Skip to content

Available Features in Single-LLM Architecture

Sequrity Control supports two agent architectures for tool access control: Single-LLM and Dual-LLM. The Single-LLM in Sequrity Control is designed primarily for compatibility with existing systems, providing guardrail functionalities and limited policy enforcement based on session metadata. In contrast, Dual-LLM offers all basic & advanced security features, i.e., all features listed in Security Features, Security Policies, and Fine-Grained Configurations.

What is Single-LLM vs. Dual-LLM?

Read the conceptual guide on Single-LLM vs. Dual-LLM Agents to understand the differences between these architectures and their security implications.

LangGraph defaults to Dual-LLM

The LangGraph endpoint (/lang-graph/) always uses dual-LLM configuration, even when agent_arch is set to "single-llm" in the X-Features header. This is because LangGraph integration requires the dual-LLM architecture for proper security enforcement.

Supported Features of Single-LLM

Single-LLM supports a limited subset of features compared to Dual-LLM mode. The following table summarizes the feature availability in Single-LLM mode:

  • Security Features / X-Features

    • ✅ toxicity_filter
    • ✅ pii_redaction
    • ✅ healthcare_topic_guardrail
    • ✅ finance_topic_guardrail
    • ✅ url_blocker
    • ✅ file_blocker

  • Security Policies / X-Policy

    • ✅ mode
    • ✅ codes
    • ⛔ auto_gen
    • ✅ fail_fast
    • presets
      • ✅ default_allow
      • ✅ default_allow_enforcement_level
      • ⛔ enable_non_executable_memory
      • ✅ enable_llm_blocked_tag
      • ✅ llm_blocked_tag_enforcement_level
      • ⛔ branching_meta_policy

    Limited Policy Enforcement in Single-LLM

    For Single-LLM, there is no program execution and metadata propagation, so the security policies for Single-LLM must rely on

  • Fine-Grained Configurations / X-Config

    • fsm (shared):
      • ✅ min_num_tools_for_filtering
      • ✅ clear_session_meta
      • ✅ max_n_turns
    • fsm (dual-llm only - all ⛔ in single-llm):
      • ⛔ max_pllm_steps
      • ⛔ max_tool_calls_per_step
      • ⛔ clear_history_every_n_attempts
      • ⛔ retry_on_policy_violation
      • ⛔ disable_rllm
      • ⛔ reduced_grammar_for_rllm_review
      • ⛔ enable_multistep_planning
      • ⛔ prune_failed_steps
      • ⛔ enabled_internal_tools
      • ⛔ force_to_cache
      • ⛔ history_mismatch_policy
      • ⛔ max_pllm_failed_steps
      • ⛔ wrap_tool_result
      • ⛔ detect_tool_errors
      • ⛔ detect_tool_error_regex_pattern
      • ⛔ detect_tool_error_max_result_length
      • ⛔ strict_tool_result_parsing
      • ⛔ tool_result_transform
    • prompt:
      • ⛔ All prompt overrides (dual-llm only)
    • response_format:
      • ⛔ All response format overrides (dual-llm only)