npm - @llmops/core - Versions diffs - 0.3.1 → 0.3.2-beta.1 - Mend

@llmops/core 0.3.1 → 0.3.2-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/{bun-sqlite-dialect-BNaQHMpk.cjs → bun-sqlite-dialect-B5rfiYIH.cjs} +1 -1
package/dist/db/index.cjs +4 -2
package/dist/db/index.d.cts +2 -2
package/dist/db/index.d.mts +2 -2
package/dist/db/index.mjs +2 -2
package/dist/{db-B-EsQtOz.mjs → db-Bkg85wso.mjs} +125 -3
package/dist/{db-Du2xmkGS.cjs → db-CCKBHjuz.cjs} +139 -5
package/dist/{index-COkIT6TH.d.mts → index-BMN3ZSTf.d.mts} +398 -2
package/dist/{index-CunWjFE4.d.cts → index-nsx8vXII.d.cts} +433 -37
package/dist/index.cjs +249 -5
package/dist/index.d.cts +765 -205
package/dist/index.d.mts +1026 -466
package/dist/index.mjs +245 -5
package/dist/{neon-dialect-BR1nZmKX.cjs → neon-dialect-DmI-frVR.cjs} +1 -1
package/dist/{neon-dialect-B-Q6mmbI.cjs → neon-dialect-q-8lApt2.cjs} +1 -1
package/dist/{node-sqlite-dialect-DpdAEbyp.cjs → node-sqlite-dialect-uTc3IyPv.cjs} +1 -1
package/package.json +2 -2

package/dist/index.d.mts CHANGED Viewed

@@ -1,9 +1,10 @@
-import { $ as variantsSchema, A as ProviderConfig, B as VariantVersionsTable, C as Environment, D as Insertable, E as EnvironmentsTable, F as TargetingRule, G as configsSchema, H as WorkspaceSettings, I as TargetingRulesTable, J as llmRequestsSchema, K as environmentSecretsSchema, L as Updateable, M as SCHEMA_METADATA, N as Selectable, O as LLMRequest, P as TableName, Q as variantVersionsSchema, R as Variant, S as Database, T as EnvironmentSecretsTable, U as WorkspaceSettingsTable, V as VariantsTable, W as configVariantsSchema, X as schemas, Y as providerConfigsSchema, Z as targetingRulesSchema, _ as validateTableData, a as createDatabaseFromConnection, b as ConfigVariantsTable, c as executeWithSchema, d as getMigrations, et as workspaceSettingsSchema, f as matchType, g as validatePartialTableData, h as parseTableData, i as createDatabase, j as ProviderConfigsTable, k as LLMRequestsTable, l as MigrationOptions, m as parsePartialTableData, n as DatabaseOptions, o as detectDatabaseType, p as runAutoMigrations, q as environmentsSchema, r as DatabaseType, s as createNeonDialect, t as DatabaseConnection, u as MigrationResult, v as Config, w as EnvironmentSecret, x as ConfigsTable, y as ConfigVariant, z as VariantVersion } from "./index-COkIT6TH.mjs";
+import { $ as environmentsSchema, A as GuardrailResults, B as TableName, C as Environment, D as GuardrailConfig, E as EnvironmentsTable, F as ProviderConfigsTable, G as VariantVersion, H as TargetingRulesTable, I as ProviderGuardrailOverride, J as WorkspaceSettings, K as VariantVersionsTable, L as ProviderGuardrailOverridesTable, M as LLMRequest, N as LLMRequestsTable, O as GuardrailConfigsTable, P as ProviderConfig, Q as environmentSecretsSchema, R as SCHEMA_METADATA, S as Database, T as EnvironmentSecretsTable, U as Updateable, V as TargetingRule, W as Variant, X as configVariantsSchema, Y as WorkspaceSettingsTable, Z as configsSchema, _ as validateTableData, a as createDatabaseFromConnection, at as targetingRulesSchema, b as ConfigVariantsTable, c as executeWithSchema, ct as workspaceSettingsSchema, d as getMigrations, et as guardrailConfigsSchema, f as matchType, g as validatePartialTableData, h as parseTableData, i as createDatabase, it as schemas, j as Insertable, k as GuardrailResult, l as MigrationOptions, m as parsePartialTableData, n as DatabaseOptions, nt as providerConfigsSchema, o as detectDatabaseType, ot as variantVersionsSchema, p as runAutoMigrations, q as VariantsTable, r as DatabaseType, rt as providerGuardrailOverridesSchema, s as createNeonDialect, st as variantsSchema, t as DatabaseConnection, tt as llmRequestsSchema, u as MigrationResult, v as Config, w as EnvironmentSecret, x as ConfigsTable, y as ConfigVariant, z as Selectable } from "./index-BMN3ZSTf.mjs";
 import gateway from "@llmops/gateway";
+import * as kysely0 from "kysely";
 import { Kysely } from "kysely";
 import pino from "pino";
 import { RulesLogic } from "json-logic-js";
-import * as zod33 from "zod";
+import * as zod37 from "zod";
 import z$1, { z } from "zod";
 import * as better_auth0 from "better-auth";
 import { BetterAuthOptions } from "better-auth";
@@ -1149,12 +1150,15 @@ declare const createLLMRequestsDataLayer: (db: Kysely<Database>) => {
    * Insert a single LLM request log
    */
   insertRequest: (request: LLMRequestInsert) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     variantId: string | null;
     provider: string;
     environmentId: string | null;
     configId: string | null;
-    requestId: string;
     providerConfigId: string | null;
+    requestId: string;
     model: string;
     promptTokens: number;
     completionTokens: number;
@@ -1169,9 +1173,17 @@ declare const createLLMRequestsDataLayer: (db: Kysely<Database>) => {
     isStreaming: boolean;
     userId: string | null;
     tags: Record<string, string>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
+    guardrailResults: {
+      results: {
+        configId: string;
+        functionId: string;
+        hookType: "beforeRequestHook" | "afterRequestHook";
+        verdict: boolean;
+        latencyMs: number;
+      }[];
+      action: "allowed" | "blocked" | "logged";
+      totalLatencyMs: number;
+    } | null;
   } | undefined>;
   /**
    * List LLM requests with filtering and pagination
@@ -1179,12 +1191,15 @@ declare const createLLMRequestsDataLayer: (db: Kysely<Database>) => {
    */
   listRequests: (params?: z$1.infer<typeof listRequestsSchema>) => Promise<{
     data: {
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
       variantId: string | null;
       provider: string;
       environmentId: string | null;
       configId: string | null;
-      requestId: string;
       providerConfigId: string | null;
+      requestId: string;
       model: string;
       promptTokens: number;
       completionTokens: number;
@@ -1199,9 +1214,17 @@ declare const createLLMRequestsDataLayer: (db: Kysely<Database>) => {
       isStreaming: boolean;
       userId: string | null;
       tags: Record<string, string>;
-      id: string;
-      createdAt: Date;
-      updatedAt: Date;
+      guardrailResults: {
+        results: {
+          configId: string;
+          functionId: string;
+          hookType: "beforeRequestHook" | "afterRequestHook";
+          verdict: boolean;
+          latencyMs: number;
+        }[];
+        action: "allowed" | "blocked" | "logged";
+        totalLatencyMs: number;
+      } | null;
     }[];
     total: number;
     limit: number;
@@ -1211,12 +1234,15 @@ declare const createLLMRequestsDataLayer: (db: Kysely<Database>) => {
    * Get a single request by requestId
    */
   getRequestByRequestId: (requestId: string) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     variantId: string | null;
     provider: string;
     environmentId: string | null;
     configId: string | null;
-    requestId: string;
     providerConfigId: string | null;
+    requestId: string;
     model: string;
     promptTokens: number;
     completionTokens: number;
@@ -1231,9 +1257,17 @@ declare const createLLMRequestsDataLayer: (db: Kysely<Database>) => {
     isStreaming: boolean;
     userId: string | null;
     tags: Record<string, string>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
+    guardrailResults: {
+      results: {
+        configId: string;
+        functionId: string;
+        hookType: "beforeRequestHook" | "afterRequestHook";
+        verdict: boolean;
+        latencyMs: number;
+      }[];
+      action: "allowed" | "blocked" | "logged";
+      totalLatencyMs: number;
+    } | null;
   } | undefined>;
   /**
    * Get total cost for a date range with optional filters
@@ -1338,22 +1372,22 @@ declare const createWorkspaceSettingsDataLayer: (db: Kysely<Database>) => {
    */
   getWorkspaceSettings: () => Promise<{
     name: string | null;
-    setupComplete: boolean;
-    superAdminId: string | null;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    setupComplete: boolean;
+    superAdminId: string | null;
   } | undefined>;
   /**
    * Update workspace settings
    */
   updateWorkspaceSettings: (params: z$1.infer<typeof updateWorkspaceSettings>) => Promise<{
     name: string | null;
-    setupComplete: boolean;
-    superAdminId: string | null;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    setupComplete: boolean;
+    superAdminId: string | null;
   } | undefined>;
   /**
    * Get the super admin user ID
@@ -1372,11 +1406,11 @@ declare const createWorkspaceSettingsDataLayer: (db: Kysely<Database>) => {
    */
   markSetupComplete: () => Promise<{
     name: string | null;
-    setupComplete: boolean;
-    superAdminId: string | null;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    setupComplete: boolean;
+    superAdminId: string | null;
   } | undefined>;
 };
 //#endregion
@@ -1415,72 +1449,72 @@ declare const createProviderConfigsDataLayer: (db: Kysely<Database>) => {
   createProviderConfig: (params: z$1.infer<typeof createProviderConfig>) => Promise<{
     slug: string | null;
     name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   } | undefined>;
   updateProviderConfig: (params: z$1.infer<typeof updateProviderConfig>) => Promise<{
     slug: string | null;
     name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   } | undefined>;
   getProviderConfigById: (params: z$1.infer<typeof getProviderConfigById>) => Promise<{
     slug: string | null;
     name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   } | undefined>;
   getProviderConfigByProviderId: (params: z$1.infer<typeof getProviderConfigByProviderId>) => Promise<{
     slug: string | null;
     name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   } | undefined>;
   getProviderConfigBySlug: (params: z$1.infer<typeof getProviderConfigBySlug>) => Promise<{
     slug: string | null;
     name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   } | undefined>;
   deleteProviderConfig: (params: z$1.infer<typeof deleteProviderConfig>) => Promise<{
     slug: string | null;
