NeuroLink AI

Posted on Feb 18 • Originally published at blog.neurolink.ink

Enterprise AI Governance: Human-in-the-Loop and Guardrails with TypeScript

#ai #typescript #enterprise #security

The Missing Layer in Enterprise AI

Deploying AI in production without guardrails is like driving without brakes. A data leak, an inappropriate response to a customer, or an unreviewed financial recommendation can result in regulatory fines, reputational damage, and lost customer trust.

Traditional AI frameworks leave you to build safety layers from scratch. NeuroLink takes a different approach: enterprise governance built directly into the SDK. With configuration-based guardrails, AI-powered pre-call evaluation, configurable content filtering, human-in-the-loop workflows, and HITL audit logging, you get production-ready AI governance in minutes rather than months.

Note: NeuroLink extends the Vercel AI SDK (ai v4.3.19), adding enterprise features on top of its core.

Why Enterprise AI Needs Guardrails

Modern enterprises face a complex regulatory landscape that demands comprehensive AI governance.

Designed for Regulated Environments

NeuroLink provides building blocks for compliance-ready deployments, not certifications. Your organization is responsible for achieving and maintaining compliance.

Regulation	Common Requirements	NeuroLink Building Blocks
SOC 2	Access controls, audit trails	HITL audit logging, OpenTelemetry integration
GDPR	Data protection by design	Content guardrails, input sanitization
PCI-DSS	Cardholder data protection	Regex-based input sanitization, content filtering

Disclaimer: NeuroLink provides building blocks for compliance, not certifications. Consult your compliance team for specific regulatory requirements.

Risk Mitigation

Without guardrails, enterprises face:

Data Leakage: Sensitive data exposed in AI responses
Regulatory Fines: Non-compliance penalties reaching millions
Reputation Damage: Loss of customer trust from inappropriate responses
Legal Liability: Unreviewed advice in regulated domains (financial, medical, legal)

Quick Start: Your First Guardrails Config

Getting started takes minutes:

import { NeuroLink } from "@juspay/neurolink";

const ai = new NeuroLink({
  middleware: {
    guardrails: {
      // AI-powered pre-call evaluation
      precallEvaluation: {
        enabled: true,
        provider: "google-ai",
        evaluationModel: "gemini-2.5-flash",
        thresholds: {
          safetyScore: 8,
          appropriatenessScore: 7,
        },
        actions: {
          onUnsafe: "block",
          onInappropriate: "sanitize",
          onSuspicious: "warn",
        },
      },

      // Sensitive content filtering
      badWords: {
        enabled: true,
        regexPatterns: [
          "\\b\\d{3}-\\d{2}-\\d{4}\\b", // SSN pattern
          "\\b\\d{16}\\b",               // Credit card
          "\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Z|a-z]{2,}\\b", // Email
        ],
        action: "redact",
      },
    },
  },
});

Setting	Value	Description
Pre-call AI evaluation	Enabled	Uses Gemini 2.5 Flash for content analysis
Safety threshold	8/10	Blocks content scoring below 8
Content filtering	SSN, CC, Email patterns	Redacts matching content via configured regex
Unsafe content	Blocked	Returns error, logs incident

Configurable Content Filtering Patterns

NeuroLink's guardrails middleware supports user-configured regex patterns for detecting and redacting sensitive content. No patterns are included by default -- you define what to filter for your use case.

Example Content Filtering Patterns

const PII_PATTERNS = {
  us: {
    ssn: "\\b\\d{3}-\\d{2}-\\d{4}\\b",
    ein: "\\b\\d{2}-\\d{7}\\b",
    passport: "\\b[A-Z]{1,2}\\d{6,9}\\b",
  },
  financial: {
    creditCard: "\\b\\d{16}\\b",
    creditCardFormatted: "\\b\\d{4}[\\s-]\\d{4}[\\s-]\\d{4}[\\s-]\\d{4}\\b",
    bankAccount: "\\b\\d{8,17}\\b",
  },
  contact: {
    email: "\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Z|a-z]{2,}\\b",
    phone: "\\b\\d{3}[-.]?\\d{3}[-.]?\\d{4}\\b",
  },
  healthcare: {
    mrn: "\\b[A-Z]{2,3}\\d{6,10}\\b",
    npi: "\\b\\d{10}\\b",
    dea: "\\b[A-Z]{2}\\d{7}\\b",
  },
};

