Enable monitor mode
Monitor mode is the default. Setmode: "monitor" explicitly or omit it:
What happens on each tool call
When you callwithTool with guard enabled (default inside withTool):
- Apie calls
POST /v1/guardrails/evaluatewith action and resource metadata - Apie emits an
agent.guardrail.evaluatedevent with the decision - In monitor mode, your callback always runs regardless of decision
| Decision | Monitor behavior |
|---|---|
allow | Proceed silently |
warn | Proceed, log warning |
block | Proceed, log “Would block” |
require_approval | Proceed, log “Would require approval” |
What you’ll see
Guardrail evaluation events in the run timeline. Each event shows matched guardrails, decision, and whether enforcement would have blocked or required approval. When those events belong to a session, runtime intelligence can turn them into a readable story and recommend follow-up policies. For example, a monitored production pipeline execution may become an action item to require approval next time. The recommendation does not activate a policy by itself; it points back to the evidence so you can decide what to enforce.Exercise guardrails safely
Run risky scenarios in monitor mode to see what would be blocked:Dry-run evaluation
Evaluate a guard decision without executing the action:Path to enforcement
- Run in monitor mode and review evaluation events
- Declare capabilities for expected tools
- Enable guardrail templates
- Add explicit action/resource metadata for risky tools
- Switch to Enforce mode
Next steps
Enforce guardrails
Block risky actions in production.
Runtime intelligence
See how monitored events become action items and guardrail recommendations.
Enable guardrail templates
Turn on starter guardrail packs.
