Skip to main content
Evaluation catches vulnerabilities you know to test for. But attackers will try things you didn’t anticipate like new prompt injection techniques, novel encoding tricks, social engineering patterns that emerge after your last evaluation. Dome is Vijil’s runtime protection system. It intercepts every input and output, applies configurable guardrails, and blocks attacks before they reach your agent or your users. When Diamond identifies vulnerabilities you can’t immediately fix, Dome provides defense-in-depth while you remediate.

How Dome Works

Dome wraps your agent with configurable guardrails: Dome defense flow showing input guardrail, agent, and output guardrail
ComponentPurpose
GuardrailPipeline of guards (input or output)
GuardGroup of detectors of one type
DetectorIndividual detection method

Protection Types

Security Guards

Detect and block adversarial attacks:
DetectorWhat It Catches
prompt-injection-mbertInjected instructions in user input
prompt-injection-deberta-v3-baseAdvanced injection attempts
encoding-heuristicsBase64, Unicode, and encoding attacks
security-embeddingsSemantic similarity to known attacks

Moderation Guards

Filter harmful and inappropriate content:
DetectorWhat It Catches
moderation-flashtextFast keyword-based toxicity
moderation-debertaNeural toxicity classification
moderations-oai-apiOpenAI Moderation API
moderation-llamaguardLlama Guard safety model

Privacy Guards

Prevent exposure of sensitive data:
DetectorWhat It Catches
privacy-presidioPII (names, emails, SSN, etc.)
detect-secretsAPI keys, passwords, credentials

Quick Start

You can protect your agents with default guards. The default configuration includes:
  • Input: Prompt injection detection, encoding heuristics, moderation
  • Output: Moderation, PII detection

Configuration Sources

You can pull configurations securely from your registered Vijil agent. Alternatively, you can define configurations using dictionaries or TOML files.

Scan Results

Every scan process returns a comprehensive result object describing whether the content is safe, the safe fallback message if flagged, and the execution trace. When content is flagged:
  • A signal specifies the content was rejected (is_safe becomes false)
  • It provides a safe fallback message
  • The trace shows which detector flagged it and why

Framework Integrations

Dome is designed to be integrable with popular frameworks and runtimes. You can see the specific framework developer guides for integration patterns during the developer access phase.

Performance Options

You can configure protection controls to stop processing when the first guard flags content, or run guards concurrently for maximum efficiency and parallel execution.

Work in Progress

The programmatic protection capabilities are currently in private preview and subject to change.

Next Steps

Configuring Guardrails

Detailed guard configuration options

Using Guardrails

Runtime patterns and best practices

Custom Detectors

Build your own detection methods

Observability

Monitoring and tracing setup
Last modified on April 14, 2026