Skip to main content

API Reference Summary

Method / constructorDescription
new Limits(config)Create client. config.apiKey required (must start with sk_). Optional: config.debug (boolean) for request/response logging.
limits.check(policyKeyOrTag, input)Evaluate conditions policy. input = object. Returns PolicyEvaluationResult.
limits.evaluate(policyKeyOrTag, prompt, response)Evaluate instructions policy (prompt + LLM response). response can be a string or object. Returns PolicyEvaluationResult.
limits.guard(policyKeyOrTag, input)Evaluate guardrails policy. input = string. Returns PolicyEvaluationResult.
limits.listEscalations()List all escalations. Returns Escalation[].
limits.listEscalationsByPolicyId(policyId)List escalations by policy. Returns Escalation[].
limits.approveEscalation(escalationId)Approve escalation by ID. Returns Escalation.
limits.declineEscalation(escalationId)Decline escalation by ID. Returns Escalation.

Policy key or tag

For check, evaluate, and guard the first argument can be:
  • Policy key — e.g. 'amount-minimum-usd'
  • Tag — e.g. '#payments'. All policies with that tag are evaluated; strictest result wins: BLOCK → ESCALATE → ALLOW.

Result shape (all policy methods)

The API returns a response with meta and result; the SDK normalizes this to the PolicyEvaluationResult shape below. When the API returns validation or evaluation errors, they appear in errors. 
{
  data: { action: 'ALLOW' | 'BLOCK' | 'ESCALATE'; reason: string };
  isAllowed: boolean;
  isBlocked: boolean;
  isEscalated: boolean;
  errors?: string[];  // Present when validation or evaluation fails
}

Configuration

ParameterTypeRequiredDescription
config.apiKeystringYesAPI key (must start with sk_).
config.debugbooleanNoSet to true to enable request/response logging in the console. Default: false.

TypeScript types

Import types for type safety: 
import {
  Limits,
  type PolicyEvaluationResult,
  type Escalation,
  type EscalationResponse,
  type EscalationStatus,
  type ActionByUser,
} from '@limits/js';

Exported types

TypeDescription
PolicyEvaluationResultReturn type of check(), evaluate(), guard()data, isAllowed, isBlocked, isEscalated, errors?.
EscalationEscalation object: id, policy_id, organization_id, status, request?, response?, action_by?, action_by_user?, created_at, updated_at.
EscalationResponsePolicy result at time of escalation: action, message, success, violated.
EscalationStatusEnum: PENDING, ALLOWED, DECLINED (for Escalation.status).
ActionByUserUser who resolved the escalation: id, first_name, last_name, email (present on Escalation.action_by_user when resolved).

Errors

ErrorWhen
InvalidAPIKeyErrorKey missing or doesn’t start with sk_.
InvalidPolicyKeyErrorPolicy key/tag empty or invalid.
InvalidInputErrorEmpty input where required.
APIRequestErrorAPI returned 4xx/5xx (error.statusCode, error.response).
NetworkError / TimeoutErrorRequest failed or timed out.
Use instanceof for handling: 
import { Limits, InvalidAPIKeyError, APIRequestError } from '@limits/js';

try {
  const decision = await limits.check('my-policy', { amount: 100 });
} catch (err) {
  if (err instanceof InvalidAPIKeyError) { /* ... */ }
  if (err instanceof APIRequestError) { /* ... */ }
  throw err;
}

Auth

Requests use Authorization: Bearer <apiKey>. Get an API key from the Limits dashboard (Dashboard → API keys).