     name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   } | undefined>;
   listProviderConfigs: (params?: z$1.infer<typeof listProviderConfigs>) => Promise<{
     slug: string | null;
     name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   }[]>;
   countProviderConfigs: () => Promise<number>;
   /**
@@ -1490,255 +1524,502 @@ declare const createProviderConfigsDataLayer: (db: Kysely<Database>) => {
   upsertProviderConfig: (params: z$1.infer<typeof createProviderConfig>) => Promise<{
     slug: string | null;
     name: string | null;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     enabled: boolean;
     providerId: string;
     config: Record<string, unknown>;
+  } | undefined>;
+};
+//#endregion
+//#region src/datalayer/guardrailConfigs.d.ts
+declare const createGuardrailConfig: z$1.ZodObject<{
+  name: z$1.ZodString;
+  pluginId: z$1.ZodString;
+  functionId: z$1.ZodString;
+  hookType: z$1.ZodEnum<{
+    beforeRequestHook: "beforeRequestHook";
+    afterRequestHook: "afterRequestHook";
+  }>;
+  parameters: z$1.ZodDefault<z$1.ZodOptional<z$1.ZodRecord<z$1.ZodString, z$1.ZodUnknown>>>;
+  enabled: z$1.ZodDefault<z$1.ZodOptional<z$1.ZodBoolean>>;
+  priority: z$1.ZodDefault<z$1.ZodOptional<z$1.ZodNumber>>;
+  onFail: z$1.ZodDefault<z$1.ZodOptional<z$1.ZodEnum<{
+    block: "block";
+    log: "log";
+  }>>>;
+}, z$1.core.$strip>;
+declare const updateGuardrailConfig: z$1.ZodObject<{
+  id: z$1.ZodString;
+  name: z$1.ZodOptional<z$1.ZodString>;
+  hookType: z$1.ZodOptional<z$1.ZodEnum<{
+    beforeRequestHook: "beforeRequestHook";
+    afterRequestHook: "afterRequestHook";
+  }>>;
+  parameters: z$1.ZodOptional<z$1.ZodRecord<z$1.ZodString, z$1.ZodUnknown>>;
+  enabled: z$1.ZodOptional<z$1.ZodBoolean>;
+  priority: z$1.ZodOptional<z$1.ZodNumber>;
+  onFail: z$1.ZodOptional<z$1.ZodEnum<{
+    block: "block";
+    log: "log";
+  }>>;
+}, z$1.core.$strip>;
+declare const getGuardrailConfigById: z$1.ZodObject<{
+  id: z$1.ZodString;
+}, z$1.core.$strip>;
+declare const deleteGuardrailConfig: z$1.ZodObject<{
+  id: z$1.ZodString;
+}, z$1.core.$strip>;
+declare const listGuardrailConfigs: z$1.ZodObject<{
+  limit: z$1.ZodOptional<z$1.ZodNumber>;
+  offset: z$1.ZodOptional<z$1.ZodNumber>;
+  hookType: z$1.ZodOptional<z$1.ZodEnum<{
+    beforeRequestHook: "beforeRequestHook";
+    afterRequestHook: "afterRequestHook";
+  }>>;
+  enabled: z$1.ZodOptional<z$1.ZodBoolean>;
+}, z$1.core.$strip>;
+declare const createGuardrailConfigsDataLayer: (db: Kysely<Database>) => {
+  createGuardrailConfig: (params: z$1.infer<typeof createGuardrailConfig>) => Promise<{
+    name: string;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    priority: number;
+    enabled: boolean;
+    pluginId: string;
+    functionId: string;
+    hookType: string;
+    parameters: Record<string, unknown>;
+    onFail: string;
   } | undefined>;
+  updateGuardrailConfig: (params: z$1.infer<typeof updateGuardrailConfig>) => Promise<{
+    name: string;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    priority: number;
+    enabled: boolean;
+    pluginId: string;
+    functionId: string;
+    hookType: string;
+    parameters: Record<string, unknown>;
+    onFail: string;
+  } | undefined>;
+  getGuardrailConfigById: (params: z$1.infer<typeof getGuardrailConfigById>) => Promise<{
+    name: string;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    priority: number;
+    enabled: boolean;
+    pluginId: string;
+    functionId: string;
+    hookType: string;
+    parameters: Record<string, unknown>;
+    onFail: string;
+  } | undefined>;
+  deleteGuardrailConfig: (params: z$1.infer<typeof deleteGuardrailConfig>) => Promise<{
+    name: string;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    priority: number;
+    enabled: boolean;
+    pluginId: string;
+    functionId: string;
+    hookType: string;
+    parameters: Record<string, unknown>;
+    onFail: string;
+  } | undefined>;
+  listGuardrailConfigs: (params?: z$1.infer<typeof listGuardrailConfigs>) => Promise<{
+    name: string;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    priority: number;
+    enabled: boolean;
+    pluginId: string;
+    functionId: string;
+    hookType: string;
+    parameters: Record<string, unknown>;
+    onFail: string;
+  }[]>;
+  countGuardrailConfigs: () => Promise<number>;
+  /**
+   * Get all enabled guardrails for a specific hook type
+   * Ordered by priority (highest first)
+   */
+  getEnabledGuardrailsByHookType: (hookType: "beforeRequestHook" | "afterRequestHook") => Promise<{
+    name: string;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    priority: number;
+    enabled: boolean;
+    pluginId: string;
+    functionId: string;
+    hookType: string;
+    parameters: Record<string, unknown>;
+    onFail: string;
+  }[]>;
+};
+//#endregion
+//#region src/datalayer/providerGuardrailOverrides.d.ts
+declare const createProviderGuardrailOverride: z$1.ZodObject<{
+  providerConfigId: z$1.ZodString;
+  guardrailConfigId: z$1.ZodString;
+  enabled: z$1.ZodDefault<z$1.ZodOptional<z$1.ZodBoolean>>;
+  parameters: z$1.ZodOptional<z$1.ZodNullable<z$1.ZodRecord<z$1.ZodString, z$1.ZodUnknown>>>;
+}, z$1.core.$strip>;
+declare const updateProviderGuardrailOverride: z$1.ZodObject<{
+  id: z$1.ZodString;
+  enabled: z$1.ZodOptional<z$1.ZodBoolean>;
+  parameters: z$1.ZodOptional<z$1.ZodNullable<z$1.ZodRecord<z$1.ZodString, z$1.ZodUnknown>>>;
+}, z$1.core.$strip>;
+declare const getOverrideById: z$1.ZodObject<{
+  id: z$1.ZodString;
+}, z$1.core.$strip>;
+declare const deleteOverride: z$1.ZodObject<{
+  id: z$1.ZodString;
+}, z$1.core.$strip>;
+declare const getOverridesByProviderConfigId: z$1.ZodObject<{
+  providerConfigId: z$1.ZodString;
+}, z$1.core.$strip>;
+declare const getOverridesByGuardrailConfigId: z$1.ZodObject<{
+  guardrailConfigId: z$1.ZodString;
+}, z$1.core.$strip>;
+declare const getOverrideByProviderAndGuardrail: z$1.ZodObject<{
+  providerConfigId: z$1.ZodString;
+  guardrailConfigId: z$1.ZodString;
+}, z$1.core.$strip>;
+declare const createProviderGuardrailOverridesDataLayer: (db: Kysely<Database>) => {
+  createProviderGuardrailOverride: (params: z$1.infer<typeof createProviderGuardrailOverride>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
+  } | undefined>;
+  updateProviderGuardrailOverride: (params: z$1.infer<typeof updateProviderGuardrailOverride>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
+  } | undefined>;
+  getOverrideById: (params: z$1.infer<typeof getOverrideById>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
+  } | undefined>;
+  deleteProviderGuardrailOverride: (params: z$1.infer<typeof deleteOverride>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
+  } | undefined>;
+  getOverridesByProviderConfigId: (params: z$1.infer<typeof getOverridesByProviderConfigId>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
+  }[]>;
+  getOverridesByGuardrailConfigId: (params: z$1.infer<typeof getOverridesByGuardrailConfigId>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
+  }[]>;
+  getOverrideByProviderAndGuardrail: (params: z$1.infer<typeof getOverrideByProviderAndGuardrail>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
+  } | undefined>;
+  /**
+   * Upsert provider guardrail override - creates if not exists, updates if exists
+   */
+  upsertProviderGuardrailOverride: (params: z$1.infer<typeof createProviderGuardrailOverride>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
+  } | undefined>;
+  /**
+   * Delete all overrides for a guardrail config
+   * Useful when deleting a guardrail config
+   */
+  deleteOverridesByGuardrailConfigId: (params: z$1.infer<typeof getOverridesByGuardrailConfigId>) => Promise<kysely0.DeleteResult[]>;
 };
 //#endregion
 //#region src/datalayer/index.d.ts
 declare const createDataLayer: (db: Kysely<Database>) => Promise<{
   getWorkspaceSettings: () => Promise<{
     name: string | null;
-    setupComplete: boolean;
-    superAdminId: string | null;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    setupComplete: boolean;
+    superAdminId: string | null;
   } | undefined>;
-  updateWorkspaceSettings: (params: zod33.infer<zod33.ZodObject<{
-    name: zod33.ZodOptional<zod33.ZodNullable<zod33.ZodString>>;
-    setupComplete: zod33.ZodOptional<zod33.ZodBoolean>;
-    superAdminId: zod33.ZodOptional<zod33.ZodNullable<zod33.ZodString>>;
+  updateWorkspaceSettings: (params: zod37.infer<zod37.ZodObject<{
+    name: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodString>>;
+    setupComplete: zod37.ZodOptional<zod37.ZodBoolean>;
+    superAdminId: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodString>>;
   }, better_auth0.$strip>>) => Promise<{
     name: string | null;
-    setupComplete: boolean;
-    superAdminId: string | null;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    setupComplete: boolean;
+    superAdminId: string | null;
   } | undefined>;
   getSuperAdminId: () => Promise<string | null>;
   setSuperAdminId: (userId: string) => Promise<boolean>;
   isSetupComplete: () => Promise<boolean>;
   markSetupComplete: () => Promise<{
     name: string | null;
-    setupComplete: boolean;
-    superAdminId: string | null;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    setupComplete: boolean;
+    superAdminId: string | null;
   } | undefined>;
-  createVariantVersion: (params: zod33.infer<zod33.ZodObject<{
-    variantId: zod33.ZodString;
-    provider: zod33.ZodString;
-    modelName: zod33.ZodString;
-    jsonData: zod33.ZodDefault<zod33.ZodOptional<zod33.ZodRecord<zod33.ZodString, zod33.ZodUnknown>>>;
+  createVariantVersion: (params: zod37.infer<zod37.ZodObject<{
+    variantId: zod37.ZodString;
+    provider: zod37.ZodString;
+    modelName: zod37.ZodString;
+    jsonData: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodRecord<zod37.ZodString, zod37.ZodUnknown>>>;
   }, better_auth0.$strip>>) => Promise<{
     version: number;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     variantId: string;
     provider: string;
     modelName: string;
     jsonData: Record<string, unknown>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
