Constraints

Constraints encode organisational rules as machine-checkable boundaries. When an agent proposes an action or a query touches a constrained topic, the system checks the action against active constraints and flags any intersections.

You declare constraints through the UI or API with a scope, an assertion, and a severity level. Severity controls the response: inform (surface the constraint but proceed), warn (flag with a prominent warning), require_approval (block until a human approves), or block (hard stop). This graduated response lets you calibrate risk per constraint rather than treating everything as allow/deny.

Constraints are checked by the verify_before_acting gate, which agents call before taking significant actions. The gate combines constraint matching with Watch alerts, Engine sufficiency checks, and Shield clearance into a single go/no-go decision. Agents get a structured response explaining what matched and why.

Agents can also suggest new constraints discovered during work. If an agent discovers that a particular database is production or that a vendor has undocumented rate limits, it can propose a constraint for human review. Suggestions enter a queue where team members with appropriate roles can promote them to active constraints. This turns every agent session into a potential constraint discovery exercise.