validate

Last update:

May 18, 2026

The validate() function is the required public method that a guardrail CFC must implement to participate in the Agent() guardrail pipeline. Input guardrails receive the user message; output guardrails receive the AI-generated response.

Syntax

// Input guardrail

public struct function validate(required string userMessage) { ... }

// Output guardrail

public struct function validate(required string aiMessage) { ... }

Parameters

Parameter	Type	Required	Description
`userMessage`	String	Required (input guardrail)	The user's raw input string. Present only in input guardrails, which execute before the LLM is invoked.
`aiMessage`	String	Required (output guardrail)	The AI-generated response string. Present only in output guardrails, which execute after the LLM produces its response.

Returns

Must return a Struct with exactly the following keys:

Key	Description
`result`	Controls execution flow. Valid values: `"success"` (allow through), `"failure"` (block with non-fatal error), `"fatal"` (block and throw immediately).
`message`	Diagnostic or explanatory message used for logging or error responses.
`repromptMessage`	Optional message used when the guardrail requests a user reprompt. Pass an empty string when not applicable.

Note: Inline UDF guardrails use action as the control key (with values "success", "failure", "fatal", "reprompt"), whereas CFC guardrails use result as shown above. Both styles are functionally equivalent; the key name differs only between declaration styles.

Registering a Guardrail CFC

Pass the expanded CFC file path (not a component path) in the inputGuardrails or outputGuardrails array when calling Agent():

agent({

    CHATMODEL: chatModel,

    retrievalAugmentor: {

        contentRetriever: {

            vectorStore: vs,

            maxResults:  5,

            minScore:    0.5

        }

    },

    inputGuardrails:  [ expandPath("./guardrails/SensitiveData.cfc") ],

    outputGuardrails: [ expandPath("./guardrails/Profanity.cfc") ]

});

Example: Input guardrail CFC

// /guardrails/SensitiveData.cfc

component {

    public struct function validate(required string userMessage) {

        if (findNoCase("password", arguments.userMessage)) {

            return {

                result:          "fatal",

                message:         "Sensitive data detected",

                repromptMessage: ""

            };

        }

        return {

            result:          "success",

            message:         "OK",

            repromptMessage: ""

        };

    }

}

Was this page helpful?

We're glad. Tell us how this page helped.

Found the answer to my problem Understood the instructions Liked the feature

Other suggestions

We're sorry. Can you tell us what didn't work for you?

Didn't find the answer to my problem Couldn't understand the instructions Didn't like the feature

Other suggestions

Thank you for your feedback. Your response will help improve this page.

Was this helpful?

We are sorry the content didn't meet your needs.

Share additional feedback to help us improve.

0/255 | Character limit exceeded.

Thank you so much for sharing your feedback!