Guardrails & Safety

Squad is designed for high-stakes sectors where AI actions need oversight. Guardrails are layered throughout the system: from query classification to tool execution to response delivery.

Defence in Depth

Security isn’t a single checkpoint; it’s woven into every stage of the processing pipeline:

Layer	What It Does
Risk-Aware Routing	High-risk queries without a strong similarity match to a proven template are declined automatically
Security Review	Deterministic detection of dangerous operations: applied to every generated query regardless of user role
Role-Based Access Control	API permission checks on every request; agent tool-surface restrictions limit dangerous operations to administrators
Quality Review	Detects empty results, low scores, missing entities, and tool errors before a response is delivered
Human-in-the-Loop	Manual approval and rejection of queries and workflows before they become reusable templates
Authentication	All API endpoints require authentication unless explicitly whitelisted
Audit Trail	Every interaction is logged with a correlation ID for full traceability

Risk-Aware Routing

Users or administrators can assign a risk level to queries. This affects how Squad handles uncertainty:

Risk Level	Similarity Match	Action
Low/Medium	Any	Proceed normally
High	Strong match	Use approved template
High	No strong match	Decline: no execution

Tip

For safety-critical environments, configure default risk levels via your Squad administrator. High-risk queries only execute when there’s a proven, approved template to follow.

Security Review

The reviewer performs deterministic security checks on every generated query. Dangerous patterns are blocked regardless of user role: this is not LLM-based and cannot be bypassed.

Caution

Even users with elevated privileges are subject to security review. The reviewer enforces safety at the query level, independent of role-based access control.

Role-Based Access Control

Squad enforces access control at two levels:

API-Level Permissions

Each endpoint declares its required permission. Both the user and admin roles carry full read and write API access (querying, reviewing, workflow execution). The admin role adds user management and system configuration. For the full permission reference, see Administration & Access Control.

Tool-Level Access

Inside the AIM agent, a separate tool-configuration layer restricts which tools are available based on role. Standard users receive a safe tool preset that excludes graph-mutation and external-search tools; administrators receive the full set. This is independent of API permissions — a standard user can approve reviews through the API, but the agent will not execute destructive graph operations on their behalf.

Human-in-the-Loop

Two surfaces provide manual oversight:

Tune Page

The admin control plane for managing the system’s learned knowledge:

• Pending: queries awaiting approval; approve to make them reusable templates
• Approved: active templates with reuse statistics
• Declined/Rejected: queries that were blocked or rejected
• Workflows: saved workflow templates that can be revoked or restored

Review Panel

Available in the artifact panel during chat sessions:

• View pending review items for the current session
• Approve, reject, or amend query results
• Amendments are saved with corrections for future use

Audit Trail

Every query execution generates a unique correlation ID that flows through all logging and event emission:

• Structured logs with session, user, and event type metadata
• Real-time event stream includes correlation IDs for client-side tracing
• Persistent records track every interaction for compliance and investigation

Note

The audit trail is immutable by design. Events are append-only: there is no mechanism to delete or modify historical audit records.