Skip to main content
Boundary enforces a deterministic acceptance boundary around your LLM calls. Your application only receives outputs that have passed all validation.

When result.ok === true

The output is guaranteed to be:
  • Valid JSON — successfully parsed
  • Schema-compliant — matches your Zod schema exactly
  • Rule-correct — all domain rules returned true
  • Safe to use — no additional checks required in your application
if (result.ok) {
  // result.data is fully validated and safe
  await saveToDatabase(result.data);
}
You can treat result.data as trusted input to your system.

When result.ok === false

No output is returned to your application. Instead, you receive a structured error:
  • No invalid data leaks through
  • All attempts are preserved for debugging
  • Failures are fully explained with categories and violations
if (!result.ok) {
  // nothing entered your system
  // full history available for debugging
  console.log(result.error.message);
  console.log(result.error.attempts);
}

What Boundary guarantees

Boundary guarantees system-level correctness, not model behavior:
GuaranteeDescription
Deterministic gateEvery run is accepted or rejected. No partial passes, no silent corruption.
Schema complianceAccepted output matches your Zod schema exactly.
Rule enforcementEvery rule returned true on the accepted output.
Targeted repairOn failure, specific violations are sent back to the model — not blind retry.
Full historyEvery attempt is recorded with raw output, cleaned output, issues, and failure category.
The model may generate incorrect outputs. Boundary prevents incorrect outputs from entering your system. Only validated, correct data crosses the boundary.

What Boundary does NOT guarantee

Not guaranteedWhy
The model will succeedIt may exhaust all retries and return ok: false
Zero retriesMost calls take 1-2 attempts. Some need 3.
Correctness beyond your rulesIf you don’t write a rule for it, Boundary can’t catch it
Latency boundsTotal time depends on retry count and model speed
Correctness is defined by your schema and rules: 
defineContract({
  schema, // ← defines structure
  rules,  // ← defines what "correct" means
});
If a value violates your domain logic but you haven’t written a rule for it, Boundary won’t catch it. The guarantee is: everything you define is enforced.

Mental model

The model proposes outputs. Boundary decides what your system accepts.This separation makes your application deterministic, even when the model is probabilistic.

The acceptance boundary

LLM output

  clean     → extract JSON from raw response

  verify    → schema check + rule check

 accept?  ──yes──→  result.ok = true  →  your application

    no

  repair    → explain violations to model

  retry     → model tries again with repair context

  (loop until accepted or maxAttempts exhausted)

  result.ok = false  →  structured error, no data leaks

Next steps

When to Use

Where Boundary fits — and where it doesn’t

API Reference

Full API surface