Guardrails

Agent Guardrails

Guardrails are safety constraints that ensure your agents operate within defined boundaries. They prevent harmful outputs, require human approval for sensitive actions, and enforce usage limits.

Why Guardrails Matter

Safety

Prevent agents from generating harmful, inappropriate, or misleading content

Control

Maintain human oversight for critical actions like sending emails or publishing content

Compliance

Ensure agents comply with regulations, policies, and industry standards

Guardrail Types

Approval Gates (HITL)

Require human approval before executing sensitive actions

{
  "guardrails": {
    "approvalGates": {
      "enabled": true,
      
      // Tools that always require approval
      "requireApprovalFor": [
        "send-email",
        "publish-social",
        "execute-payment",
        "delete-data",
        "execute-javascript"
      ],
      
      // Conditions for automatic approval
      "autoApprovalRules": [
        {
          "tool": "send-email",
          "conditions": {
            "recipientDomain": "@internal.company.com",
            "templateApproved": true
          }
        }
      ],
      
      // Approval timeout
      "timeout": 86400,  // 24 hours
      "onTimeout": "reject"  // reject | escalate
    }
  }
}

See Human-in-the-Loop for comprehensive HITL documentation.

Common Configurations

Low Risk: Internal Assistant

For internal tools with trusted users

{
  "guardrails": {
    "approvalGates": {
      "enabled": true,
      "requireApprovalFor": ["delete-data", "execute-payment"]
    },
    "rateLimits": {
      "requests": { "perMinute": 60 },
      "cost": { "perDay": 100.00 }
    },
    "contentFilters": {
      "piiProtection": { "enabled": true, "action": "warn" }
    }
  }
}

Medium Risk: Customer-Facing Bot

For customer support and interaction

{
  "guardrails": {
    "approvalGates": {
      "enabled": true,
      "requireApprovalFor": ["send-email", "update-account", "refund"]
    },
    "contentFilters": {
      "blockedTopics": ["legal-advice", "competitor-info"],
      "piiProtection": { "enabled": true, "action": "redact" },
      "toxicityFilter": { "enabled": true, "threshold": 0.5 }
    },
    "rateLimits": {
      "requests": { "perMinute": 30, "perUser": 100 },
      "cost": { "perDay": 50.00 }
    }
  }
}

High Risk: Autonomous Publishing

For agents that can publish or transact

{
  "guardrails": {
    "approvalGates": {
      "enabled": true,
      "requireApprovalFor": [
        "publish-social", "send-email", "execute-payment",
        "update-listing", "create-campaign"
      ],
      "timeout": 3600,
      "onTimeout": "reject"
    },
    "contentFilters": {
      "blockedTopics": ["legal", "financial", "medical", "political"],
      "piiProtection": { "enabled": true, "action": "block" },
      "toxicityFilter": { "enabled": true, "threshold": 0.3 }
    },
    "rateLimits": {
      "requests": { "perMinute": 10, "perDay": 500 },
      "cost": { "perDay": 25.00, "perMonth": 200.00 }
    },
    "scopeLimits": {
      "dataAccess": { "readOnly": ["users", "payments"] }
    }
  }
}

Handling Violations

When a guardrail is triggered, the system takes appropriate action based on configuration:

Block

Immediately stops the action. The agent receives an error message and must take an alternative approach.

Queue for Approval

Pauses execution and creates an approval request. Workflow resumes when approved or times out.

Warn

Logs the violation and notifies admins, but allows the action to proceed. Use for monitoring.

Redact

Removes or masks sensitive content and proceeds with the sanitized version.

Best Practices

Start Restrictive, Then Relax

Begin with strict guardrails and loosen them as you gain confidence. It's easier to grant permissions than to recover from incidents.

Monitor and Iterate

Review guardrail triggers regularly. Too many false positives indicate overly strict rules; adjust accordingly.

Layer Your Defenses

Use multiple guardrail types together. Content filters + approval gates + rate limits provide defense in depth.

Don't Rely on Prompts Alone

System prompts can be bypassed. Always use technical guardrails in addition to prompt-based instructions.

Next Steps

Human-in-the-Loop

Deep dive into approval workflows

Multi-Agent Systems

Coordinate agents with guardrails