   } | undefined>;
-  getVariantVersionById: (params: zod33.infer<zod33.ZodObject<{
-    id: zod33.ZodString;
+  getVariantVersionById: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     version: number;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     variantId: string;
     provider: string;
     modelName: string;
     jsonData: Record<string, unknown>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
   } | undefined>;
-  getVariantVersionsByVariantId: (params: zod33.infer<zod33.ZodObject<{
-    variantId: zod33.ZodString;
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
+  getVariantVersionsByVariantId: (params: zod37.infer<zod37.ZodObject<{
+    variantId: zod37.ZodString;
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
   }, better_auth0.$strip>>) => Promise<{
     version: number;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     variantId: string;
     provider: string;
     modelName: string;
     jsonData: Record<string, unknown>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
   }[]>;
-  getLatestVariantVersion: (params: zod33.infer<zod33.ZodObject<{
-    variantId: zod33.ZodString;
+  getLatestVariantVersion: (params: zod37.infer<zod37.ZodObject<{
+    variantId: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     version: number;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     variantId: string;
     provider: string;
     modelName: string;
     jsonData: Record<string, unknown>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
   } | undefined>;
-  getVariantVersionByNumber: (params: zod33.infer<zod33.ZodObject<{
-    variantId: zod33.ZodString;
-    version: zod33.ZodNumber;
+  getVariantVersionByNumber: (params: zod37.infer<zod37.ZodObject<{
+    variantId: zod37.ZodString;
+    version: zod37.ZodNumber;
   }, better_auth0.$strip>>) => Promise<{
     version: number;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     variantId: string;
     provider: string;
     modelName: string;
     jsonData: Record<string, unknown>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
   } | undefined>;
-  deleteVariantVersion: (params: zod33.infer<zod33.ZodObject<{
-    id: zod33.ZodString;
+  deleteVariantVersion: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     version: number;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     variantId: string;
     provider: string;
     modelName: string;
     jsonData: Record<string, unknown>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
   } | undefined>;
-  deleteVariantVersionsByVariantId: (params: zod33.infer<zod33.ZodObject<{
-    variantId: zod33.ZodString;
+  deleteVariantVersionsByVariantId: (params: zod37.infer<zod37.ZodObject<{
+    variantId: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     version: number;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     variantId: string;
     provider: string;
     modelName: string;
     jsonData: Record<string, unknown>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
   }[]>;
-  getVariantVersionWithVariant: (params: zod33.infer<zod33.ZodObject<{
-    id: zod33.ZodString;
+  getVariantVersionWithVariant: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     version: number;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     variantId: string;
     provider: string;
     modelName: string;
     jsonData: Record<string, unknown>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
     variantName: string;
   } | undefined>;
-  getVariantVersionsWithVariantByVariantId: (params: zod33.infer<zod33.ZodObject<{
-    variantId: zod33.ZodString;
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
+  getVariantVersionsWithVariantByVariantId: (params: zod37.infer<zod37.ZodObject<{
+    variantId: zod37.ZodString;
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
   }, better_auth0.$strip>>) => Promise<{
     version: number;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     variantId: string;
     provider: string;
     modelName: string;
     jsonData: Record<string, unknown>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
     variantName: string;
   }[]>;
-  createVariant: (params: zod33.infer<zod33.ZodObject<{
-    name: zod33.ZodString;
+  createVariant: (params: zod37.infer<zod37.ZodObject<{
+    name: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     name: string;
     id: string;
     createdAt: Date;
     updatedAt: Date;
   } | undefined>;
-  updateVariant: (params: zod33.infer<zod33.ZodObject<{
-    variantId: zod33.ZodString;
-    name: zod33.ZodOptional<zod33.ZodString>;
+  updateVariant: (params: zod37.infer<zod37.ZodObject<{
+    variantId: zod37.ZodString;
+    name: zod37.ZodOptional<zod37.ZodString>;
   }, better_auth0.$strip>>) => Promise<{
     name: string;
     id: string;
     createdAt: Date;
     updatedAt: Date;
   } | undefined>;
-  getVariantById: (params: zod33.infer<zod33.ZodObject<{
-    variantId: zod33.ZodString;
+  getVariantById: (params: zod37.infer<zod37.ZodObject<{
+    variantId: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     name: string;
     id: string;
     createdAt: Date;
     updatedAt: Date;
   } | undefined>;
-  getVariantWithLatestVersion: (params: zod33.infer<zod33.ZodObject<{
-    variantId: zod33.ZodString;
+  getVariantWithLatestVersion: (params: zod37.infer<zod37.ZodObject<{
+    variantId: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     latestVersion: {
       version: number;
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
       variantId: string;
       provider: string;
       modelName: string;
       jsonData: Record<string, unknown>;
-      id: string;
-      createdAt: Date;
-      updatedAt: Date;
     } | null;
     name: string;
     id: string;
     createdAt: Date;
     updatedAt: Date;
   } | undefined>;
-  deleteVariant: (params: zod33.infer<zod33.ZodObject<{
-    variantId: zod33.ZodString;
+  deleteVariant: (params: zod37.infer<zod37.ZodObject<{
+    variantId: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     name: string;
     id: string;
     createdAt: Date;
     updatedAt: Date;
   } | undefined>;
-  listVariants: (params?: zod33.infer<zod33.ZodObject<{
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
+  listVariants: (params?: zod37.infer<zod37.ZodObject<{
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
   }, better_auth0.$strip>>) => Promise<{
     name: string;
     id: string;
     createdAt: Date;
     updatedAt: Date;
   }[]>;
-  listVariantsWithLatestVersion: (params?: zod33.infer<zod33.ZodObject<{
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
+  listVariantsWithLatestVersion: (params?: zod37.infer<zod37.ZodObject<{
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
   }, better_auth0.$strip>>) => Promise<{
     latestVersion: {
       version: number;
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
       variantId: string;
       provider: string;
       modelName: string;
       jsonData: Record<string, unknown>;
-      id: string;
-      createdAt: Date;
-      updatedAt: Date;
     } | null;
     name: string;
     id: string;
     createdAt: Date;
     updatedAt: Date;
   }[]>;
-  createTargetingRule: (params: zod33.infer<zod33.ZodObject<{
-    environmentId: zod33.ZodString;
-    configId: zod33.ZodString;
-    configVariantId: zod33.ZodString;
-    variantVersionId: zod33.ZodOptional<zod33.ZodNullable<zod33.ZodString>>;
-    weight: zod33.ZodDefault<zod33.ZodOptional<zod33.ZodNumber>>;
-    priority: zod33.ZodDefault<zod33.ZodOptional<zod33.ZodNumber>>;
-    enabled: zod33.ZodDefault<zod33.ZodOptional<zod33.ZodBoolean>>;
-    conditions: zod33.ZodOptional<zod33.ZodNullable<zod33.ZodRecord<zod33.ZodString, zod33.ZodUnknown>>>;
+  createTargetingRule: (params: zod37.infer<zod37.ZodObject<{
+    environmentId: zod37.ZodString;
+    configId: zod37.ZodString;
+    configVariantId: zod37.ZodString;
+    variantVersionId: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodString>>;
+    weight: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodNumber>>;
+    priority: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodNumber>>;
+    enabled: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodBoolean>>;
+    conditions: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodRecord<zod37.ZodString, zod37.ZodUnknown>>>;
   }, better_auth0.$strip>>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     environmentId: string;
     configId: string;
     configVariantId: string;
@@ -1747,18 +2028,18 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     priority: number;
     enabled: boolean;
     conditions: Record<string, unknown>;
+  } | undefined>;
+  updateTargetingRule: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
+    variantVersionId: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodString>>;
+    weight: zod37.ZodOptional<zod37.ZodNumber>;
+    priority: zod37.ZodOptional<zod37.ZodNumber>;
+    enabled: zod37.ZodOptional<zod37.ZodBoolean>;
+    conditions: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodRecord<zod37.ZodString, zod37.ZodUnknown>>>;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  } | undefined>;
-  updateTargetingRule: (params: zod33.infer<zod33.ZodObject<{
-    id: zod33.ZodString;
-    variantVersionId: zod33.ZodOptional<zod33.ZodNullable<zod33.ZodString>>;
-    weight: zod33.ZodOptional<zod33.ZodNumber>;
-    priority: zod33.ZodOptional<zod33.ZodNumber>;
-    enabled: zod33.ZodOptional<zod33.ZodBoolean>;
-    conditions: zod33.ZodOptional<zod33.ZodNullable<zod33.ZodRecord<zod33.ZodString, zod33.ZodUnknown>>>;
-  }, better_auth0.$strip>>) => Promise<{
     environmentId: string;
     configId: string;
     configVariantId: string;
@@ -1767,13 +2048,13 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     priority: number;
     enabled: boolean;
     conditions: Record<string, unknown>;
+  } | undefined>;
+  getTargetingRuleById: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  } | undefined>;
-  getTargetingRuleById: (params: zod33.infer<zod33.ZodObject<{
