Codegen Guardrails

Definition

Guardrails are enforced constraints that ensure generated code is safe, deterministic enough, and observable in production.

Schema / Parameters

• Block contract: name, version, inputs, outputs, sideEffects, timeouts.
• Limits: cpu_ms, mem_mb, io_budget, rate_limit.
• Observability: log_level, trace (on|off), metrics.
• Policies: network_allowlist[], fs_scope, secrets_scope.

Defaults

• timeout: 30s unless overridden.
• log_level: info in prod, debug in dev.
• trace: off in prod unless severity>=error.

Examples

• Deny network to unknown hosts with allowlist.
• Enforce JSON schema validation at block boundaries.
• Kill process on exceeding memory limit.

Limits

• No shell exec unless explicitly allowed.
• No dynamic imports from remote URLs.
• Secrets only via runtime provider, never embedded in source.

Related

• /docs/vibe-coding/growth-blocks-overview
• /docs/vibe-coding/ci-for-prompts
• /docs/governance-security/secrets-policy