Mirror
Start guarding free
v2.4 · OpenTelemetry-native

Catch your AI breaking the rules before your users do.

Mirror runs policy evaluations in 4ms at the edge of your agent — redacting PII, blocking tool abuse, and routing flagged conversations to human review without touching your inference path.

Start guarding free Read the docs
$ npm i mirror-sdk
mirror › session a8f3c2 · live
streaming
time
policy
verdict
lat.
14:02:11.402
pii_redact
PASS 2 emails, 1 phone redacted from prompt
4ms
14:02:11.418
tool_allowlist
PASS tool=stripe.refund matched policy v12
1ms
14:02:11.602
jailbreak_detect
RETRY prompt regenerated · score=0.68
12ms
14:02:12.041
toxicity
BLOCK confidence=0.94 · routed to review queue
8ms
14:02:12.220
output_schema
PASS json valid · 3 keys, 0 unknown
2ms
14:02:12.398
pii_redact
PASS response clean
3ms
Last 24h · prod-us-east
live
Sessions guarded
1,284,402
+12.4% vs Tue
Policy violations
3,061
+2.8% vs Tue
P95 eval latency
11.8 ms
−1.4ms vs Tue
False positive rate
0.42 %
−0.18pp vs Tue
Evaluations / min peak 18,402
region: us-east-1 / eu-west-1 99.992% SLA
Guarding agents in production at
Linnea FORECAST GLIDE Mercury Brightwave nimbus. Coast/ Vantage Linnea FORECAST GLIDE Mercury Brightwave nimbus. Coast/ Vantage
Capabilities

Every guardrail your safety team would have written by hand.

A rules engine, a redaction layer, and a violation feed — wired together with the same trace context as your spans. Drop in the SDK, ship policies as code.

Policy as code

Rules you can review in a PR.

YAML or TypeScript. Versioned with your code, evaluated at inference time. Branch policies per environment.

policies/billing-agent.yaml v12 · prod 
# refund-agent guardrails
name: refund-agent
version: 12
on:
  prompt:
    - pii_redact: { entities: [email, phone, ssn] }
    - jailbreak_detect: { action: retry, max: 2 }
  tool_call:
    - allowlist: [stripe.refund, crm.note]
    - rate_limit: { stripe.refund: 6/min }
  response:
    - toxicity: { threshold: 0.85, action: block }
    - schema: ./schemas/refund.json
on_block: route_to: review-queue
Live feed

Watch policy violations as they fire.

Severity, agent, policy, and the redacted span — one click to the full conversation.

14:02:12 BLOCK refund-agent · toxicity 0.94
14:01:58 RETRY support · jailbreak 0.68
14:01:41 BLOCK onboarding · schema invalid
14:01:22 FIXED refund-agent · v11 → v12
Redaction diff

PII never leaves your VPC.

Tokens replaced before the model sees them; re-hydrated only in your audit log.

Customer Priya Anand ([email protected], 415-555-0142) wants…
+ Customer <PERSON_01> (<EMAIL_01>, <PHONE_01>) wants…
SDK

One import.

// 4 lines, OpenAI-compatible
import { guardrail } from "mirror-sdk";
const mirror = guardrail({ policy: "refund" });
await mirror.wrap(openai.chat.create);
Template gallery

Start from 28 audited templates.

support-agent
6 rules · GDPR
healthcare-q&a
11 rules · HIPAA
coding-copilot
4 rules · OSS
finance-advisor
9 rules · FINRA
Routing

Page the on-call. Skip the noise.

Dedup violations by policy + agent + 5-minute window. Route high-severity to PagerDuty, the rest to a Slack channel — or your incident pipeline of choice.

PagerDuty Slack Opsgenie Webhook Linear
last 30d
False positive rate
0.42%
↘ −0.31pp / 30d
Mean eval latency
4.1 ms
↘ −0.8ms / 30d
Policies in prod
38
12 teams
False positives / day
baseline current
Eval-as-policy

Promote evals to production guardrails.