-    id: zod33.ZodString;
-  }, better_auth0.$strip>>) => Promise<{
     environmentId: string;
     configId: string;
     configVariantId: string;
@@ -1782,15 +2063,15 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     priority: number;
     enabled: boolean;
     conditions: Record<string, unknown>;
+  } | undefined>;
+  getTargetingRulesByConfigId: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodString;
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  } | undefined>;
-  getTargetingRulesByConfigId: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodString;
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
-  }, better_auth0.$strip>>) => Promise<{
     environmentId: string;
     configId: string;
     configVariantId: string;
@@ -1799,15 +2080,15 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     priority: number;
     enabled: boolean;
     conditions: Record<string, unknown>;
+  }[]>;
+  getTargetingRulesByEnvironmentId: (params: zod37.infer<zod37.ZodObject<{
+    environmentId: zod37.ZodString;
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  }[]>;
-  getTargetingRulesByEnvironmentId: (params: zod33.infer<zod33.ZodObject<{
-    environmentId: zod33.ZodString;
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
-  }, better_auth0.$strip>>) => Promise<{
     environmentId: string;
     configId: string;
     configVariantId: string;
@@ -1816,14 +2097,14 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     priority: number;
     enabled: boolean;
     conditions: Record<string, unknown>;
+  }[]>;
+  getTargetingRulesByConfigAndEnvironment: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodString;
+    environmentId: zod37.ZodString;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  }[]>;
-  getTargetingRulesByConfigAndEnvironment: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodString;
-    environmentId: zod33.ZodString;
-  }, better_auth0.$strip>>) => Promise<{
     environmentId: string;
     configId: string;
     configVariantId: string;
@@ -1832,13 +2113,13 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     priority: number;
     enabled: boolean;
     conditions: Record<string, unknown>;
+  }[]>;
+  deleteTargetingRule: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  }[]>;
-  deleteTargetingRule: (params: zod33.infer<zod33.ZodObject<{
-    id: zod33.ZodString;
-  }, better_auth0.$strip>>) => Promise<{
     environmentId: string;
     configId: string;
     configVariantId: string;
@@ -1847,13 +2128,13 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     priority: number;
     enabled: boolean;
     conditions: Record<string, unknown>;
+  } | undefined>;
+  deleteTargetingRulesByConfigId: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodString;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  } | undefined>;
-  deleteTargetingRulesByConfigId: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodString;
-  }, better_auth0.$strip>>) => Promise<{
     environmentId: string;
     configId: string;
     configVariantId: string;
@@ -1862,13 +2143,13 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     priority: number;
     enabled: boolean;
     conditions: Record<string, unknown>;
+  }[]>;
+  deleteTargetingRulesByEnvironmentId: (params: zod37.infer<zod37.ZodObject<{
+    environmentId: zod37.ZodString;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  }[]>;
-  deleteTargetingRulesByEnvironmentId: (params: zod33.infer<zod33.ZodObject<{
-    environmentId: zod33.ZodString;
-  }, better_auth0.$strip>>) => Promise<{
     environmentId: string;
     configId: string;
     configVariantId: string;
@@ -1877,14 +2158,14 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     priority: number;
     enabled: boolean;
     conditions: Record<string, unknown>;
+  }[]>;
+  listTargetingRules: (params?: zod37.infer<zod37.ZodObject<{
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  }[]>;
-  listTargetingRules: (params?: zod33.infer<zod33.ZodObject<{
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
-  }, better_auth0.$strip>>) => Promise<{
     environmentId: string;
     configId: string;
     configVariantId: string;
@@ -1893,20 +2174,41 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     priority: number;
     enabled: boolean;
     conditions: Record<string, unknown>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
   }[]>;
-  getTargetingRulesWithDetailsByConfigId: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodString;
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
+  getTargetingRulesWithDetailsByConfigId: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodString;
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
   }, better_auth0.$strip>>) => Promise<{
     variantProvider: string | null;
     variantModelName: string | null;
     pinnedVersion: number | null | undefined;
     latestVersion: number | null | undefined;
     variantName: string | null;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    environmentId: string;
+    configId: string;
+    configVariantId: string;
+    variantVersionId: string | null;
+    weight: number;
+    priority: number;
+    enabled: boolean;
+    conditions: Record<string, unknown>;
+    variantId: string | null;
+    environmentName: string | null;
+    environmentSlug: string | null;
+  }[]>;
+  setTargetingForEnvironment: (params: zod37.infer<zod37.ZodObject<{
+    environmentId: zod37.ZodString;
+    configId: zod37.ZodString;
+    configVariantId: zod37.ZodString;
+    variantVersionId: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodString>>;
+  }, better_auth0.$strip>>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     environmentId: string;
     configId: string;
     configVariantId: string;
@@ -1914,152 +2216,231 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     weight: number;
     priority: number;
     enabled: boolean;
-    conditions: Record<string, unknown>;
+    conditions: Record<string, unknown>;
+  } | undefined>;
+  createProviderGuardrailOverride: (params: zod37.infer<zod37.ZodObject<{
+    providerConfigId: zod37.ZodString;
+    guardrailConfigId: zod37.ZodString;
+    enabled: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodBoolean>>;
+    parameters: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodRecord<zod37.ZodString, zod37.ZodUnknown>>>;
+  }, better_auth0.$strip>>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
+  } | undefined>;
+  updateProviderGuardrailOverride: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
+    enabled: zod37.ZodOptional<zod37.ZodBoolean>;
+    parameters: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodRecord<zod37.ZodString, zod37.ZodUnknown>>>;
+  }, better_auth0.$strip>>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
+  } | undefined>;
+  getOverrideById: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
+  }, better_auth0.$strip>>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
+  } | undefined>;
+  deleteProviderGuardrailOverride: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
+  }, better_auth0.$strip>>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
+  } | undefined>;
+  getOverridesByProviderConfigId: (params: zod37.infer<zod37.ZodObject<{
+    providerConfigId: zod37.ZodString;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-    variantId: string | null;
-    environmentName: string | null;
-    environmentSlug: string | null;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
   }[]>;
-  setTargetingForEnvironment: (params: zod33.infer<zod33.ZodObject<{
-    environmentId: zod33.ZodString;
-    configId: zod33.ZodString;
-    configVariantId: zod33.ZodString;
-    variantVersionId: zod33.ZodOptional<zod33.ZodNullable<zod33.ZodString>>;
+  getOverridesByGuardrailConfigId: (params: zod37.infer<zod37.ZodObject<{
+    guardrailConfigId: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
-    environmentId: string;
-    configId: string;
-    configVariantId: string;
-    variantVersionId: string | null;
-    weight: number;
-    priority: number;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     enabled: boolean;
-    conditions: Record<string, unknown>;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
+  }[]>;
+  getOverrideByProviderAndGuardrail: (params: zod37.infer<zod37.ZodObject<{
+    providerConfigId: zod37.ZodString;
+    guardrailConfigId: zod37.ZodString;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
   } | undefined>;
-  createProviderConfig: (params: zod33.infer<zod33.ZodObject<{
-    providerId: zod33.ZodString;
-    slug: zod33.ZodOptional<zod33.ZodNullable<zod33.ZodString>>;
-    name: zod33.ZodOptional<zod33.ZodNullable<zod33.ZodString>>;
-    config: zod33.ZodRecord<zod33.ZodString, zod33.ZodUnknown>;
-    enabled: zod33.ZodDefault<zod33.ZodOptional<zod33.ZodBoolean>>;
+  upsertProviderGuardrailOverride: (params: zod37.infer<zod37.ZodObject<{
+    providerConfigId: zod37.ZodString;
+    guardrailConfigId: zod37.ZodString;
+    enabled: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodBoolean>>;
+    parameters: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodRecord<zod37.ZodString, zod37.ZodUnknown>>>;
   }, better_auth0.$strip>>) => Promise<{
-    slug: string | null;
-    name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    parameters: Record<string, unknown> | null;
+    providerConfigId: string;
+    guardrailConfigId: string;
   } | undefined>;
-  updateProviderConfig: (params: zod33.infer<zod33.ZodObject<{
-    id: zod33.ZodUUID;
-    slug: zod33.ZodOptional<zod33.ZodNullable<zod33.ZodString>>;
-    name: zod33.ZodOptional<zod33.ZodNullable<zod33.ZodString>>;
-    config: zod33.ZodOptional<zod33.ZodRecord<zod33.ZodString, zod33.ZodUnknown>>;
-    enabled: zod33.ZodOptional<zod33.ZodBoolean>;
+  deleteOverridesByGuardrailConfigId: (params: zod37.infer<zod37.ZodObject<{
+    guardrailConfigId: zod37.ZodString;
+  }, better_auth0.$strip>>) => Promise<kysely0.DeleteResult[]>;
+  createProviderConfig: (params: zod37.infer<zod37.ZodObject<{
+    providerId: zod37.ZodString;
