SOPs are Code, Not Suggestions
Rails is a runtime firewall that enforces compliance rules deterministically. No LLMs. No probability. Just code that guarantees your agent follows the rules - every single time.
Book a DemoThe Enforcement Gap
Traditional compliance is documentation-first, enforcement-last. Rails flips that paradigm - your SOP becomes the firewall.
Traditional Approach
You write SOPs. You train teams. You hope they follow them. When they don't, you find out later - usually from an audit or incident report.
- ×Manual review required
- ×Retrospective enforcement
- ×Human error possible
- ×Training drift over time
With Rails
Your SOP is compiled into executable logic that sits between your agent and the outside world. Violations are blocked before they happen - not documented after.
- ✓Enforced at runtime
- ✓Proactive blocking
- ✓Zero human error
- ✓Deterministic compliance
Runtime Firewall Architecture
Rails operates as a deterministic middleware layer between your agent and the real world. Every action is validated before execution—no exceptions, no probabilistic checks.
Agent Intent
Agent generates an action request (e.g., send message, update record, call API)
Rails intercept
Request hits Rails before execution. Context extracted: patient data, timestamps, user role, etc.
Rule Evaluation
Compiled SOP logic runs deterministically. Boolean checks: Is consent present? Is data de-identified? Is user authorized?
Enforce or Block
PASS → Action proceeds. FAIL → Action blocked, logged, escalated.
Audit Trail
Every decision logged with full context for compliance reporting.
Deterministic • Zero Latency • Fully Auditable
Grounded in Ground Truth
Rails doesn't rely on LLMs to interpret rules. Your SOP is compiled into deterministic code - no hallucinations, no drift, no probabilistic enforcement.
Your SOP (Human-Readable)
Before sending any patient communication: 1. Verify active consent on file 2. Check for opt-out flags 3. Ensure data is de-identified if required 4. Log all access attempts
Compiled into Rails (Machine-Executable)
function checkConsent(patientId, action) {
const consent = db.getConsent(patientId);
if (!consent.isActive) {
return block("No active consent");
}
if (consent.optOut.includes(action.type)) {
return block("Patient opted out");
}
if (action.containsPHI && !consent.allowsPHI) {
return block("PHI requires explicit consent");
}
auditLog.record({
patientId,
action,
decision: "ALLOW",
timestamp: now()
});
return allow();
}"The SOP is the code. The code is the enforcement. There is no interpretation layer where errors can creep in."
Enforcement You Can Audit
Every decision Rails makes is logged with full context. No black boxes. Deterministic proof that your agent followed the rules.
{
"event_id": "rail_2024_11_28_001234",
"timestamp": "2024-11-28T14:32:11.234Z",
"agent_id": "care_coordinator_v2",
"action_requested": {
"type": "send_message",
"patient_id": "PT_4892",
"content": "Your test results are ready...",
"channel": "sms"
},
"rails_evaluation": {
"rule_triggered": "patient_consent_check",
"checks_performed": [
{
"rule": "consent.isActive",
"result": true
},
{
"rule": "consent.optOut.includes('sms')",
"result": false
},
{
"rule": "containsPHI(content)",
"result": true
},
{
"rule": "consent.allowsPHI",
"result": false
}
],
"decision": "BLOCK",
"reason": "PHI transmission requires explicit consent"
},
"context": {
"patient_consent_timestamp": "2024-01-15T09:23:00Z",
"consent_scope": ["appointment_reminders"],
"phi_detected": true
},
"outcome": {
"action_allowed": false,
"agent_notified": true,
"escalation_triggered": false
}
}Immutable Audit Trail
Every action logged with cryptographic integrity
Full Context Capture
ALL relevant data points recorded for compliance review
Real-Time Monitoring
Live dashboard of all Rails Decisions and Blocks
Export-Ready Formats
One-click exports for auditors and compliance teams
"Show me the logs" shouldn't be a luxury—it should be the default.
Every Rails deployment includes full audit infrastructure
Deterministic vs. Probabilistic
Not all enforcement is created equal. Here's how Rails compares to LLM-based guardrails in production
LLMs are incredible for reasoning. Rails is purpose-built for enforcement.
Use the right tool for the job
Where Rails Fits in Your Stack
Rails is not a replacement for your agent - it's the enforcement layer that sits between your agent and the outside world.
Your Agent
Decision-making, reasoning, task execution
Rails (Enforcement Layer)← Rails
Validates every action against SOPs before execution
External Systems
EHRs, APIs, Databases, messaging platforms
"Rails doesn't replace your agent's intelligence. It ensures that intelligence operates within your rules."
Drop-in integration • No agent retraining required
Your System Prompt Is Not a Firewall.
"You wrote 'Do not give medical advice' in the prompt. The model sees that as a suggestion, not a law."
When the context window fills up, suggestions are ignored. True safety requires an external, deterministic circuit breaker that intervenes before the response leaves the server.
Rails doesn't ask the LLM to follow rules. It enforces them mathematically, every single time.
Don't prompt for safety. Enforce it.