Mirror reuses your offline eval suite as runtime policies. The same prompt → response → grade loop you ran in CI now runs on every live request — with rollouts, kill-switches, and gradual exposure.

  • Roll a policy out to 5% → 50% → 100% of traffic; revert in one click.
  • Shadow mode: evaluate without acting, compare against current baseline.
  • Every verdict is a signed span — replay any session against a new policy version.
  • Native OpenTelemetry — your existing Datadog / Grafana tap-ins still work.
Read the eval-as-policy guide
Pricing

Pay for evaluations. Not seats.

A guardrail evaluation is one rule running against one inference. Bundles roll over. No per-seat tax on your safety team.

Sandbox

free forever
$0
/ month

For a side project or a single agent in staging.

  • 100,000 guardrail evals / mo
  • 14-day session retention
  • All 28 policy templates
  • Community Slack
Start free
Most popular

Pro

incl. audit log
$49
/ month · billed annually

For teams shipping LLM features to real customers.

  • 5,000,000 guardrail evals / mo
  • 90-day session + signed audit log
  • Custom TypeScript rules
  • Slack + PagerDuty routing
  • SLA: P95 < 12ms
Start 14-day trial

Enterprise

BYOC
$249
/ month base · usage on top

For regulated industries and 100M+ request workloads.

  • Bring-your-own-cloud deployment
  • SOC 2 Type II + HIPAA + SCIM
  • Customer-managed encryption keys
  • Solution architect + 1h SLA
Talk to sales
Customers

Engineers who can't afford a 2am model surprise.

"Mirror replaced 2,400 lines of ad-hoc Python regex with twelve YAML files. Our PII incident rate dropped to zero for the last 184 days."
PA
Priya Anand
Staff Engineer · Linnea
"The shadow-mode rollouts are the killer feature. We've shipped 38 policies without a single false-positive incident in production."
MT
Marcus Tobin
Founding Engineer · Forecast
"P95 added 6ms to our agent loop. It's the cheapest insurance policy we've ever bought, and the audit log paid off in the first SOC 2 review."
HS
Hana Suzuki
ML Lead · Glide
FAQ

Frequently asked, honestly answered.

If you have a deeper question, the engineering Slack answers within a few hours during EU/US hours.

How is a "guardrail evaluation" billed? +

One eval = one rule running against one inference. A request that triggers 3 rules costs 3 evals. We bill in $0.00018 increments and bundles roll over month-to-month for 90 days. Shadow-mode evals are billed at 25% of the live rate.

Do you run guardrails in-process or as a sidecar? +

Both. The SDK runs deterministic rules (allowlists, schemas, redaction) in-process — typical overhead 1.4ms. ML-based rules (toxicity, jailbreak) run in a local sidecar that you deploy alongside your service. We also offer a managed proxy at proxy.mirror.dev for teams who don't want to host anything.

Can I write custom rules in TypeScript? +

Yes. Export a function with signature (ctx) => Verdict and reference it from YAML. Custom rules run sandboxed in V8 isolates with a 50ms hard timeout and no network access by default. We also support Python via a gRPC bridge for the ML team's preferences.

What's your latency overhead in the proxy mode? +

For a request with 4 active rules: P50 8ms, P95 11.8ms, P99 18.3ms — measured against our public dashboard at status.mirror.dev. The proxy speaks the OpenAI chat-completion protocol natively, so swapping api.openai.com for proxy.mirror.dev is the entire integration.

How do you handle PII in logs? +

Redaction happens before the model call, and the redacted form is what lands in our logs. Re-hydration tokens live exclusively in your customer-managed KMS key — we cannot decrypt them. The audit log writer signs each entry with an Ed25519 key per workspace so you can verify chain-of-custody at any time.

Now in GA

Stop fearing the model. Trust the policy.

Ship your next LLM feature behind 12 audited rules. The free tier covers 100k evaluations and never expires.

Start guarding free Talk to sales