Skip to Content
Policies & Guardrails

Policies & Guardrails

Guardrails constrain what agents can do during a run — security boundaries, cost limits, and approval requirements without modifying agent code.

Policy file format

version: "1" name: production-guardrails rules: - id: block-destructive-aws match: { tool: "aws.*.delete*" } action: require-approval roles: [admin, sre-lead] - id: cost-ceiling match: { cost_usd_gte: 50 } action: abort message: "Run exceeded $50 cost ceiling" - id: require-tests match: { tool: "github.pulls.merge" } condition: "steps.ci.output.tests_passed != true" action: block

Rule evaluation

Rules are evaluated synchronously before each tool call. Most restrictive matching rule wins:

  1. block — action denied, run continues
  2. require-approval — run pauses at an approval gate
  3. abort — entire run terminated
  4. warn — action proceeds, warning logged

Applying policies

cendriix policy validate guardrails.yaml cendriix policy apply guardrails.yaml cendriix policy diff guardrails.yaml

Composition

  • Workspace-level — applies to all runs
  • Workflow-level — additional rules for specific workflows

The most restrictive rule wins — workflows cannot relax workspace guardrails.

See also: Core concepts → Guardrail, RBAC & SSO, Audit log

Last updated on