What is a guardrail?
A guardrail is a rule that evaluates every intercept in real time and decides whether to ALLOW, FLAG, or BLOCK the action.
What is the Human-in-the-Loop Approval Queue?
When a FLAG rule has requires_approval enabled, the governance engine returns a PENDING_APPROVAL verdict instead of FLAG. The agent action is held until a named human reviewer approves or rejects it in the Gateplex dashboard. Every decision is recorded with the reviewer email and timestamp. The Python SDK supports automatic polling via client.wait_for_approval(intercept_id).
What is the Rule Change Audit Log?
Every change to guardrail rules is logged automatically with the admin email, timestamp, and full before and after state. The log uses SHA-256 hash chaining for tamper evidence. It is visible on the Audit Log page and exportable as CSV.
Can I create custom guardrails?
Yes. Define rule_type, configuration (thresholds, regex, allow/deny lists), and whether the rule flags or blocks. Custom rules run alongside built-ins.
What happens when a guardrail is triggered?
The intercept is recorded with the matching rule, the verdict is returned to your agent, and (if configured) an alert is sent to your team. Blocked actions stop before execution.
What is the difference between BLOCK and FLAG?
BLOCK stops the action from executing - your agent should treat the response as a denial. FLAG allows the action but marks it for review in the audit trail.
Are guardrails enforced in real time?
Yes. Evaluation happens synchronously as part of the intercept request, before your agent receives a verdict.
How fast does a block execute?
Gateplex performs server-side governance evaluation with no LLM in the evaluation path. The verdict is returned in the same HTTP response as the intercept ack.
What rule types does Gateplex support?
Gateplex supports eight rule types: Keyword Block, Keyword Flag, Rate Limiter, API Scope Control, Regex Pattern Match, Output Length Limit, Prompt Injection Detector, and Repetition Detector. Three compliance packs are available that add multiple pre-configured rules at once: EU AI Act Article 12 Pack, HIPAA Safety Pack, and Financial Services Pack.
What happens when an action is flagged?
Flagged actions can be configured to require human approval before the agent action executes. When requires_approval is enabled on a rule, the action is held in the approval queue. A named reviewer must approve or reject it. Every decision is logged with the reviewer email and timestamp.
What is PENDING_APPROVAL?
When a FLAG rule has requires_approval enabled, the governance engine returns PENDING_APPROVAL instead of FLAG. The agent action is held until a human reviewer approves or rejects it in the Gateplex dashboard. The Python SDK supports automatic polling with client.wait_for_approval(intercept_id).