Guardrails

Guardrails are runtime enforcement mechanisms that intercept agent actions before they execute. Where policies declare what agents may or must do, guardrails actively gate operations at execution time by blocking, modifying, or warning on attempted file writes, tool invocations, and content generation. Every interception is recorded in the audit log, which makes guardrails both an active safety layer and a compliance surface for later review.

Guardrail Classes

Guardrail Classes
The named categories of guardrails: grounding, file-write, tool-invocation, and content-generation, and how each maps to a distinct interception point in the runtime.

Guardrail Configuration

Guardrail Configuration
How to declare and scope guardrails at the org, project, task, or agent level, including precedence rules when multiple scopes overlap.

Grounding Guardrail

Grounding Guardrail
The generation-time control that checks whether factual claims in agent output trace to authoritative context sources. It fires inline during content production, before output exits the agent's execution boundary.

File Write Intercepts

File Write Intercepts
Scope enforcement for filesystem operations. Agents may only write within their own workspace; shared-surface changes route through PRs. Enforcement happens at both the filesystem layer and at commit time.

Tool Invocation Intercepts

Tool Invocation Intercepts
Pre-execution gates on tool and command use. Covers availability checks, scope validation, and parameter sanitization before a tool call proceeds.

Content Generation Intercepts

Content Generation Intercepts
Inline checks that evaluate generated content against policy constraints such as tone, format, and prohibited patterns before the output is committed to a deliverable.

Violation Handling

Violation Handling
What happens when a guardrail fires: block vs. warn vs. rewrite outcomes, how violations surface as errors or warnings, escalation to human-in-the-loop review, and the override path that requires owner-level authorization with a recorded rationale.

Work Items

Ingestion

Iteration

Processing

Library

Collab Modes

Validation

Evals

Chat

Scheduler

Watchers

Slack

Terminal

Claude Code

MCP Manager

MCP Server

First-Party Plugins

Contributions

Implementation Architecture

Glossary

Ontology

Agents and Actors

Governance Commands

Infrastructure

Knowledge and Memory

Org and setup

Scheduling

Work Lifecycle

Guardrails ​

Guardrail Classes ​

Guardrail Configuration ​

Grounding Guardrail ​

File Write Intercepts ​

Tool Invocation Intercepts ​

Content Generation Intercepts ​

Violation Handling ​