Policies & Guardrails
Guardrails constrain what agents can do during a run — security boundaries, cost limits, and approval requirements without modifying agent code.
Policy file format
version: "1"
name: production-guardrails
rules:
- id: block-destructive-aws
match: { tool: "aws.*.delete*" }
action: require-approval
roles: [admin, sre-lead]
- id: cost-ceiling
match: { cost_usd_gte: 50 }
action: abort
message: "Run exceeded $50 cost ceiling"
- id: require-tests
match: { tool: "github.pulls.merge" }
condition: "steps.ci.output.tests_passed != true"
action: blockRule evaluation
Rules are evaluated synchronously before each tool call. Most restrictive matching rule wins:
block— action denied, run continuesrequire-approval— run pauses at an approval gateabort— entire run terminatedwarn— action proceeds, warning logged
Applying policies
cendriix policy validate guardrails.yaml
cendriix policy apply guardrails.yaml
cendriix policy diff guardrails.yamlComposition
- Workspace-level — applies to all runs
- Workflow-level — additional rules for specific workflows
The most restrictive rule wins — workflows cannot relax workspace guardrails.
See also: Core concepts → Guardrail, RBAC & SSO, Audit log
Last updated on