Guardrails on What the Agent Does
Not a filter on the prompt - a boundary on the action. AgentFence bounds each agent to its authorized tools, forbidden targets, memory limits, and human-approval gates, checked at every tool invocation.
Illustrative product view
Guardrails on actions, not prompts
Prompt-level guardrails catch bad text; they do nothing when a perfectly polite prompt convinces an agent to export a customer list or hit a production database. AgentFence puts the guardrail on the action. Its deterministic runtime governance (ai_agent_governance.py) checks what the agent is trying to do - against its authorized tools, forbidden targets, memory boundaries, and approval gates - before the tool-call proceeds. The POST /guardrails/inspect endpoint evaluates a candidate action against the rules.
| Guardrail | What it enforces | Effect on violation |
|---|---|---|
| Authorized tools | Agent may only call tools on its roster | Off-roster call blocked |
| Forbidden targets | Named resources the agent may never touch | Call to a forbidden target blocked |
| Memory boundaries | No reading another context’s memory | Cross-memory access blocked |
| Human-approval gates | High-impact actions need a person | Held for human approval |
Deterministic and explainable
- The same candidate action always yields the same verdict - no flakiness
- Each verdict carries a plain-English reason a reviewer can read
- Rules and policies are inspectable via GET /guardrails/rules and /guardrails/policies
- Every attempt, allowed or blocked, is recorded as evidence
Simulate before you enforce
Guardrails run in the platform’s simulate-first posture: you can watch them fire on real agent traffic and see exactly which tool-calls would be blocked or gated before any of them actually stops an action. That lets you tune rosters and thresholds against reality instead of guessing.
Who it’s for
Teams that need agent guardrails
- Anyone deploying agents that can call tools with side effects
- Teams giving agents access to money movement, records, or customer data
- Platform owners who need one consistent boundary model across agents
- Security teams that need blocked-attempt evidence for review
Frequently asked questions
What are AI agent guardrails?
AI agent guardrails are enforced limits on what an agent may do. AgentFence implements them at the action level: before a tool-call proceeds, it checks the agent’s authorized tools, forbidden targets, memory boundaries, and human-approval gates, returning allow, block, or a gate for human approval. This catches unsafe actions even when the prompt looked benign.
How are these different from prompt guardrails?
Prompt guardrails filter model input and output text. Agent guardrails decide whether the thing the agent is trying to do should be allowed. A polite prompt can still drive a dangerous action, so AgentFence guards the action itself - the layer a prompt filter cannot reach.
What is a human-approval gate?
A human-approval gate pauses a high-impact action and routes it to a person to approve or reject, instead of allowing or hard-blocking it. It is the middle path for actions that are legitimate but consequential - a large refund, a bulk export - where a human should sign off.
Will guardrails slow my agents down?
The guardrail evaluation is deterministic and designed to run per tool-call. And because it runs in simulate mode first, you can measure its behavior on real traffic before it ever blocks or gates a live action, so you tune before you enforce.
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
Bound every agent tool-call
Put authorized-tool, forbidden-target, and approval-gate guardrails on your agents.
Talk to us