Guardrails
Guardrails are configurable rule sets attached to Gates. They evaluate every request in real time and block non-compliant actions before they execute.
What are Guardrails?
Guardrails are the policy engine of Modei. They answer the question: "Even if this agent has a valid passport, should this specific action be allowed right now?"
While a passport proves who the agent is, guardrails govern what it can do, how much, and when. They are the behavioral constraints on top of identity.
Guardrail Types
Rate Limits
Limit how many requests, actions, or transactions an agent can perform in a given time window.
requests_per_minute: 60 / requests_per_day: 10000Spend Caps
Hard limits on how much money an agent can spend, per transaction, per day, per month. Transactions that would exceed the limit are blocked before execution.
daily_usd: 100.00 / per_transaction_usd: 10.00Domain Allowlists
Restrict which external domains, APIs, or endpoints an agent can communicate with. Any request to a domain not on the list is blocked.
allowed_domains: ["api.example.com", "data.example.com"]PII Controls
Detect and control personally identifiable information. Options: log only, redact, block transmission, or encrypt in audit records.
pii_mode: "block" | "redact" | "log_only" | "encrypt"Approval Workflows
Require human approval for specific actions, amount thresholds, or new counterparties. Agents wait for approval before proceeding.
require_approval_above_usd: 100.00Permission Scopes
Only allow actions that match the agent's declared permissions. An agent with `web:search` can't execute `payments:send` even if it tries.
enforce_permission_scope: trueFull Guardrail Configuration
{
"rate_limits": {
"requests_per_minute": 60,
"requests_per_hour": 1000,
"requests_per_day": 10000,
"concurrent_requests": 5
},
"spend_limits": {
"per_transaction_usd": 10.00,
"daily_usd": 100.00,
"monthly_usd": 2000.00,
"require_approval_above_usd": 50.00,
"currency": "USD"
},
"domain_controls": {
"allowed_domains": ["api.example.com", "data.example.com"],
"blocked_domains": ["competitor.com"],
"allow_unlisted": false
},
"pii_controls": {
"mode": "log_only",
"block_ssn": false,
"block_credit_cards": true,
"mask_in_logs": true,
"gdpr_mode": false
},
"approval_workflows": {
"require_approval_above_usd": 100.00,
"require_approval_new_counterparties": true,
"approval_timeout_seconds": 300,
"auto_deny_on_timeout": false
},
"permission_enforcement": {
"strict_scope_matching": true,
"allow_wildcard_permissions": true
}
}Templates: Instant Guardrail Profiles
Instead of configuring guardrails from scratch, use a Template, pre-built guardrail sets for 30 common agent archetypes. Examples:
Read-Only Researcher
Web access, no transactions, no writes
Financial Agent
Strict spend caps, mandatory approval workflows
Customer Support Agent
Refund authority up to $50, PII masked
Crypto Trading (Strict)
Hard position limits, stop-loss required, L3 only
Security Scanner
Read-only, no external data transmission
Content Writer
No autonomous publish, plagiarism check
Guardrail Evaluation Order
1. Permission scope check, does the agent have permission for this action?
2. Rate limit check, would this request exceed rate limits?
3. Spend limit check, would this transaction exceed spend caps?
4. Domain allowlist check, is the target domain permitted?
5. PII detection, does the payload contain controlled PII?
6. Approval workflow, does this action require human approval?
→ All pass: allow + issue attestation
→ Any soft constraint fails: request_hold + issue attestation with reason → Any hard constraint fails: block + issue attestation with reason
Evaluation stops at the first failure. The denial reason is included in the attestation for audit purposes.
Related
- Gates, Where guardrails live and get evaluated.
- Template Library, 30 pre-built guardrail configurations.
- Attestations, The audit records generated by guardrail evaluations.