How it compares
Different layer. Different problem.
Edictum isn't a replacement for text guardrails. It enforces contracts on what guardrails can't see: tool-call execution.
WAF for text vs OPA for tool calls
Guardrails AI, NeMo Guardrails
Content safety layer. Filter what the model says.
Edictum
Action enforcement layer. Control what the model does.
Feature comparison
Side by side
| Capability | Edictum | Guardrails AI | NeMo Guardrails | DIY Middleware |
|---|---|---|---|---|
| Layer | Tool-call | Text I/O | Text I/O | Tool-call |
| Deterministic | Yes | No (LLM) | No (LLM) | Depends |
| Fail-closed | Yes | No | No | No |
| YAML contracts | Yes | Python code | Colang | Custom |
| Observe mode | Yes | No | No | No |
| Session limits | Yes | No | No | Manual |
| Sandbox enforcement | Yes | No | No | Manual |
| Human-in-the-loop | Timeout to deny | No | No | Manual |
| Principal identity | Yes | No | No | No |
| Audit trail | 27-field structured | Logs | Logs | Custom |
| Framework adapters | 8 native | Python SDK | Python SDK | Per-framework |
| Runtime deps | Zero | Multiple | Multiple | Varies |
| Overhead | 55us | 100-500ms | 100-500ms | Varies |
| Open source | MIT + FSL | Apache 2.0 | Apache 2.0 | N/A |
| CLI tooling | 12 commands | No | No | Custom |
| Notification channels | Slack, Telegram, Discord, Email, Webhook + Teams soon | No | No | Manual |
Layer
Edictum
Tool-callGuardrails AI
Text I/ONeMo
Text I/ODIY
Tool-callDeterministic
Edictum
YesGuardrails AI
No (LLM)NeMo
No (LLM)DIY
DependsFail-closed
Edictum
YesGuardrails AI
NoNeMo
NoDIY
NoYAML contracts
Edictum
YesGuardrails AI
Python codeNeMo
ColangDIY
CustomObserve mode
Edictum
YesGuardrails AI
NoNeMo
NoDIY
NoSession limits
Edictum
YesGuardrails AI
NoNeMo
NoDIY
ManualSandbox enforcement
Edictum
YesGuardrails AI
NoNeMo
NoDIY
ManualHuman-in-the-loop
Edictum
Timeout to denyGuardrails AI
NoNeMo
NoDIY
ManualPrincipal identity
Edictum
YesGuardrails AI
NoNeMo
NoDIY
NoAudit trail
Edictum
27-field structuredGuardrails AI
LogsNeMo
LogsDIY
CustomFramework adapters
Edictum
8 nativeGuardrails AI
Python SDKNeMo
Python SDKDIY
Per-frameworkRuntime deps
Edictum
ZeroGuardrails AI
MultipleNeMo
MultipleDIY
VariesOverhead
Edictum
55usGuardrails AI
100-500msNeMo
100-500msDIY
VariesOpen source
Edictum
MIT + FSLGuardrails AI
Apache 2.0NeMo
Apache 2.0DIY
N/ACLI tooling
Edictum
12 commandsGuardrails AI
NoNeMo
NoDIY
CustomNotification channels
Edictum
Slack, Telegram, Discord, Email, Webhook + Teams soonGuardrails AI
NoNeMo
NoDIY
ManualThe research
Why tool-call enforcement matters
Every major AI model refuses harmful requests in text while simultaneously executing them through tool calls.
6
Frontier LLMs tested
17,420
Datapoints analyzed
21.3%
GPT-5.2 GAP rate
arXiv:2602.16943 — "Mind the GAP"
Text guardrails catch the text. Nobody was catching the tool calls. That's what Edictum does.
Architecture
Two layers, one pipeline
Stack them. They address different threat surfaces.
Text Guardrails
Filter harmful / toxic input text
Edictum
Enforce contracts on tool execution
vs DIY middleware
Why not just write middleware?
Every team starts with if-statements. Here's where it breaks down.
No observe mode
Can't deploy enforcement in observe mode without blocking. You either enforce or you don't.
No audit trail
Who changed what rule? When did it fire? There's no record.
No human-in-the-loop
High-risk calls need human review. DIY means building a queue, a UI, and a timeout system.
No hot-reload
Change a rule? Restart every agent. No way to update contracts at runtime.
No fleet visibility
50 agents, each with different rules. No dashboard. No coverage analysis.
Contract debt
Starts as 5 if-statements. Becomes 500. No one can audit it.
No contract versioning
Anyone can change the rules. No version history. No audit trail of changes.
No session limits
Rate limiting across tool calls requires shared state. DIY means building it from scratch.
No notification routing
Slack, Teams, Discord, email — DIY means building each integration from scratch. Plus routing rules, filters, and fallbacks.
Ready to enforce contracts on tool calls?
Add Edictum in 3 lines of code. Start in observe mode, enforce when ready.
pip install edictum