOP logic runs deterministically. Boolean checks: Is consent present? Is data de-identified? Is user authorized?

Enforce or Block

PASS → Action proceeds. FAIL → Action blocked, logged, escalated.

Audit Trail

Every decision logged with full context for compliance reporting.

Deterministic • Zero Latency • Fully Auditable

Grounded in Ground Truth

We don't just "align" with your SOPs. We compile them. Rails ingests your static policy documents and transforms them into active, executable logic gates that run in real-time.

Source Document

Clinical_Protocol_v4.pdf

Clause 4.2: If a patient mentions symptoms persisting longer than 7 days, the agent must not prescribe OTC medication and must refer to a specialist.

Clause 4.3: All patient PII must be redacted before storage.

Compiled Logic

# Generated Logic Gate: ID-402

rule check_symptom_duration(ctx) {

if (ctx.symptom_duration > 7_days) {

block_action("prescribe_otc");

require_action("refer_specialist");

}

Compilation Process: <200 ms

Enforcement You Can Audit

Compliance isn't just about stopping bad behavior; it's about proving you stopped it. Rails generates a cryptographic audit log for every intervention.

Linked to Source PDF
Immutable Record
Real-Time Alerting

Audit Log: EVT-99210STATUS: BLOCKED

{
  "timestamp": "2025-01-24T14:22:10Z",
  "event_type": "ENFORCEMENT_BLOCK",
  "agent_id": "clinical_triage_bot_v2",
  "input_context": {
    "user_query": "I've had this headache for 10 days now."
  },
  "attempted_response": "I can prescribe some ibuprofen for that headache.",
  "violation": {
    "rule_id": "duration_limit_exceeded",
    "severity": "HIGH",
    "description": "Attempted prescription for symptoms > 7 days"
  },
  "enforcement_action": {
    "action": "BLOCK_AND_REPLACE",
    "replacement_template": "referral_required"
  },
  "citation": {
    "document": "Clinical_Protocol_v4.pdf",
    "page": 12,
    "clause": "4.2"
  }
}

The Determinism Guarantee

Why probabilistic checking fails in production

Feature	LLM-Based Checking	Rails Enforcement
Validation Model	"Looks Compliant" (75% confidence)	Binary(Compliance/Non Compliant)
Consistency	Different result each run	Same Input = Same Result, Always
Explainability	Black box reasoning	Traceable to specific SOP clause
Edge Case Handling	Misses nuance	Structured logic catches exceptions

INTEGRATION

Where Rails Fits in Your Stack

Rails is not a replacement for your agent - it's the enforcement layer that sits between your agent and the outside world.

Your Agent

Decision-making, reasoning, task execution

Rails (Enforcement Layer)← Rails

Validates every action against SOPs before execution

External Systems

EHRs, APIs, Databases, messaging platforms

"Rails doesn't replace your agent's intelligence. It ensures that intelligence operates within your rules."

Drop-in integration • No agent retraining required

THE SAFETY MANIFESTO

Your System Prompt Is Not a Firewall.

"You wrote 'Do not give medical advice' in the prompt. The model sees that as a suggestion, not a law."

When the context window fills up, suggestions are ignored. True safety requires an external, deterministic circuit breaker that intervenes before the response leaves the server.

Rails doesn't ask the LLM to follow rules. It enforces them mathematically, every single time.

Don't prompt for safety. Enforce it.