+    slug: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodString>>;
+    name: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodString>>;
+    config: zod37.ZodRecord<zod37.ZodString, zod37.ZodUnknown>;
+    enabled: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodBoolean>>;
   }, better_auth0.$strip>>) => Promise<{
     slug: string | null;
     name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   } | undefined>;
-  getProviderConfigById: (params: zod33.infer<zod33.ZodObject<{
-    id: zod33.ZodUUID;
+  updateProviderConfig: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodUUID;
+    slug: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodString>>;
+    name: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodString>>;
+    config: zod37.ZodOptional<zod37.ZodRecord<zod37.ZodString, zod37.ZodUnknown>>;
+    enabled: zod37.ZodOptional<zod37.ZodBoolean>;
   }, better_auth0.$strip>>) => Promise<{
     slug: string | null;
     name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   } | undefined>;
-  getProviderConfigByProviderId: (params: zod33.infer<zod33.ZodObject<{
-    providerId: zod33.ZodString;
+  getProviderConfigById: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodUUID;
   }, better_auth0.$strip>>) => Promise<{
     slug: string | null;
     name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   } | undefined>;
-  getProviderConfigBySlug: (params: zod33.infer<zod33.ZodObject<{
-    slug: zod33.ZodString;
+  getProviderConfigByProviderId: (params: zod37.infer<zod37.ZodObject<{
+    providerId: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     slug: string | null;
     name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   } | undefined>;
-  deleteProviderConfig: (params: zod33.infer<zod33.ZodObject<{
-    id: zod33.ZodUUID;
+  getProviderConfigBySlug: (params: zod37.infer<zod37.ZodObject<{
+    slug: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     slug: string | null;
     name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   } | undefined>;
-  listProviderConfigs: (params?: zod33.infer<zod33.ZodObject<{
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
+  deleteProviderConfig: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodUUID;
   }, better_auth0.$strip>>) => Promise<{
     slug: string | null;
     name: string | null;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     enabled: boolean;
     providerId: string;
     config: Record<string, unknown>;
+  } | undefined>;
+  listProviderConfigs: (params?: zod37.infer<zod37.ZodObject<{
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
+  }, better_auth0.$strip>>) => Promise<{
+    slug: string | null;
+    name: string | null;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   }[]>;
   countProviderConfigs: () => Promise<number>;
-  upsertProviderConfig: (params: zod33.infer<zod33.ZodObject<{
-    providerId: zod33.ZodString;
-    slug: zod33.ZodOptional<zod33.ZodNullable<zod33.ZodString>>;
-    name: zod33.ZodOptional<zod33.ZodNullable<zod33.ZodString>>;
-    config: zod33.ZodRecord<zod33.ZodString, zod33.ZodUnknown>;
-    enabled: zod33.ZodDefault<zod33.ZodOptional<zod33.ZodBoolean>>;
+  upsertProviderConfig: (params: zod37.infer<zod37.ZodObject<{
+    providerId: zod37.ZodString;
+    slug: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodString>>;
+    name: zod37.ZodOptional<zod37.ZodNullable<zod37.ZodString>>;
+    config: zod37.ZodRecord<zod37.ZodString, zod37.ZodUnknown>;
+    enabled: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodBoolean>>;
   }, better_auth0.$strip>>) => Promise<{
     slug: string | null;
     name: string | null;
-    enabled: boolean;
-    providerId: string;
-    config: Record<string, unknown>;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    enabled: boolean;
+    providerId: string;
+    config: Record<string, unknown>;
   } | undefined>;
   batchInsertRequests: (requests: LLMRequestInsert[]) => Promise<{
     count: number;
   }>;
   insertRequest: (request: LLMRequestInsert) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     variantId: string | null;
     provider: string;
     environmentId: string | null;
     configId: string | null;
-    requestId: string;
     providerConfigId: string | null;
+    requestId: string;
     model: string;
     promptTokens: number;
     completionTokens: number;
@@ -2074,30 +2455,41 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     isStreaming: boolean;
     userId: string | null;
     tags: Record<string, string>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
+    guardrailResults: {
+      results: {
+        configId: string;
+        functionId: string;
+        hookType: "beforeRequestHook" | "afterRequestHook";
+        verdict: boolean;
+        latencyMs: number;
+      }[];
+      action: "allowed" | "blocked" | "logged";
+      totalLatencyMs: number;
+    } | null;
   } | undefined>;
-  listRequests: (params?: zod33.infer<zod33.ZodObject<{
-    limit: zod33.ZodDefault<zod33.ZodNumber>;
-    offset: zod33.ZodDefault<zod33.ZodNumber>;
-    configId: zod33.ZodOptional<zod33.ZodString>;
-    variantId: zod33.ZodOptional<zod33.ZodString>;
-    environmentId: zod33.ZodOptional<zod33.ZodString>;
-    providerConfigId: zod33.ZodOptional<zod33.ZodString>;
-    provider: zod33.ZodOptional<zod33.ZodString>;
-    model: zod33.ZodOptional<zod33.ZodString>;
-    startDate: zod33.ZodOptional<zod33.ZodDate>;
-    endDate: zod33.ZodOptional<zod33.ZodDate>;
-    tags: zod33.ZodOptional<zod33.ZodRecord<zod33.ZodString, zod33.ZodArray<zod33.ZodString>>>;
+  listRequests: (params?: zod37.infer<zod37.ZodObject<{
+    limit: zod37.ZodDefault<zod37.ZodNumber>;
+    offset: zod37.ZodDefault<zod37.ZodNumber>;
+    configId: zod37.ZodOptional<zod37.ZodString>;
+    variantId: zod37.ZodOptional<zod37.ZodString>;
+    environmentId: zod37.ZodOptional<zod37.ZodString>;
+    providerConfigId: zod37.ZodOptional<zod37.ZodString>;
+    provider: zod37.ZodOptional<zod37.ZodString>;
+    model: zod37.ZodOptional<zod37.ZodString>;
+    startDate: zod37.ZodOptional<zod37.ZodDate>;
+    endDate: zod37.ZodOptional<zod37.ZodDate>;
+    tags: zod37.ZodOptional<zod37.ZodRecord<zod37.ZodString, zod37.ZodArray<zod37.ZodString>>>;
   }, better_auth0.$strip>>) => Promise<{
     data: {
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
       variantId: string | null;
       provider: string;
       environmentId: string | null;
       configId: string | null;
-      requestId: string;
       providerConfigId: string | null;
+      requestId: string;
       model: string;
       promptTokens: number;
       completionTokens: number;
@@ -2112,21 +2504,32 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
       isStreaming: boolean;
       userId: string | null;
       tags: Record<string, string>;
-      id: string;
-      createdAt: Date;
-      updatedAt: Date;
+      guardrailResults: {
+        results: {
+          configId: string;
+          functionId: string;
+          hookType: "beforeRequestHook" | "afterRequestHook";
+          verdict: boolean;
+          latencyMs: number;
+        }[];
+        action: "allowed" | "blocked" | "logged";
+        totalLatencyMs: number;
+      } | null;
     }[];
     total: number;
     limit: number;
     offset: number;
   }>;
   getRequestByRequestId: (requestId: string) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     variantId: string | null;
     provider: string;
     environmentId: string | null;
     configId: string | null;
-    requestId: string;
     providerConfigId: string | null;
+    requestId: string;
     model: string;
     promptTokens: number;
     completionTokens: number;
@@ -2141,17 +2544,25 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     isStreaming: boolean;
     userId: string | null;
     tags: Record<string, string>;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date;
+    guardrailResults: {
+      results: {
+        configId: string;
+        functionId: string;
+        hookType: "beforeRequestHook" | "afterRequestHook";
+        verdict: boolean;
+        latencyMs: number;
+      }[];
+      action: "allowed" | "blocked" | "logged";
+      totalLatencyMs: number;
+    } | null;
   } | undefined>;
-  getTotalCost: (params: zod33.infer<zod33.ZodObject<{
-    startDate: zod33.ZodDate;
-    endDate: zod33.ZodDate;
-    configId: zod33.ZodOptional<zod33.ZodString>;
-    variantId: zod33.ZodOptional<zod33.ZodString>;
-    environmentId: zod33.ZodOptional<zod33.ZodString>;
-    tags: zod33.ZodOptional<zod33.ZodRecord<zod33.ZodString, zod33.ZodArray<zod33.ZodString>>>;
+  getTotalCost: (params: zod37.infer<zod37.ZodObject<{
+    startDate: zod37.ZodDate;
+    endDate: zod37.ZodDate;
+    configId: zod37.ZodOptional<zod37.ZodString>;
+    variantId: zod37.ZodOptional<zod37.ZodString>;
+    environmentId: zod37.ZodOptional<zod37.ZodString>;
+    tags: zod37.ZodOptional<zod37.ZodRecord<zod37.ZodString, zod37.ZodArray<zod37.ZodString>>>;
   }, better_auth0.$strip>>) => Promise<{
     totalCost: number;
     totalInputCost: number;
@@ -2161,13 +2572,13 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     totalTokens: number;
     requestCount: number;
   } | undefined>;
-  getCostByModel: (params: zod33.infer<zod33.ZodObject<{
-    startDate: zod33.ZodDate;
-    endDate: zod33.ZodDate;
-    configId: zod33.ZodOptional<zod33.ZodString>;
-    variantId: zod33.ZodOptional<zod33.ZodString>;
-    environmentId: zod33.ZodOptional<zod33.ZodString>;
-    tags: zod33.ZodOptional<zod33.ZodRecord<zod33.ZodString, zod33.ZodArray<zod33.ZodString>>>;
+  getCostByModel: (params: zod37.infer<zod37.ZodObject<{
+    startDate: zod37.ZodDate;
+    endDate: zod37.ZodDate;
+    configId: zod37.ZodOptional<zod37.ZodString>;
+    variantId: zod37.ZodOptional<zod37.ZodString>;
+    environmentId: zod37.ZodOptional<zod37.ZodString>;
+    tags: zod37.ZodOptional<zod37.ZodRecord<zod37.ZodString, zod37.ZodArray<zod37.ZodString>>>;
   }, better_auth0.$strip>>) => Promise<{
     provider: string;
     model: string;
