| Prompt instructions like 'never do X' don't hold up in production. LLMs ignore them when context gets long or users push hard. Limits sits between your agent and the real world. Every action — database writes, API calls, refunds — gets intercepted and checked against your rules before it executes. Deterministically. No LLM involved in enforcement. Three modes: Conditions: hard rules on structured data
Guideance: validate LLM output before it reaches the user and give the agent chance to reason and retry
Guardrails: scan for PII, toxicity, prompt injection etc One line to integrate: npm install @limits/js our website:
https://limits.dev our docs:
https://docs.limits.dev We've processed 30,000+ policy checks across 16 teams. Would love feedback from anyone who's built something like this internally." |
Instead of validating the model’s output directly, we assume the model can propose anything. The important part is that real-world state changes can’t execute unless they pass a deterministic boundary.
In our experiments the gate sits between the agent and any irreversible action (DB writes, payments, API mutations). The agent proposes an action, the gate checks invariants like replay, sequencing, ceilings, and context consistency, and only then allows the commit.
The nice side effect is that you get a clean append-only ledger of every proposal, rejection, and commit, which becomes extremely useful when agents misbehave.
Prompt guardrails try to make the model behave better. Execution gates assume it eventually won’t and make sure nothing dangerous happens. Have you seen issues where the policy layer itself becomes complex to maintain as agents operate more varied workflows.