Skip to content

Guardrails

The agents are only safe to run because of these. Build them as a shared layer that every action tool must pass through, not as per-agent afterthoughts. Profasee advertises ten safety features; the ones below are the ones that matter and map to how we already work.

Non-negotiable rules

  1. Read-only by default. A new agent, and any new action type, ships in observe mode. It logs what it would do. A human flips it to active per domain.
  2. Approval ladder (trust ladder). Three levels per agent: observe (recommend only), approve-each (human approves every action), autonomous (acts within limits, reports after). Level is stored per agent per action type and only a human raises it.
  3. Hard spend caps. Every money-moving action (ad bids/budgets) checks a daily and per-action cap before executing. Over the cap = blocked, logged, surfaced. No exceptions in code.
  4. No-fly lists. ASINs, keywords, and SKUs that agents may never touch (hero products, legal-sensitive listings). Checked before any write.
  5. Auto-pause on failure. N failures in a row (default 3) for an agent = that agent reverts to observe and alerts. A crashed or erroring agent does nothing rather than guessing. (Same lesson as the SIFT 20-day silent outage and the 3-day nightly outage; see Forecasting ยง12.)
  6. Reversibility. Every action records enough to undo it (prior bid, prior price, prior budget) for a rollback window. Price and bid changes are reversible by definition; log the before-state.
  7. Every action is explained and logged. No action without an attached reason, confidence, expected dollar impact, and the data snapshot it was based on. Written to the reasoning log table.

Quantity-citation discipline (carried over from W5)

When an agent states a number in the brief (a dollar recovery, a margin, a unit forecast), it must carry its source: the table/query, the ASIN, the date range. No back-calculated or plausible-looking figures. This is the same anti-fabrication rule the W5 system enforces, and it is what makes the brief trustworthy. If a number cannot be sourced, say so or omit it.

Cost control

  • Per-agent LLM cost tracked per run and shown in the brief.
  • A monthly budget per agent; over budget = drop to observe and alert.

Implementation note

Put all of this behind a single guarded_action(agent, action_type, payload) entry point. It checks: trust level, spend cap, no-fly list, failure streak, then records the before-state and the reasoning, executes, and logs the outcome. If any check fails it blocks and logs. No action tool calls SP-API / Ads API directly; everything goes through this gate.