@@ -2178,13 +2589,13 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     requestCount: number;
     avgLatencyMs: number;
   }[]>;
-  getCostByProvider: (params: zod33.infer<zod33.ZodObject<{
-    startDate: zod33.ZodDate;
-    endDate: zod33.ZodDate;
-    configId: zod33.ZodOptional<zod33.ZodString>;
-    variantId: zod33.ZodOptional<zod33.ZodString>;
-    environmentId: zod33.ZodOptional<zod33.ZodString>;
-    tags: zod33.ZodOptional<zod33.ZodRecord<zod33.ZodString, zod33.ZodArray<zod33.ZodString>>>;
+  getCostByProvider: (params: zod37.infer<zod37.ZodObject<{
+    startDate: zod37.ZodDate;
+    endDate: zod37.ZodDate;
+    configId: zod37.ZodOptional<zod37.ZodString>;
+    variantId: zod37.ZodOptional<zod37.ZodString>;
+    environmentId: zod37.ZodOptional<zod37.ZodString>;
+    tags: zod37.ZodOptional<zod37.ZodRecord<zod37.ZodString, zod37.ZodArray<zod37.ZodString>>>;
   }, better_auth0.$strip>>) => Promise<{
     provider: string;
     totalCost: number;
@@ -2194,13 +2605,13 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     requestCount: number;
     avgLatencyMs: number;
   }[]>;
-  getCostByConfig: (params: zod33.infer<zod33.ZodObject<{
-    startDate: zod33.ZodDate;
-    endDate: zod33.ZodDate;
-    configId: zod33.ZodOptional<zod33.ZodString>;
-    variantId: zod33.ZodOptional<zod33.ZodString>;
-    environmentId: zod33.ZodOptional<zod33.ZodString>;
-    tags: zod33.ZodOptional<zod33.ZodRecord<zod33.ZodString, zod33.ZodArray<zod33.ZodString>>>;
+  getCostByConfig: (params: zod37.infer<zod37.ZodObject<{
+    startDate: zod37.ZodDate;
+    endDate: zod37.ZodDate;
+    configId: zod37.ZodOptional<zod37.ZodString>;
+    variantId: zod37.ZodOptional<zod37.ZodString>;
+    environmentId: zod37.ZodOptional<zod37.ZodString>;
+    tags: zod37.ZodOptional<zod37.ZodRecord<zod37.ZodString, zod37.ZodArray<zod37.ZodString>>>;
   }, better_auth0.$strip>>) => Promise<{
     configId: string | null;
     totalCost: number;
@@ -2211,13 +2622,13 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     configName: string | null | undefined;
     configSlug: string | null;
   }[]>;
-  getDailyCosts: (params: zod33.infer<zod33.ZodObject<{
-    startDate: zod33.ZodDate;
-    endDate: zod33.ZodDate;
-    configId: zod33.ZodOptional<zod33.ZodString>;
-    variantId: zod33.ZodOptional<zod33.ZodString>;
-    environmentId: zod33.ZodOptional<zod33.ZodString>;
-    tags: zod33.ZodOptional<zod33.ZodRecord<zod33.ZodString, zod33.ZodArray<zod33.ZodString>>>;
+  getDailyCosts: (params: zod37.infer<zod37.ZodObject<{
+    startDate: zod37.ZodDate;
+    endDate: zod37.ZodDate;
+    configId: zod37.ZodOptional<zod37.ZodString>;
+    variantId: zod37.ZodOptional<zod37.ZodString>;
+    environmentId: zod37.ZodOptional<zod37.ZodString>;
+    tags: zod37.ZodOptional<zod37.ZodRecord<zod37.ZodString, zod37.ZodArray<zod37.ZodString>>>;
   }, better_auth0.$strip>>) => Promise<{
     totalCost: number;
     totalInputCost: number;
@@ -2226,14 +2637,14 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     requestCount: number;
     date: string;
   }[]>;
-  getCostSummary: (params: zod33.infer<zod33.ZodObject<{
-    startDate: zod33.ZodDate;
-    endDate: zod33.ZodDate;
-    configId: zod33.ZodOptional<zod33.ZodString>;
-    variantId: zod33.ZodOptional<zod33.ZodString>;
-    environmentId: zod33.ZodOptional<zod33.ZodString>;
-    tags: zod33.ZodOptional<zod33.ZodRecord<zod33.ZodString, zod33.ZodArray<zod33.ZodString>>>;
-    groupBy: zod33.ZodOptional<zod33.ZodEnum<{
+  getCostSummary: (params: zod37.infer<zod37.ZodObject<{
+    startDate: zod37.ZodDate;
+    endDate: zod37.ZodDate;
+    configId: zod37.ZodOptional<zod37.ZodString>;
+    variantId: zod37.ZodOptional<zod37.ZodString>;
+    environmentId: zod37.ZodOptional<zod37.ZodString>;
+    tags: zod37.ZodOptional<zod37.ZodRecord<zod37.ZodString, zod37.ZodArray<zod37.ZodString>>>;
+    groupBy: zod37.ZodOptional<zod37.ZodEnum<{
       provider: "provider";
       config: "config";
       model: "model";
@@ -2245,13 +2656,13 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     requestCount: number;
     groupKey: string;
   }[]>;
-  getRequestStats: (params: zod33.infer<zod33.ZodObject<{
-    startDate: zod33.ZodDate;
-    endDate: zod33.ZodDate;
-    configId: zod33.ZodOptional<zod33.ZodString>;
-    variantId: zod33.ZodOptional<zod33.ZodString>;
-    environmentId: zod33.ZodOptional<zod33.ZodString>;
-    tags: zod33.ZodOptional<zod33.ZodRecord<zod33.ZodString, zod33.ZodArray<zod33.ZodString>>>;
+  getRequestStats: (params: zod37.infer<zod37.ZodObject<{
+    startDate: zod37.ZodDate;
+    endDate: zod37.ZodDate;
+    configId: zod37.ZodOptional<zod37.ZodString>;
+    variantId: zod37.ZodOptional<zod37.ZodString>;
+    environmentId: zod37.ZodOptional<zod37.ZodString>;
+    tags: zod37.ZodOptional<zod37.ZodRecord<zod37.ZodString, zod37.ZodArray<zod37.ZodString>>>;
   }, better_auth0.$strip>>) => Promise<{
     avgLatencyMs: number;
     totalRequests: number;
@@ -2265,270 +2676,390 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     key: string;
     value: string;
   }[]>;
-  createEnvironmentSecret: (params: zod33.infer<zod33.ZodObject<{
-    environmentId: zod33.ZodUUID;
-    keyName: zod33.ZodString;
-    keyValue: zod33.ZodString;
+  createGuardrailConfig: (params: zod37.infer<zod37.ZodObject<{
+    name: zod37.ZodString;
+    pluginId: zod37.ZodString;
+    functionId: zod37.ZodString;
+    hookType: zod37.ZodEnum<{
+      beforeRequestHook: "beforeRequestHook";
+      afterRequestHook: "afterRequestHook";
+    }>;
+    parameters: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodRecord<zod37.ZodString, zod37.ZodUnknown>>>;
+    enabled: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodBoolean>>;
+    priority: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodNumber>>;
+    onFail: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodEnum<{
+      block: "block";
+      log: "log";
+    }>>>;
   }, better_auth0.$strip>>) => Promise<{
-    environmentId: string;
-    keyName: string;
-    keyValue: string;
+    name: string;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    priority: number;
+    enabled: boolean;
+    pluginId: string;
+    functionId: string;
+    hookType: string;
+    parameters: Record<string, unknown>;
+    onFail: string;
   } | undefined>;
-  updateEnvironmentSecret: (params: zod33.infer<zod33.ZodObject<{
-    secretId: zod33.ZodUUID;
-    keyName: zod33.ZodOptional<zod33.ZodString>;
-    keyValue: zod33.ZodOptional<zod33.ZodString>;
+  updateGuardrailConfig: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
+    name: zod37.ZodOptional<zod37.ZodString>;
+    hookType: zod37.ZodOptional<zod37.ZodEnum<{
+      beforeRequestHook: "beforeRequestHook";
+      afterRequestHook: "afterRequestHook";
+    }>>;
+    parameters: zod37.ZodOptional<zod37.ZodRecord<zod37.ZodString, zod37.ZodUnknown>>;
+    enabled: zod37.ZodOptional<zod37.ZodBoolean>;
+    priority: zod37.ZodOptional<zod37.ZodNumber>;
+    onFail: zod37.ZodOptional<zod37.ZodEnum<{
+      block: "block";
+      log: "log";
+    }>>;
   }, better_auth0.$strip>>) => Promise<{
-    environmentId: string;
-    keyName: string;
-    keyValue: string;
+    name: string;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    priority: number;
+    enabled: boolean;
+    pluginId: string;
+    functionId: string;
+    hookType: string;
+    parameters: Record<string, unknown>;
+    onFail: string;
   } | undefined>;
-  getEnvironmentSecretById: (params: zod33.infer<zod33.ZodObject<{
-    secretId: zod33.ZodUUID;
+  getGuardrailConfigById: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
-    environmentId: string;
-    keyName: string;
-    keyValue: string;
+    name: string;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    priority: number;
+    enabled: boolean;
+    pluginId: string;
+    functionId: string;
+    hookType: string;
+    parameters: Record<string, unknown>;
+    onFail: string;
   } | undefined>;
-  getSecretsByEnvironmentId: (params: zod33.infer<zod33.ZodObject<{
-    environmentId: zod33.ZodUUID;
+  deleteGuardrailConfig: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
-    environmentId: string;
-    keyName: string;
-    keyValue: string;
+    name: string;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    priority: number;
+    enabled: boolean;
+    pluginId: string;
+    functionId: string;
+    hookType: string;
+    parameters: Record<string, unknown>;
+    onFail: string;
+  } | undefined>;
+  listGuardrailConfigs: (params?: zod37.infer<zod37.ZodObject<{
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
+    hookType: zod37.ZodOptional<zod37.ZodEnum<{
+      beforeRequestHook: "beforeRequestHook";
+      afterRequestHook: "afterRequestHook";
+    }>>;
+    enabled: zod37.ZodOptional<zod37.ZodBoolean>;
+  }, better_auth0.$strip>>) => Promise<{
+    name: string;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    priority: number;
+    enabled: boolean;
+    pluginId: string;
+    functionId: string;
+    hookType: string;
+    parameters: Record<string, unknown>;
+    onFail: string;
+  }[]>;
+  countGuardrailConfigs: () => Promise<number>;
+  getEnabledGuardrailsByHookType: (hookType: "beforeRequestHook" | "afterRequestHook") => Promise<{
+    name: string;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    priority: number;
+    enabled: boolean;
+    pluginId: string;
+    functionId: string;
+    hookType: string;
+    parameters: Record<string, unknown>;
+    onFail: string;
   }[]>;
-  deleteEnvironmentSecret: (params: zod33.infer<zod33.ZodObject<{
-    secretId: zod33.ZodUUID;
+  createEnvironmentSecret: (params: zod37.infer<zod37.ZodObject<{
+    environmentId: zod37.ZodUUID;
+    keyName: zod37.ZodString;
+    keyValue: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     environmentId: string;
     keyName: string;
     keyValue: string;
+  } | undefined>;
+  updateEnvironmentSecret: (params: zod37.infer<zod37.ZodObject<{
+    secretId: zod37.ZodUUID;
+    keyName: zod37.ZodOptional<zod37.ZodString>;
