AXME MESH
Define what your agents are allowed to do — and enforce it automatically
AI agents need guardrails that go beyond code review: runtime limits on what tools they can call, what data they can access, how much they can spend per hour.
AXME Mesh lets you write policy rules (rate limits, tool allow/deny lists, budget caps, data scope) that are enforced at runtime — not bolted on after the fact.
Your agent called an API it was not supposed to touch. The restriction was in the system prompt — prompt injection bypassed it. Gateway-enforced policies block the call before it reaches the tool, not after damage is done.
Guardrails at runtime, not only in prompts
Telling an agent "do not exceed $50/hour" in the system prompt is not enforcement. Code review cannot catch every tool call in production. Policies must evaluate before damage — rate limits, tool allow lists, data scopes, and budgets.
AXME Mesh evaluates YAML policies at runtime with inheritance from fleet defaults to per-agent overrides. Violations alert and can trigger kill switch or intent rejection.
CAPABILITIES
How it works.
Rate limits
Calls per minute per agent.
Budget caps
Spend limits with hard stops.
Tool allow/deny
Which APIs agents can invoke.
Data scope
Which records and tenants.
DEEP DIVE
Production patterns.
Runtime enforcement
Block before damage — not after.
Violation alerts
Notify on breach.
Fleet inheritance
Defaults + per-agent overrides.
Prompt rule vs gateway policy
Prompt only
# system: never call send_email # agent calls send_email anyway
Mesh policy
policies: tools: [crm.read] # send_email denied at gateway
Policy example (YAML)
policies:
- agent: support-bot
tools: [email.send, crm.read]
budget_usd: 50/day
rate: 100/minPolicy primitives
Rate limits cap calls per minute per agent or namespace. Budget policies tie to cost-control hard stops. Tool allow/deny lists restrict which APIs an agent may invoke. Data scope rules limit which records or tenants a retrieval step may touch.
Start from templates for common patterns — support bots without send-email, research agents without production DB write — then customize per team.
Common questions
- How are policies versioned?
- Policies live in Mesh configuration with audit on change; test in staging namespaces before fleet rollout.
- What happens on violation?
- Configurable: block the action, alert only, or halt the agent via kill switch integration.
- Can policies reference external IAM?
- Enterprise deployments integrate identity and data classification sources; scope depends on your Mesh configuration.
Related reading
Deeper dives from the AXME blog.
Your AI Agent Did Something It Wasn't Supposed To. Now What?
AI agents ignore restrictions in prompts. Gateway-enforced action policies block unauthorized actions before they reach the agent - no prompt injection can bypass it.
Read post →Your AI Agent Made 10,000 API Calls in an Hour. Here's How to Stop That.
One runaway retry loop. 10,000 API calls. $130 in LLM costs. No rate limit fired because you never built one. Here's how to add centralized rate and cost limiting to AI agents.
Read post →
Related
Related links
Ship your first durable agent — in under 10 minutes.
Free tier. No credit card. Self-host or hosted — your choice.