Show HN: Limits – Control layer for AI agents that take real actions(limits.dev)
limits.dev
Show HN: Limits – Control layer for AI agents that take real actions
https://limits.dev
2 コメント
Interesting approach. We ended up framing the problem a bit differently, less as “policy checking” and more as commit control.
Instead of validating the model’s output directly, we assume the model can propose anything. The important part is that real-world state changes can’t execute unless they pass a deterministic boundary.
In our experiments the gate sits between the agent and any irreversible action (DB writes, payments, API mutations). The agent proposes an action, the gate checks invariants like replay, sequencing, ceilings, and context consistency, and only then allows the commit.
The nice side effect is that you get a clean append-only ledger of every proposal, rejection, and commit, which becomes extremely useful when agents misbehave.
Prompt guardrails try to make the model behave better. Execution gates assume it eventually won’t and make sure nothing dangerous happens. Have you seen issues where the policy layer itself becomes complex to maintain as agents operate more varied workflows.
Instead of validating the model’s output directly, we assume the model can propose anything. The important part is that real-world state changes can’t execute unless they pass a deterministic boundary.
In our experiments the gate sits between the agent and any irreversible action (DB writes, payments, API mutations). The agent proposes an action, the gate checks invariants like replay, sequencing, ceilings, and context consistency, and only then allows the commit.
The nice side effect is that you get a clean append-only ledger of every proposal, rejection, and commit, which becomes extremely useful when agents misbehave.
Prompt guardrails try to make the model behave better. Execution gates assume it eventually won’t and make sure nothing dangerous happens. Have you seen issues where the policy layer itself becomes complex to maintain as agents operate more varied workflows.
DMed you. I would love to check this out
Limits sits between your agent and the real world. Every action — database writes, API calls, refunds — gets intercepted and checked against your rules before it executes. Deterministically. No LLM involved in enforcement.
Three modes:
Conditions: hard rules on structured data Guideance: validate LLM output before it reaches the user and give the agent chance to reason and retry Guardrails: scan for PII, toxicity, prompt injection etc
One line to integrate: npm install @limits/js
our website: https://limits.dev
our docs: https://docs.limits.dev
We've processed 30,000+ policy checks across 16 teams. Would love feedback from anyone who's built something like this internally."