Agentic Data Plane

Review Blocked Requests

When a guardrail acts on a request, the caller sees a blocked message and ADP records the action on the request’s trace. This release does not include a dedicated violations dashboard, so you review blocked requests through transcripts.

After reading this page, you will be able to:

Review what a caller sees when a guardrail blocks a request
Find guardrail activity in a request’s transcript
Diagnose a guardrail that blocks too much or doesn’t fire

What the caller sees

Blocked input: ADP stops the request before it reaches the model and returns your configured blocked input message.
Blocked output: ADP returns your configured blocked output message instead of the model’s response.
Anonymized PII: When the sensitive-information policy anonymizes a match on output, ADP delivers the response with each match replaced in place by its entity type, such as {EMAIL}. On input, this release does not forward the redacted prompt to the model: ADP short-circuits the request like a block and returns your configured blocked input message, not the redacted prompt.

Automated reasoning never blocks. It records findings on the trace for your application to act on.

Where guardrail activity is recorded

ADP records guardrail activity as attributes on the request’s OpenTelemetry trace, which you read in the request’s transcript alongside the LLM call, tool calls, and cost data. See See what your agent did.

For streaming responses, ADP skips output evaluation and marks the skip on the trace. Input evaluation still applies to streaming requests.

Troubleshoot guardrail behavior

When a guardrail blocks legitimate traffic or fails to act when you expect it to, work through the checks in this section to find the cause.

A guardrail blocks too much

If a guardrail blocks legitimate traffic:

Content filters: Lower the strength for the affected category, or set its action to detect while you tune.
Sensitive information: Narrow the entity types or regex patterns to the data you actually care about. Structured payloads such as code or JSON can contain strings that resemble PII.
Denied topics: Tighten each topic’s definition and examples so the semantic match is more specific.
Contextual grounding: Lower the threshold so only clearly ungrounded or irrelevant responses are caught.

To stage a change without enforcing it, turn off a policy’s Evaluate this policy toggle, or set the policy’s action to detect, and review the results on the trace before you block.

A guardrail doesn’t fire

If you expect a guardrail to act and it doesn’t:

Confirm the guardrail is enabled. A disabled guardrail keeps its configuration but skips evaluation.
Confirm the specific policy’s Evaluate this policy toggle is on. A saved-but-not-evaluated policy takes no action.
Confirm the Bedrock provider the request used references this guardrail. A guardrail acts only on providers that reference it.
Confirm the direction. An output-only policy such as contextual grounding never acts on input, and output policies are skipped for streaming responses.
Confirm the request actually went through the Bedrock provider. Direct-to-provider requests that bypass ADP are not evaluated.

Next steps

Was this helpful?

group Ask in the community

mail Share your feedback

group_add Make a contribution

What do you think of this page?

Let us know more:

Let us contact you about your feedback: