Skip to main content

Palisade: A Composable Edge Guardrails Platform for ADC AI Solutions

Local mirror of Confluence page [Design Doc] Palisade: Composable Edge Guardrails Platform for ADC AI Solutions.

Confluence page ID: 6018957455 Parent folder ID: 6018662571 Remote version: 3 Last remote update: 2026-06-16T13:37:43.937Z

Status

Draft for review.

Context

Every AI application ADC ships needs two guardrail layers:

  • A standard layer for safety categories such as violence, sexual content, self-harm, and PII leakage.
  • A bespoke layer specific to the use case, such as Libre Assist checks for food scope, drug references, medical advice, brand mentions, hallucination markers, and tone violations.

Today, this logic lives inside individual applications. That works for one app, but it does not scale to a portfolio because each new AI app reimplements similar checks, validation evidence remains app-specific, checks may add cross-region latency, and guardrail activity is not visible in one shared operational view.

Palisade proposes a shared guardrails platform built on the Cloudflare developer platform, running policy enforcement at the edge, close to users.

Goals

  • Provide one reusable guardrails platform for many ADC AI applications.
  • Compose a validated base policy with bounded app-specific extensions.
  • Support remediation, not only rejection.
  • Run enforcement close to users using Cloudflare Workers, Workers AI, AI Gateway, and related platform services.
  • Support streaming output enforcement.
  • Reuse validation evidence across apps and module versions.
  • Design for PHI-capable operation from day one.
  • Provide a locked-down developer and DevOps dashboard.
  • Use OpenTelemetry for metrics, traces, and logs.

Non-Goals

  • Palisade is not a model-quality or offline evaluation platform.
  • Palisade is not an LLM orchestration framework.
  • Palisade is not a replacement for clinical or regulatory review.
  • Palisade is not multi-cloud active-active at launch.
  • Palisade is not an end-user-facing product.

System Overview

Palisade is an edge enforcement plane with two integration surfaces:

  • Proxy surface: an OpenAI-compatible endpoint that apps can call instead of calling model providers directly.
  • Check API surface: explicit /v1/check and /v1/remediate calls for custom app flows.

Both surfaces resolve to the same policy engine and per-app policy profile.

Requirements

RequirementPriority
Standard safety categories on input and outputP0
Per-app custom deterministic and AI-based rulesP0
Tiered remediation with bounded retryP0
Composable, versioned, auditable policy profilesP0
Streaming output enforcementP0
PHI-capable handling, redaction, telemetry hygiene, and regional controlsP0
OpenTelemetry metrics, traces, and logsP0
Dashboard behind SSO/Zero Trust with RBAC and audit trailP0
Shadow mode for safe rolloutP0
Module reuse with inherited validation evidenceP1
Portability escape hatch for a container runtimeP1
Multi-turn/session-aware checksP2
Cost per request visible per appP1

Design Principles

  • Deterministic checks run before AI checks.
  • The validated base policy is mandatory.
  • Modules, prompts, model IDs, and profiles are immutable once published.
  • Validation evidence travels with module versions.
  • Prompt and response content is treated as sensitive and excluded from general telemetry.
  • Portability comes from a pure core policy engine and thin platform adapters.

Rollout Phases

  1. Foundation: core engine, Cloudflare adapter, base catalog, profile compiler, Check API, OpenTelemetry export, and a read-only dashboard.
  2. Libre Assist parity: port Libre Assist rules, add proxy support, add remediation, and run shadow-mode comparisons.
  3. Enforcement: canary and full enforcement for Libre Assist, dashboard write paths, RBAC, and approvals.
  4. Platformization: onboard a second app, expand streaming support, add session checks, and keep the container adapter validated.

Risks

  • Workers AI latency or availability regressions.
  • Judge false positives that degrade user experience.
  • Profile drift across teams.
  • Residual streaming risk when content is streamed before final checks complete.
  • BAA coverage gaps for specific Cloudflare products.
  • Observability gaps while Cloudflare OTLP support matures.
  • Platform team bottlenecks if profile and module workflows are too manual.

Open Questions

  • Which Cloudflare products are covered services under the enterprise BAA?
  • Which OTLP backend should ADC standardize on for this platform?
  • Should the judge model pool stay with Mistral for continuity or be re-baselined?
  • What audit retention period is required?
  • When should ownership transfer from innovation to a production platform team?
  • How deep should image guardrails go for the first pilot?
  • Which app needs multi-turn/session-aware checks first?

References

  • Cloudflare AI Gateway guardrails
  • Cloudflare AI Gateway dynamic routing and BYOK
  • Cloudflare Workers OpenTelemetry export
  • Cloudflare Data Localization Suite
  • Cloudflare HIPAA/BAA material
  • Libre Assist internal demos and current guardrail architecture