+    keyValue: zod37.ZodOptional<zod37.ZodString>;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    environmentId: string;
+    keyName: string;
+    keyValue: string;
   } | undefined>;
-  deleteSecretsByEnvironmentId: (params: zod33.infer<zod33.ZodObject<{
-    environmentId: zod33.ZodUUID;
+  getEnvironmentSecretById: (params: zod37.infer<zod37.ZodObject<{
+    secretId: zod37.ZodUUID;
   }, better_auth0.$strip>>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     environmentId: string;
     keyName: string;
     keyValue: string;
+  } | undefined>;
+  getSecretsByEnvironmentId: (params: zod37.infer<zod37.ZodObject<{
+    environmentId: zod37.ZodUUID;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    environmentId: string;
+    keyName: string;
+    keyValue: string;
   }[]>;
-  listEnvironmentSecrets: (params?: zod33.infer<zod33.ZodObject<{
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
+  deleteEnvironmentSecret: (params: zod37.infer<zod37.ZodObject<{
+    secretId: zod37.ZodUUID;
+  }, better_auth0.$strip>>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    environmentId: string;
+    keyName: string;
+    keyValue: string;
+  } | undefined>;
+  deleteSecretsByEnvironmentId: (params: zod37.infer<zod37.ZodObject<{
+    environmentId: zod37.ZodUUID;
   }, better_auth0.$strip>>) => Promise<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
     environmentId: string;
     keyName: string;
     keyValue: string;
+  }[]>;
+  listEnvironmentSecrets: (params?: zod37.infer<zod37.ZodObject<{
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    environmentId: string;
+    keyName: string;
+    keyValue: string;
   }[]>;
   countEnvironmentSecrets: () => Promise<number>;
-  createNewEnvironment: (params: zod33.infer<zod33.ZodObject<{
-    name: zod33.ZodString;
-    slug: zod33.ZodString;
-    isProd: zod33.ZodDefault<zod33.ZodOptional<zod33.ZodBoolean>>;
+  createNewEnvironment: (params: zod37.infer<zod37.ZodObject<{
+    name: zod37.ZodString;
+    slug: zod37.ZodString;
+    isProd: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodBoolean>>;
   }, better_auth0.$strip>>) => Promise<{
     slug: string;
     name: string;
-    isProd: boolean;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    isProd: boolean;
   } | undefined>;
-  updateEnvironment: (params: zod33.infer<zod33.ZodObject<{
-    environmentId: zod33.ZodUUID;
-    name: zod33.ZodOptional<zod33.ZodString>;
-    slug: zod33.ZodOptional<zod33.ZodString>;
+  updateEnvironment: (params: zod37.infer<zod37.ZodObject<{
+    environmentId: zod37.ZodUUID;
+    name: zod37.ZodOptional<zod37.ZodString>;
+    slug: zod37.ZodOptional<zod37.ZodString>;
   }, better_auth0.$strip>>) => Promise<{
     slug: string;
     name: string;
-    isProd: boolean;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    isProd: boolean;
   } | undefined>;
-  getEnvironmentById: (params: zod33.infer<zod33.ZodObject<{
-    environmentId: zod33.ZodUUID;
+  getEnvironmentById: (params: zod37.infer<zod37.ZodObject<{
+    environmentId: zod37.ZodUUID;
   }, better_auth0.$strip>>) => Promise<{
     slug: string;
     name: string;
-    isProd: boolean;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    isProd: boolean;
   } | undefined>;
-  getEnvironmentBySlug: (params: zod33.infer<zod33.ZodObject<{
-    slug: zod33.ZodString;
+  getEnvironmentBySlug: (params: zod37.infer<zod37.ZodObject<{
+    slug: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     slug: string;
     name: string;
-    isProd: boolean;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    isProd: boolean;
   } | undefined>;
-  deleteEnvironment: (params: zod33.infer<zod33.ZodObject<{
-    environmentId: zod33.ZodUUID;
+  deleteEnvironment: (params: zod37.infer<zod37.ZodObject<{
+    environmentId: zod37.ZodUUID;
   }, better_auth0.$strip>>) => Promise<{
     slug: string;
     name: string;
-    isProd: boolean;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    isProd: boolean;
   } | undefined>;
-  listEnvironments: (params?: zod33.infer<zod33.ZodObject<{
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
+  listEnvironments: (params?: zod37.infer<zod37.ZodObject<{
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
   }, better_auth0.$strip>>) => Promise<{
     slug: string;
     name: string;
-    isProd: boolean;
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    isProd: boolean;
   }[]>;
   countEnvironments: () => Promise<number>;
-  createConfigVariant: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodString;
-    variantId: zod33.ZodString;
+  createConfigVariant: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodString;
+    variantId: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
-    variantId: string;
-    configId: string;
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  } | undefined>;
-  getConfigVariantById: (params: zod33.infer<zod33.ZodObject<{
-    id: zod33.ZodString;
-  }, better_auth0.$strip>>) => Promise<{
     variantId: string;
     configId: string;
+  } | undefined>;
+  getConfigVariantById: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  } | undefined>;
-  getConfigVariantsByConfigId: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodString;
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
-  }, better_auth0.$strip>>) => Promise<{
     variantId: string;
     configId: string;
+  } | undefined>;
+  getConfigVariantsByConfigId: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodString;
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  }[]>;
-  getConfigVariantsByVariantId: (params: zod33.infer<zod33.ZodObject<{
-    variantId: zod33.ZodString;
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
-  }, better_auth0.$strip>>) => Promise<{
     variantId: string;
     configId: string;
+  }[]>;
+  getConfigVariantsByVariantId: (params: zod37.infer<zod37.ZodObject<{
+    variantId: zod37.ZodString;
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  }[]>;
-  deleteConfigVariant: (params: zod33.infer<zod33.ZodObject<{
-    id: zod33.ZodString;
-  }, better_auth0.$strip>>) => Promise<{
     variantId: string;
     configId: string;
+  }[]>;
+  deleteConfigVariant: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  } | undefined>;
-  deleteConfigVariantByIds: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodString;
-    variantId: zod33.ZodString;
-  }, better_auth0.$strip>>) => Promise<{
     variantId: string;
     configId: string;
+  } | undefined>;
+  deleteConfigVariantByIds: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodString;
+    variantId: zod37.ZodString;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
-  } | undefined>;
-  listConfigVariants: (params?: zod33.infer<zod33.ZodObject<{
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
-  }, better_auth0.$strip>>) => Promise<{
     variantId: string;
     configId: string;
+  } | undefined>;
+  listConfigVariants: (params?: zod37.infer<zod37.ZodObject<{
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
+  }, better_auth0.$strip>>) => Promise<{
     id: string;
     createdAt: Date;
     updatedAt: Date;
+    variantId: string;
+    configId: string;
   }[]>;
-  getConfigVariantWithDetails: (params: zod33.infer<zod33.ZodObject<{
-    id: zod33.ZodString;
+  getConfigVariantWithDetails: (params: zod37.infer<zod37.ZodObject<{
+    id: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     latestVersion: {
       version: number;
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
       variantId: string;
       provider: string;
       modelName: string;
       jsonData: Record<string, unknown>;
-      id: string;
-      createdAt: Date;
-      updatedAt: Date;
     } | null;
     variantName: string | null;
     id: string;
-    variantId: string;
-    configId: string;
     createdAt: Date;
     updatedAt: Date;
+    variantId: string;
+    configId: string;
     configName: string | null | undefined;
   } | undefined>;
-  getConfigVariantsWithDetailsByConfigId: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodString;
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
+  getConfigVariantsWithDetailsByConfigId: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodString;
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
   }, better_auth0.$strip>>) => Promise<{
     provider: string | null;
     modelName: string | null;
     jsonData: Record<string, unknown> | null;
     latestVersion: {
       version: number;
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
       variantId: string;
       provider: string;
       modelName: string;
       jsonData: Record<string, unknown>;
-      id: string;
-      createdAt: Date;
-      updatedAt: Date;
     } | null;
     name: string | null;
     id: string;
-    variantId: string;
-    configId: string;
     createdAt: Date;
     updatedAt: Date;
+    variantId: string;
+    configId: string;
   }[]>;
-  createVariantAndLinkToConfig: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodString;
-    name: zod33.ZodString;
-    provider: zod33.ZodString;
-    modelName: zod33.ZodString;
-    jsonData: zod33.ZodDefault<zod33.ZodOptional<zod33.ZodRecord<zod33.ZodString, zod33.ZodUnknown>>>;
+  createVariantAndLinkToConfig: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodString;
+    name: zod37.ZodString;
+    provider: zod37.ZodString;
+    modelName: zod37.ZodString;
+    jsonData: zod37.ZodDefault<zod37.ZodOptional<zod37.ZodRecord<zod37.ZodString, zod37.ZodUnknown>>>;
   }, better_auth0.$strip>>) => Promise<{
     variant: {
       name: string;
@@ -2538,25 +3069,25 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     };
     version: {
       version: number;
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
       variantId: string;
       provider: string;
       modelName: string;
       jsonData: Record<string, unknown>;
-      id: string;
-      createdAt: Date;
-      updatedAt: Date;
     };
     configVariant: {
-      variantId: string;
-      configId: string;
       id: string;
       createdAt: Date;
