Install nemoguardrails and create a config directory with a config.yml file that specifies your LLM engine configuration and sets the Colang version (1.0 or 2.x)
Write .co files in the config directory containing Colang flow definitions that handle prohibited intents, such as redirecting off-topic requests or refusing sensitive queries
Define canonical message forms in the .co files for user intents and bot responses that your flows reference
Instantiate RailsConfig.from_path() pointing to your config directory, then create an LLMRails instance from the config
Call rails.generate(messages=[...]) to run a conversation through the guardrails; Colang flows intercept and reroute any matching patterns
Test edge cases by providing adversarial inputs and confirm the guardrail flows trigger the expected bot responses rather than passing through to the LLM
Known gotchas
Colang 1.0 is the default in most NeMo Guardrails versions; to use Colang 2.x you must explicitly set colang_version: '2.x' in config.yml — omitting this causes syntax errors with 2.x flow definitions
NeMo Guardrails makes additional LLM calls internally to classify user intent before routing through flows; this adds latency and token cost proportional to the number of canonical message forms defined
Flows are matched by the LLM's interpretation of canonical intent, not by exact string match — subtle phrasing changes in user messages can cause flows to miss and fall through to the base LLM
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp