Configure guardrails
Guardrails are deterministic checks that run when high-risk tools fire (scm.create_pr, scm.merge_pr, propose_change, optional tool.before hooks). They complement workflow tools: allowlists and agent prose (/concepts/guardrails/, /reference/guardrails/).
Dashboard (recommended)
Open Settings → Extensions → Guardrails in the bundled dashboard (launch the desktop app or run coro start for a CLI install):

From this page you can:
- Toggle global enablement
- Enable/disable individual rules (
pr-description,pr-diff-size,merge-requires-approval,proposal-markdown-only, …) - Adjust numeric thresholds (
minLength,maxLines,maxFiles, minimum approvals)
Click Save all changes when the sticky footer appears. Values persist as guardrails overrides inside ~/.coro/config.json—you do not need to edit JSON for routine tuning.
JSON overrides (advanced)
Defaults ship from packages/runner/config/guardrails.defaults.json and merge per-rule with your overrides (matched by id). Use direct JSON only when automating config or setting values the UI does not expose:
{ "guardrails": { "enabled": true, "rules": [ { "id": "pr-diff-size", "config": { "maxLines": 1500, "maxFiles": 60 } }, { "id": "pr-description", "enabled": false } ] }}Dangerous combos (for example disabling merge-requires-approval globally) belong only in experimentation sandboxes — keep production guardrails strict enough that automation cannot silently ship unreviewable PRs.
Script-backed rules
/concepts/guardrails/ documents how to declare executable checks when JSON is insufficient. Prefer keeping scripts in tenant intelligence repos (memory/snippets/ procedural references) plus version-controlled script paths distributed via your infra team. Custom script paths are configured in JSON, not the dashboard toggles.
Approvals interplay
merge-requires-approval must align with your SCM branch protections and how service accounts authenticate — misconfiguration causes stuck review phases unrelated to Claude quality (/guides/webhooks/).
Related reading
- /guides/review-proposals/ —
proposal-markdown-onlyprotects intelligence PR cleanliness. - /reference/guardrails/ — field-by-field reference.