Guardrails
Guardrails are rule-based controls enforced at multiple levels to ensure AI agents cannot exceed their authorized scope. They operate across four enforcement layers:0. Owner-Set Account Controls
Before any payment mechanics apply, the account owner’s own controls do. These are set from the Prava Pay dashboard and enforced by Prava on every purchase:- Checkout quota: a set number of checkouts allowed per owner, consumed as agents buy.
- Concurrency limit: caps how many checkouts can be open at once.
- Per-purchase approval: every spend needs explicit approval before it happens.
- Agent revocation: revoking an agent cuts off its access immediately.
1. Mandate-Level Constraints
Every payment intent creates a mandate, a spending permission registered at the card network level. The mandate itself is a guardrail. It specifies:
The mandate’s amount is enforced at the card-network level through the tokenized credential (the substitute card number issued for the purchase): a transaction outside the mandate amount is declined. The remaining constraints are applied by Prava.
2. Session-Level Controls
Each session is scoped to:- A specific merchant and order
- A configured set of allowed domains (origin validation)
- A time limit: sessions expire and cannot be reused
- Idempotency: duplicate transactions within a session are detected and rejected
3. Authentication Controls
- Passkey (WebAuthn): a biometric or security-key approval on the user’s device, required for every intent mutation (register, update, delete). Prevents unauthorized agents from creating mandates.
- Device binding: passkeys are registered per browser, so a passkey on one device cannot be used on another.
- WebAuthn required: if the user’s device does not support WebAuthn (passkeys), transactions cannot be performed. There is no fallback mechanism; this ensures the highest level of authentication security.