Skip to content

Codegen Guardrails

Definition

Section titled “Definition”

Guardrails are enforced constraints that ensure generated code is safe, deterministic enough, and observable in production.

Schema / Parameters

Section titled “Schema / Parameters”
  • Block contract: name, version, inputs, outputs, sideEffects, timeouts.
  • Limits: cpu_ms, mem_mb, io_budget, rate_limit.
  • Observability: log_level, trace (on|off), metrics.
  • Policies: network_allowlist[], fs_scope, secrets_scope.

Defaults

Section titled “Defaults”
  • timeout: 30s unless overridden.
  • log_level: info in prod, debug in dev.
  • trace: off in prod unless severity>=error.

Examples

Section titled “Examples”
  • Deny network to unknown hosts with allowlist.
  • Enforce JSON schema validation at block boundaries.
  • Kill process on exceeding memory limit.

Limits

Section titled “Limits”
  • No shell exec unless explicitly allowed.
  • No dynamic imports from remote URLs.
  • Secrets only via runtime provider, never embedded in source.
Section titled “Related”