       updatedAt: Date;
+      variantId: string;
+      configId: string;
     };
   }>;
-  getVariantJsonDataForConfig: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodString;
-    envSecret: zod33.ZodOptional<zod33.ZodString>;
+  getVariantJsonDataForConfig: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodString;
+    envSecret: zod37.ZodOptional<zod37.ZodString>;
   }, better_auth0.$strip>>) => Promise<{
     provider: string;
     providerConfigId: string | null;
@@ -2567,8 +3098,8 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     modelName: string;
     jsonData: Record<string, unknown>;
   }>;
-  createNewConfig: (params: zod33.infer<zod33.ZodObject<{
-    name: zod33.ZodString;
+  createNewConfig: (params: zod37.infer<zod37.ZodObject<{
+    name: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     slug: string;
     name: string | undefined;
@@ -2576,9 +3107,9 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     createdAt: Date;
     updatedAt: Date;
   } | undefined>;
-  updateConfigName: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodUUID;
-    newName: zod33.ZodString;
+  updateConfigName: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodUUID;
+    newName: zod37.ZodString;
   }, better_auth0.$strip>>) => Promise<{
     slug: string;
     name: string | undefined;
@@ -2586,8 +3117,8 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     createdAt: Date;
     updatedAt: Date;
   } | undefined>;
-  getConfigById: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodUUID;
+  getConfigById: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodUUID;
   }, better_auth0.$strip>>) => Promise<{
     slug: string;
     name: string | undefined;
@@ -2595,8 +3126,8 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     createdAt: Date;
     updatedAt: Date;
   } | undefined>;
-  deleteConfig: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodUUID;
+  deleteConfig: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodUUID;
   }, better_auth0.$strip>>) => Promise<{
     slug: string;
     name: string | undefined;
@@ -2604,9 +3135,9 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     createdAt: Date;
     updatedAt: Date;
   } | undefined>;
-  listConfigs: (params?: zod33.infer<zod33.ZodObject<{
-    limit: zod33.ZodOptional<zod33.ZodNumber>;
-    offset: zod33.ZodOptional<zod33.ZodNumber>;
+  listConfigs: (params?: zod37.infer<zod37.ZodObject<{
+    limit: zod37.ZodOptional<zod37.ZodNumber>;
+    offset: zod37.ZodOptional<zod37.ZodNumber>;
   }, better_auth0.$strip>>) => Promise<{
     slug: string;
     name: string | undefined;
@@ -2614,8 +3145,8 @@ declare const createDataLayer: (db: Kysely<Database>) => Promise<{
     createdAt: Date;
     updatedAt: Date;
   }[]>;
-  getConfigWithVariants: (params: zod33.infer<zod33.ZodObject<{
-    configId: zod33.ZodUUID;
+  getConfigWithVariants: (params: zod37.infer<zod37.ZodObject<{
+    configId: zod37.ZodUUID;
   }, better_auth0.$strip>>) => Promise<{
     provider: string | null;
     modelName: string | null;
@@ -2895,6 +3426,30 @@ interface ManifestEnvironment {
   name: string;
   isProd: boolean;
 }
+/**
+ * Guardrail configuration in the manifest
+ * Pre-loaded for gateway use without additional DB queries
+ */
+interface ManifestGuardrail {
+  id: string;
+  name: string;
+  pluginId: string;
+  functionId: string;
+  hookType: 'beforeRequestHook' | 'afterRequestHook';
+  parameters: Record<string, unknown>;
+  priority: number;
+  onFail: 'block' | 'log';
+}
+/**
+ * Provider-specific guardrail override in the manifest
+ */
+interface ManifestProviderGuardrailOverride {
+  id: string;
+  providerConfigId: string;
+  guardrailConfigId: string;
+  enabled: boolean;
+  parameters: Record<string, unknown> | null;
+}
 /**
  * The complete routing manifest
  * Stored in cache under key: "gateway:manifest"
@@ -2908,6 +3463,11 @@ interface GatewayManifest {
   environmentsBySlug: Record<string, string>;
   routingTable: Record<string, Record<string, ManifestTargetingRule[]>>;
   secretToEnvironment: Record<string, string>;
+  guardrails: {
+    beforeRequestHook: ManifestGuardrail[];
+    afterRequestHook: ManifestGuardrail[];
+  };
+  providerGuardrailOverrides: Record<string, ManifestProviderGuardrailOverride[]>;
 }
 /**
  * Context passed to JSONLogic for condition evaluation
@@ -3018,4 +3578,4 @@ declare class ManifestRouter {
   routeWithWeights(configIdOrSlug: string, environmentId: string, context?: RoutingContext): RoutingResult | null;
 }
 //#endregion
-export { type AnthropicProviderConfig, type AnyProviderConfig, AuthClientDatabaseConfig, AuthClientOptions, type AzureAIProviderConfig, type AzureOpenAIProviderConfig, BaseCacheConfig, type BaseProviderConfig, type BedrockProviderConfig, CacheBackend, CacheBackendType, CacheConfig, CacheEntry, CacheOptions, CacheService, CacheStats, ChatCompletionCreateParamsBase, Config, ConfigVariant, type ConfigVariantsTable, type ConfigsTable, type CortexProviderConfig, CostResult, type Database, DatabaseConnection, DatabaseOptions, DatabaseType, Environment, EnvironmentSecret, type EnvironmentSecretsTable, type EnvironmentsTable, FileCacheBackend, FileCacheConfig, type FireworksAIProviderConfig, type GatewayManifest, type GoogleProviderConfig, type HuggingFaceProviderConfig, Insertable, LLMOpsClient, LLMOpsConfig, type LLMOpsConfigInput, LLMRequest, type LLMRequestInsert, LLMRequestsTable, MS, ManifestBuilder, type ManifestConfig, type ManifestEnvironment, ManifestRouter, ManifestService, type ManifestTargetingRule, type ManifestVariantVersion, MemoryCacheBackend, MemoryCacheConfig, MigrationOptions, MigrationResult, type MistralAIProviderConfig, ModelPricing, ModelsDevPricingProvider, type OpenAIProviderConfig, type OracleProviderConfig, Prettify, PricingProvider, ProviderConfig, type ProviderConfigMap, ProviderConfigsTable, type ProvidersConfig, type RoutingContext, type RoutingResult, SCHEMA_METADATA, type SagemakerProviderConfig, Selectable, type StabilityAIProviderConfig, SupportedProviders, type TableName, TargetingRule, type TargetingRulesTable, Updateable, UsageData, type ValidatedLLMOpsConfig, Variant, VariantJsonData, VariantVersion, VariantVersionsTable, type VariantsTable, type VertexAIProviderConfig, type WorkersAIProviderConfig, WorkspaceSettings, WorkspaceSettingsTable, calculateCost, chatCompletionCreateParamsBaseSchema, configVariantsSchema, configsSchema, createDataLayer, createDatabase, createDatabaseFromConnection, createLLMRequestsDataLayer, createNeonDialect, createProviderConfigsDataLayer, createWorkspaceSettingsDataLayer, detectDatabaseType, dollarsToMicroDollars, environmentSecretsSchema, environmentsSchema, executeWithSchema, formatCost, gateway, generateId, getAuthClientOptions, getDefaultPricingProvider, getMigrations, llmRequestsSchema, llmopsConfigSchema, logger, matchType, microDollarsToDollars, parsePartialTableData, parseTableData, providerConfigsSchema, runAutoMigrations, schemas, targetingRulesSchema, validateLLMOpsConfig, validatePartialTableData, validateTableData, variantJsonDataSchema, variantVersionsSchema, variantsSchema, workspaceSettingsSchema };
+export { type AnthropicProviderConfig, type AnyProviderConfig, AuthClientDatabaseConfig, AuthClientOptions, type AzureAIProviderConfig, type AzureOpenAIProviderConfig, BaseCacheConfig, type BaseProviderConfig, type BedrockProviderConfig, CacheBackend, CacheBackendType, CacheConfig, CacheEntry, CacheOptions, CacheService, CacheStats, ChatCompletionCreateParamsBase, Config, ConfigVariant, type ConfigVariantsTable, type ConfigsTable, type CortexProviderConfig, CostResult, type Database, DatabaseConnection, DatabaseOptions, DatabaseType, Environment, EnvironmentSecret, type EnvironmentSecretsTable, type EnvironmentsTable, FileCacheBackend, FileCacheConfig, type FireworksAIProviderConfig, type GatewayManifest, type GoogleProviderConfig, GuardrailConfig, GuardrailConfigsTable, GuardrailResult, GuardrailResults, type HuggingFaceProviderConfig, Insertable, LLMOpsClient, LLMOpsConfig, type LLMOpsConfigInput, LLMRequest, type LLMRequestInsert, LLMRequestsTable, MS, ManifestBuilder, type ManifestConfig, type ManifestEnvironment, type ManifestGuardrail, type ManifestProviderGuardrailOverride, ManifestRouter, ManifestService, type ManifestTargetingRule, type ManifestVariantVersion, MemoryCacheBackend, MemoryCacheConfig, MigrationOptions, MigrationResult, type MistralAIProviderConfig, ModelPricing, ModelsDevPricingProvider, type OpenAIProviderConfig, type OracleProviderConfig, Prettify, PricingProvider, ProviderConfig, type ProviderConfigMap, ProviderConfigsTable, ProviderGuardrailOverride, ProviderGuardrailOverridesTable, type ProvidersConfig, type RoutingContext, type RoutingResult, SCHEMA_METADATA, type SagemakerProviderConfig, Selectable, type StabilityAIProviderConfig, SupportedProviders, type TableName, TargetingRule, type TargetingRulesTable, Updateable, UsageData, type ValidatedLLMOpsConfig, Variant, VariantJsonData, VariantVersion, VariantVersionsTable, type VariantsTable, type VertexAIProviderConfig, type WorkersAIProviderConfig, WorkspaceSettings, WorkspaceSettingsTable, calculateCost, chatCompletionCreateParamsBaseSchema, configVariantsSchema, configsSchema, createDataLayer, createDatabase, createDatabaseFromConnection, createGuardrailConfigsDataLayer, createLLMRequestsDataLayer, createNeonDialect, createProviderConfigsDataLayer, createProviderGuardrailOverridesDataLayer, createWorkspaceSettingsDataLayer, detectDatabaseType, dollarsToMicroDollars, environmentSecretsSchema, environmentsSchema, executeWithSchema, formatCost, gateway, generateId, getAuthClientOptions, getDefaultPricingProvider, getMigrations, guardrailConfigsSchema, llmRequestsSchema, llmopsConfigSchema, logger, matchType, microDollarsToDollars, parsePartialTableData, parseTableData, providerConfigsSchema, providerGuardrailOverridesSchema, runAutoMigrations, schemas, targetingRulesSchema, validateLLMOpsConfig, validatePartialTableData, validateTableData, variantJsonDataSchema, variantVersionsSchema, variantsSchema, workspaceSettingsSchema };