Guidance
A programming paradigm for steering LLMs — interleave generation, prompting, and control flow with constrained decoding and structured output.
Guidance
Guidance is a programming paradigm for controlling large language models more precisely than plain prompting. Instead of sending a single string and hoping for well-formed output, you interleave text, generation, selection, loops, and conditionals directly in Python, so the model follows a structured flow — effectively a state machine over generation. This yields reliable structured output, fewer tokens, and lower latency.
Key features
- Constrained generation with regex, context-free grammars, and JSON schemas
- Interleave control flow (loops, conditionals, functions) with model calls
- Token healing to avoid tokenization artifacts at prompt boundaries
- Reusable, composable functions for building complex prompting programs
- Works across backends including local Transformers, llama.cpp, and hosted APIs
Originally from Microsoft and now maintained under the guidance-ai organization, Guidance is widely used to force valid, machine-parseable outputs (for example, JSON that always conforms to a schema) and to orchestrate multi-step generation deterministically. Because constraints are enforced during decoding, invalid tokens are never sampled, which improves both reliability and speed compared with post-hoc validation and retries.
Curated mirror of the open-source Guidance (MIT). Get it from the source.
Only compromise signals — malicious or tampered code (leaked secrets, backdoors, path traversal, a dropped executable) — reduce the score. Dangerous-by-capability traits (shell, network, injection strings, pickle) are shown as risk surface: expected for some capabilities — a security tool ships offensive code on purpose — so they do not sink the grade.
Evaluated against the OWASP Top 10 for LLM Applications (2025) and the OWASP Machine Learning Security Top 10. Expand any control to see the findings.
Consume Guidance programmatically. Authenticate with an API key or session — see Authorize an agent.
# Agents: CHECK BEFORE YOU INSTALL (no auth) — score, grade, level, capability manifest
curl https://ai-supply.store/api/v1/trust/guidance-llm-control
# Gate against your org policy (returns { pass, violations })
curl -X POST https://ai-supply.store/api/v1/trust/guidance-llm-control/check \
-H "Content-Type: application/json" \
-d '{"minGrade":"B","denyPermissions":["shell"],"denyUnknownEgress":true}'
# CLI
npx ai-supply add guidance-llm-control
# REST (install → download)
curl -X POST https://ai-supply.store/api/v1/listings/guidance-llm-control/install \
-H "Authorization: Bearer $AIM_KEY"
# MCP tool
install_listing({ "slug": "guidance-llm-control" })OpenAPI spec →Curated mirror — latest upstream source. See the repository for tagged releases.