Livy
Concepts

Guardrails

The limits and checks Livy applies before an MCP action can be approved.

Guardrails are the policies that decide whether a protected agent action can proceed.

They are evaluated after Livy matches an MCP request to an active agent wallet profile.

What Guardrails Check

A guardrail can constrain:

  • action type
  • wallet profile
  • asset or mint
  • per-action value
  • daily value
  • allowed destinations or routes
  • signer expectations
  • quote freshness
  • evidence requirements
  • receipt requirements

The exact policy fields depend on the action type and integration.

Decision Outcomes

A guardrail can produce:

  • approved
  • blocked
  • escalated

Approval should be narrow. It should create a short-lived nonce for one exact bundle, not a broad permission for the agent to execute anything nearby.

Policy State

Guardrails are product state. Keep these fields reviewable:

  • policy id
  • policy version or hash
  • action type
  • wallet binding
  • configured caps
  • status
  • update time

This lets operators answer why a request was approved or blocked later.

Execution Binding

The guardrail decision is not the end of the flow.

For a protected action, execution must bind back to:

  • the original request
  • the wallet profile
  • the policy decision
  • the approval nonce
  • the exact action bundle
  • the final receipt

Direct wallet sends skip this chain and should be treated as unprotected.

Agent Wallet

The public wallet profile Livy uses to match MCP requests to protected actions.

Skills

Install the Livy agent skill so agents route protected actions through Livy MCP.

On this page

What Guardrails CheckDecision OutcomesPolicy StateExecution BindingRead Next