Skip to main content
For check, evaluate, and guard you pass a single identifier (one string per call). It can be:
  • Policy key — a single policy key, e.g. 'amount-minimum-usd'
  • Tag — the tag name with a # prefix, e.g. '#payments'. All policies with that tag are evaluated; their results are combined into one outcome.
When using a tag, the strictest result wins: BLOCK → ESCALATE → ALLOW. If any policy blocks, the decision is block; otherwise if any escalates, the decision is escalate; otherwise allow.

check(policyKeyOrTag, input) — conditions

Evaluates a conditions policy. input must be an object (e.g. request/response data). Signature 
async check(
  policyKeyOrTag: string,
  input: Record<string, unknown>
): Promise<PolicyEvaluationResult>
ParameterTypeRequiredDescription
policyKeyOrTagstringYesPolicy key (e.g. 'amount-minimum-usd') or tag (e.g. '#payments').
inputRecord<string, unknown>YesRequest/response data object.
Returns: Promise<PolicyEvaluationResult>. See Result shape below. Throws: InvalidPolicyKeyError, InvalidInputError, APIRequestError, NetworkError, TimeoutError. 
const decision = await limits.check('amount-minimum-usd', { amount: 500, currency: 'USD' });
// or by tag:
const decision = await limits.check('#payments', { amount: 500, currency: 'USD' });

if (decision.isBlocked) console.error(decision.data.reason);
else if (decision.isEscalated) console.warn(decision.data.reason);
else console.log('Allowed:', decision.data.reason);

evaluate(policyKeyOrTag, prompt, response) — instructions

Evaluates an instructions policy (prompt + LLM response). Typically used in middleware to validate LLM outputs before returning them. Signature 
async evaluate(
  policyKeyOrTag: string,
  prompt: string,
  response: string
): Promise<PolicyEvaluationResult>
ParameterTypeRequiredDescription
policyKeyOrTagstringYesPolicy key or tag (e.g. '#refunds').
promptstringYesUser prompt.
responsestringYesLLM response to validate.
Returns: Promise<PolicyEvaluationResult>. 
const decision = await limits.evaluate('refund-policy', userPrompt, llmResponse);
if (decision.isBlocked) { /* handle block */ }

guard(policyKeyOrTag, input) — guardrails

Evaluates a guardrails policy on text. input must be a string. Typically used in middleware to check model output (e.g. safety, PII) before sending to the user. Signature 
async guard(
  policyKeyOrTag: string,
  input: string
): Promise<PolicyEvaluationResult>
ParameterTypeRequiredDescription
policyKeyOrTagstringYesPolicy key or tag (e.g. '#safety').
inputstringYesText to check (e.g. model output).
Returns: Promise<PolicyEvaluationResult>. 
const decision = await limits.guard('content-guardrail', modelOutput);
// or by tag:
const decision = await limits.guard('#safety', modelOutput);

Result shape

The API returns a response with meta and result; the SDK normalizes this to the PolicyEvaluationResult shape below. All three methods return a PolicyEvaluationResult: 
{
  data: { action: 'ALLOW' | 'BLOCK' | 'ESCALATE'; reason: string };
  isAllowed: boolean;
  isBlocked: boolean;
  isEscalated: boolean;
  errors?: string[];  // validation errors when present
}
FieldTypeDescription
dataobjectAlways present.
data.action'ALLOW' | 'BLOCK' | 'ESCALATE'Decision.
data.reasonstringHuman-readable reason.
isAllowedbooleandata.action === 'ALLOW'.
isBlockedbooleandata.action === 'BLOCK'.
isEscalatedbooleandata.action === 'ESCALATE'.
errorsstring[] | undefinedValidation errors from the API when present.
Example (allowed) 
{
  "data": {
    "action": "ALLOW",
    "reason": "Transaction amount is within allowed limits"
  },
  "isAllowed": true,
  "isBlocked": false,
  "isEscalated": false
}
Example (blocked with validation errors) 
{
  "data": {
    "action": "BLOCK",
    "reason": "Parameter validation failed"
  },
  "isAllowed": false,
  "isBlocked": true,
  "isEscalated": false,
  "errors": [
    "Missing required parameter: 'currency' in request"
  ]
}

Error handling

Error classWhen it is thrown
InvalidAPIKeyErrorKey missing or doesn’t start with sk_.
InvalidPolicyKeyErrorPolicy key/tag empty or invalid.
InvalidInputErrorEmpty input where required.
APIRequestErrorAPI returned 4xx/5xx (error.statusCode, error.response).
NetworkError / TimeoutErrorRequest failed or timed out.
import { Limits, InvalidAPIKeyError, APIRequestError } from '@limits/js';

try {
  const decision = await limits.check('my-policy', { amount: 100 });
  // use decision
} catch (err) {
  if (err instanceof InvalidAPIKeyError) {
    console.error('Invalid or missing API key');
    return;
  }
  if (err instanceof APIRequestError) {
    console.error('API error:', err.statusCode, err.message);
    if (err.statusCode === 404) console.error('Policy not found');
    return;
  }
  throw err;
}

Full flow example

import { Limits, APIRequestError } from '@limits/js';

const limits = new Limits({ apiKey: process.env.LIMITS_API_KEY! });

async function evaluateTransaction(amount: number, currency: string) {
  try {
    const result = await limits.check('amount-minimum-usd', { amount, currency });

    if (result.isBlocked) {
      console.error('Blocked:', result.data.reason);
      if (result.errors?.length) result.errors.forEach((e) => console.error('  -', e));
      return { allowed: false, reason: result.data.reason };
    }

    if (result.isEscalated) {
      console.warn('Escalated for review:', result.data.reason);
      return { allowed: 'review', reason: result.data.reason };
    }

    return { allowed: true, reason: result.data.reason };
  } catch (e) {
    if (e instanceof APIRequestError) console.error('API error', e.statusCode, e.message);
    throw e;
  }
}

Next Steps

Guardrails

Use guard() to evaluate text (safety, PII, moderation).

LangChain

Use with LangChain agents via custom middleware.

Escalations

List, approve, and decline escalations.

Platform Policies

Create and manage policies in the web interface.