How it compares
Different layer. Different problem.
Edictum is not a replacement for LangGraph, CrewAI, Bedrock, MCP, or eval tools. It composes with them as the runtime governance layer that checks actions before tools execute.
Text safety vs runtime governance
Guardrails AI, NeMo Guardrails
Content safety layer. Filter what the model says.
Edictum
Runtime governance layer. Control what the agent does.
Feature comparison
Side by side
| Capability | Edictum | Guardrails AI | NeMo Guardrails | DIY Middleware |
|---|---|---|---|---|
| Layer | Runtime governance | Text I/O | Text I/O | Tool-call |
| Deterministic | Yes | No (LLM) | No (LLM) | Depends |
| Policy/load failures fail closed | Yes | No | No | No |
| YAML rulesets | Yes | Python code | Colang | Custom |
| Observe mode | Yes | No | No | No |
| Session limits | Yes | No | No | Manual |
| Sandbox enforcement | Yes | No | No | Manual |
| Human-in-the-loop | Timeout to block | No | No | Manual |
| Workflow Gates | Evidence-gated stages | No | No | Manual |
| Profile conformance | Runtime-measured | No | No | Custom |
| Output-quality evals | Composes | Different scope | Different scope | Separate |
| Principal identity | Yes | No | No | No |
| Audit trail | 27-field structured | Logs | Logs | Custom |
| Framework adapters | 8 native | Python SDK | Python SDK | Per-framework |
| Runtime deps | Zero | Multiple | Multiple | Varies |
| Overhead | In-process | Model/service dependent | Model/service dependent | Varies |
| Open source | MIT + FSL | Apache 2.0 | Apache 2.0 | N/A |
| CLI tooling | 12 commands | No | No | Custom |
| Notification channels | Telegram, Slack, Discord, Webhook | No | No | Manual |
Layer
Edictum
Runtime governanceGuardrails AI
Text I/ONeMo
Text I/ODIY
Tool-callDeterministic
Edictum
YesGuardrails AI
No (LLM)NeMo
No (LLM)DIY
DependsPolicy/load failures fail closed
Edictum
YesGuardrails AI
NoNeMo
NoDIY
NoYAML rulesets
Edictum
YesGuardrails AI
Python codeNeMo
ColangDIY
CustomObserve mode
Edictum
YesGuardrails AI
NoNeMo
NoDIY
NoSession limits
Edictum
YesGuardrails AI
NoNeMo
NoDIY
ManualSandbox enforcement
Edictum
YesGuardrails AI
NoNeMo
NoDIY
ManualHuman-in-the-loop
Edictum
Timeout to blockGuardrails AI
NoNeMo
NoDIY
ManualWorkflow Gates
Edictum
Evidence-gated stagesGuardrails AI
NoNeMo
NoDIY
ManualProfile conformance
Edictum
Runtime-measuredGuardrails AI
NoNeMo
NoDIY
CustomOutput-quality evals
Edictum
ComposesGuardrails AI
Different scopeNeMo
Different scopeDIY
SeparatePrincipal identity
Edictum
YesGuardrails AI
NoNeMo
NoDIY
NoAudit trail
Edictum
27-field structuredGuardrails AI
LogsNeMo
LogsDIY
CustomFramework adapters
Edictum
8 nativeGuardrails AI
Python SDKNeMo
Python SDKDIY
Per-frameworkRuntime deps
Edictum
ZeroGuardrails AI
MultipleNeMo
MultipleDIY
VariesOverhead
Edictum
In-processGuardrails AI
Model/service dependentNeMo
Model/service dependentDIY
VariesOpen source
Edictum
MIT + FSLGuardrails AI
Apache 2.0NeMo
Apache 2.0DIY
N/ACLI tooling
Edictum
12 commandsGuardrails AI
NoNeMo
NoDIY
CustomNotification channels
Edictum
Telegram, Slack, Discord, WebhookGuardrails AI
NoNeMo
NoDIY
ManualThe research
Why tool-call enforcement matters
The GAP research shows that text refusal does not reliably transfer to tool-call safety.
6
Frontier LLMs tested
17,420
Datapoints analyzed
GAP
Text refusal did not reliably carry over to tool calls
arXiv:2602.16943 — "Mind the GAP"
Text safety layers catch the text. Edictum catches the tool calls and workflow-stage violations. That is runtime governance.
Architecture
Two layers, one pipeline
Stack them. They address different threat surfaces.
Text Safety Layer
Filter harmful / toxic input text
Edictum
Enforce rules on tool execution
vs DIY middleware
Why not just write middleware?
Every team starts with if-statements. Here's where it breaks down.
No observe mode
Can't deploy enforcement in observe mode without blocking. You either enforce or you don't.
No audit trail
Who changed what rule? When did it fire? There's no record.
No human-in-the-loop
High-risk calls need human review. DIY means building a queue, a UI, and a timeout system.
No hot-reload
Change a rule? Restart every agent. No way to update rulesets at runtime.
No fleet visibility
50 agents, each with different rules. No reference stack. No coverage analysis.
Rule debt
Starts as 5 if-statements. Becomes 500. No one can audit it.
No ruleset versioning
Anyone can change the rules. No version history. No audit trail of changes.
No session limits
Rate limiting across tool calls requires shared state. DIY means building it from scratch.
No notification routing
Telegram, Slack, Discord, webhook — DIY means building each integration from scratch. Plus routing rules, filters, and fallbacks.
Ready to enforce rules on tool calls?
Add Edictum in 3 lines of code. Start in observe mode, enforce when ready.
pip install edictum[yaml]