Skip to content

Guardrails defaults

Guardrails sit between the LLM and destructive tools. They are distinct from workflow tools: whitelists: even if a tool is allowed, a guardrail may veto a specific invocation and return a structured denial the model must repair.

Shipped defaults (packages/runner/config/guardrails.defaults.json) merge with optional overrides in ~/.coro/config.json → guardrails.rules[] (matched by id). Edit overrides in Settings → Extensions → Guardrails—see /guides/configure-guardrails/ for screenshots.

Default rules

Rule idonduringcheckconfig (defaults)
pr-descriptionscm.create_prpr-descriptionminLength: 80, requiredHeadings: ["## What"]
pr-diff-sizescm.create_pr["coding"]pr-diff-sizemaxLines: 1000, maxFiles: 40
proposal-markdown-onlypropose_changeproposal-markdown-only(no structured config)
merge-requires-approvalscm.merge_pr["review","review-and-verify"]merge-requires-approvalminApprovals: 1

Field meanings

  • on — Logical hook (scm.create_pr, scm.merge_pr, propose_change, or generic tool.before).
  • during — Optional allowlist of workflow phase names where the rule is evaluated; omit = all phases touching that hook.
  • check — Built-in evaluator name or script for bespoke .mjs rules.
  • config — Check-specific knobs (thresholds, heading requirements, approval counts).

Enforcement surfaces

  1. Directly inside MCP handlers (scm_create_pr, propose_change, …).
  2. At the executor PreToolUse boundary for mapped PR tools emitted by MCP-mode plugins.

Denials emit [guardrail] <rule-id> blocked mcp__coro__… lines classified in the dashboard as Guardrail events.

Customisation quick path

Guardrails settings

Settings → Extensions → Guardrails toggles global enablement and per-rule thresholds. Click Save all changes to persist. For automation or values the UI does not expose, edit JSON directly:

{
"guardrails": {
"rules": [
{ "id": "pr-diff-size", "config": { "maxLines": 800 } },
{ "id": "pr-description", "enabled": false }
]
}
}

For scripted policies, see Custom guardrail.