Skip to main content
Boundary is designed to run safely in production environments. The core principle:

Boundary doesn’t sit between you and your model. It wraps your code, not your network.

Local-first execution

By default, Boundary runs entirely inside your application:
  • Your LLM calls go directly to your provider (OpenAI, Anthropic, etc.)
  • Boundary does not proxy or intercept requests
  • No data is sent to Boundary servers
  • All validation, repair, and retry happens in-process
import { defineContract } from "@boundary/contract";

// This runs 100% locally. No network calls to Boundary.
const contract = defineContract({ schema, rules });
const result = await contract.accept(run);
@boundary/contract has zero telemetry. No analytics, no tracking, no phone-home. It’s a pure validation library.

Optional observability (explicit opt-in)

If you want production visibility — acceptance rates, failure patterns, alerts — you add @boundary/sdk. This is a separate package. It is never installed or activated automatically. 
import { createBoundaryLogger } from "@boundary/sdk";

const logger = createBoundaryLogger({
  apiKey: process.env.BOUNDARY_API_KEY!,
  environment: "production",

  // you control exactly what is captured
  capture: {
    inputs: false,     // raw LLM inputs — default OFF
    outputs: false,    // raw LLM outputs — default OFF
    repairs: true,     // repair messages — default ON
    errors: true,      // failure details — default ON
    metadata: true,    // contract name, attempts, duration — default ON
  },

  // redact sensitive fields before transmission
  redact: {
    fields: ["ssn", "email", "phone"],
  },
});
Default behavior is conservative. Metadata, repair steps, and failures are captured. Raw inputs and outputs are opt-in. You decide what leaves your system.

What “metadata” means

When capture.metadata is true (the default), Boundary sends:
  • Contract name
  • Attempt count
  • Duration (ms)
  • Success or failure
  • Failure category (e.g., INVARIANT_ERROR)
  • Rule names that failed
It does not send:
  • Raw LLM prompts
  • Raw LLM outputs
  • Your application data
  • User inputs
These are only sent if you explicitly set capture.inputs: true or capture.outputs: true.

Redaction

Even when you opt into capturing inputs or outputs, you can redact sensitive fields: 
redact: {
  fields: ["ssn", "email", "phone"],
  custom: (value, path) => {
    if (path.includes("address")) return "[REDACTED]";
    return value;
  },
}
Redaction happens before data leaves your process. Boundary never sees the original value.

Full visibility

Boundary exposes every step of the execution loop to your application: 
if (!result.ok) {
  for (const attempt of result.error.attempts) {
    console.log(attempt.raw);       // raw model output
    console.log(attempt.issues);    // validation failures
    console.log(attempt.category);  // failure category
  }
}
Nothing is hidden. Every attempt, every failure, every repair instruction is available in the result object.

No hidden behavior

Boundary does not:
Modify your prompts silentlyattempt.instructions is generated from your schema — visible and deterministic
Call additional models or servicesOnly your RunFn makes LLM calls
Persist state between runsEach .accept() call is independent
Auto-enable telemetryYou must explicitly create and pass a logger
All behavior is explicit in your code.

Custom transport

You don’t have to use Boundary’s cloud to get observability. The write option lets you send events to your own infrastructure: 
const logger = createBoundaryLogger({
  environment: "production",
  capture: { metadata: true, errors: true },
  write: (event) => {
    // send to your own telemetry pipeline
    myDatadog.emit("boundary.run", event);
  },
});
Boundary observability is not tied to Boundary cloud.

Control stays with you

You define:
  • The schema — what structure the output must have
  • The rules — what “correct” means for your domain
  • The retry policy — how many attempts, what backoff
  • The capture policy — what data is logged and where
  • The redaction rules — what is stripped before transmission
Boundary only enforces what you specify. Nothing more.