Healthcare-Oriented Configuration Example

Note: This example shows how to configure content filtering for regulated environments. NeuroLink provides the filtering tools; achieving compliance requires additional organizational measures.

const ai = new NeuroLink({
  middleware: {
    guardrails: {
      precallEvaluation: { enabled: true },
      badWords: {
        enabled: true,
        regexPatterns: [
          PII_PATTERNS.healthcare.mrn,
          PII_PATTERNS.healthcare.npi,
          PII_PATTERNS.us.ssn,
          PII_PATTERNS.contact.email,
          PII_PATTERNS.contact.phone,
          "\\bpatient\\s+id\\s*[:=]?\\s*\\S+",
          "\\bdiagnosis\\s*[:=]?\\s*[A-Z]\\d{2}(\\.\\d{1,2})?",
        ],
        action: "redact",
      },
    },
  },
  hitl: {
    enabled: true,
    dangerousActions: ["medical", "patient"],
    auditLogging: true,
  },
});

Human-in-the-Loop Workflows

For high-stakes decisions, AI responses should be reviewed by humans before reaching customers. NeuroLink provides configurable review queues with domain routing, SLA enforcement, and escalation policies.

import { NeuroLink } from "@juspay/neurolink";

const ai = new NeuroLink({
  middleware: {
    guardrails: {
      precallEvaluation: { enabled: true },
    },
  },
});

const result = await ai.generate({
  input: {
    text: "Please advise on my investment portfolio allocation",
    systemPrompt: "You are a financial advisor assistant...",
  },
  hitl: {
    required: true,
    domain: "financial-services",
    urgency: "standard",
    reviewerPool: "tier-2-advisors",
    slaMinutes: 15,
    escalationPolicy: {
      afterMinutes: 10,
      escalateTo: "senior-reviewers",
    },
  },
});

// Handle review result
if (result.humanValidation?.status === "approved") {
  await sendToCustomer(result.content);
} else if (result.humanValidation?.status === "modified") {
  await sendToCustomer(result.humanValidation.modifiedContent);
} else {
  await escalateToHuman(customerQuery);
}

Domain Routing

Domain	Reviewer Pool	Typical SLA	Escalation Path
Financial Services	Tier-2 Advisors	15 minutes	Senior Advisors
Healthcare	Clinical Reviewers	30 minutes	Medical Directors
Legal	Paralegal Team	60 minutes	Associate Attorneys
Customer Support	Tier-1 Support	5 minutes	Team Leads

HITL Audit Logging

NeuroLink's Human-in-the-Loop system includes built-in audit logging that tracks all tool approval decisions (requested, approved, rejected, timed out) with user context and timestamps.

const ai = new NeuroLink({
  middleware: {
    guardrails: {
      precallEvaluation: { enabled: true },
      badWords: {
        enabled: true,
        regexPatterns: [
          "\\b\\d{3}-\\d{2}-\\d{4}\\b",
          "\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Z|a-z]{2,}\\b",
        ],
        action: "redact",
      },
    },
  },
  hitl: {
    enabled: true,
    dangerousActions: ["delete", "remove", "execute"],
    auditLogging: true,
  },
});

HITL Audit Log Entry Format

{
  "timestamp": "2026-01-15T10:30:00Z",
  "eventType": "confirmation-approved",
  "toolName": "deleteRecord",
  "userId": "user_789",
  "sessionId": "session_abc123",
  "arguments": { "recordId": "rec_456" },
  "reason": "Reviewed and approved by admin",
  "responseTime": 1500
}

What HITL Audit Logging Tracks

Event Type	Description	Data Captured
confirmation-requested	Tool flagged for review	toolName, arguments, userId, timestamp
confirmation-approved	Human approved the action	reason, responseTime, reviewerId
confirmation-rejected	Human rejected the action	reason, responseTime, reviewerId
confirmation-timeout	Approval timed out	timeout duration, auto-approve setting

Framework Comparison

Feature	NeuroLink	LangChain	Vercel AI SDK
Content Filtering	Configurable	Manual	Manual
Input Sanitization	Configurable	Via extension	Manual
Pre-call Evaluation	Built-in	Manual	Manual
HITL Workflows	Built-in	Manual	No
HITL Audit Logging	Built-in	Manual	Manual
Config-based Setup	Yes	No	No