Constraints & Safety

Constraints are safety limits that prevent agents from running out of control. Every AiQarus agent must have constraints configured.

Why Constraints Matter

Without constraints, AI agents can:

Enter infinite loops, consuming unlimited resources
Take more actions than intended
Run indefinitely without producing output
Consume excessive LLM tokens (and costs)

AiQarus enforces constraints at the execution engine level, ensuring agents cannot bypass them.

Available Constraints

Max Steps

Maximum TDAO loop iterations the agent can perform in a single run.


max_steps: 25

Use Case	Recommended
Simple Q&A	5-10
Standard workflow	15-30
Complex multi-step	50-100
Research/analysis	100-200

If an agent reaches max_steps without completing, the run fails with status max_steps_exceeded.

Max Duration

Maximum wall-clock time in seconds before the run is terminated.


max_duration_seconds: 300  # 5 minutes

Use Case	Recommended
Quick lookup	30-60
Standard workflow	300-600 (5-10 min)
Complex processing	1800-3600 (30-60 min)

Token Limit

Maximum LLM tokens (input + output) for the entire run.


max_tokens_per_run: 50000

This prevents runaway costs from excessive LLM usage.

Tool Timeout

Maximum time for any single tool execution.


tool_timeout_seconds: 30

Prevents hanging on slow external systems.

Setting Constraints in Agent Builder

Navigate to the Constraints step in the wizard
Configure each limit:


┌─────────────────────────────────────────────────────────────────────┐
│  Safety Constraints                                                  │
│                                                                      │
│  Maximum Steps          [  25  ] iterations                         │
│  Maximum Duration       [ 300  ] seconds                            │
│  Token Limit            [50000 ] tokens                             │
│  Tool Timeout           [  30  ] seconds                            │
│                                                                      │
│  ─────────────────────────────────────────────────────────────────  │
│                                                                      │
│  ⚡ Quick Presets:                                                   │
│                                                                      │
│  [Simple Task]  [Standard Workflow]  [Complex Process]  [Custom]    │
│                                                                      │
└─────────────────────────────────────────────────────────────────────┘

Constraint Presets

Preset	Max Steps	Duration	Tokens	Use Case
Simple Task	10	60s	10,000	Quick lookups, simple Q&A
Standard Workflow	25	300s	50,000	Most business processes
Complex Process	100	1800s	200,000	Multi-step analysis
Custom	User-defined	User-defined	User-defined	Special requirements

What Happens When Limits Are Hit

Max Steps Exceeded


{
  "status": "failed",
  "failure_reason": "max_steps_exceeded",
  "steps_executed": 25,
  "message": "Agent reached maximum step limit (25) without completing"
}

Max Duration Exceeded


{
  "status": "failed",
  "failure_reason": "timeout",
  "duration_seconds": 300,
  "message": "Agent exceeded maximum duration (300s)"
}

Token Limit Exceeded


{
  "status": "failed",
  "failure_reason": "token_limit_exceeded",
  "tokens_used": 50000,
  "message": "Agent exceeded token limit (50000)"
}

Capability Restrictions

Beyond runtime constraints, agents have capability restrictions - they can only use tools they’ve been explicitly granted.

Least Privilege Principle

Agents start with zero capabilities. You must explicitly grant each tool:


capabilities:
  - okta_list_user_apps      # Read Okta data
  - okta_revoke_access       # Modify Okta (higher risk)
  - slack_send_message       # Send notifications
  - memory_read              # Read from memory
  # NOT granted: memory_write, github_delete_repo, etc.

Tool Categories

Category	Risk Level	Examples
Read	Low	List users, fetch documents
Write	Medium	Update records, send messages
Delete	High	Remove access, delete files
Admin	Critical	Transfer ownership, modify configs

Best Practices

Start Conservative

Begin with tight constraints and loosen as you gain confidence:


# Initial deployment
max_steps: 10
max_duration_seconds: 120
 
# After validation
max_steps: 25
max_duration_seconds: 300

Consider Worst Case

Set limits based on what could go wrong, not just the happy path:

What if the LLM gets confused and loops?
What if an external system is slow?
What if input is malformed?

Monitor and Adjust

Review run statistics to optimize constraints:


Average steps: 8
Max steps: 23
Average duration: 45s
Max duration: 180s

If runs consistently use far less than limits, constraints may be too loose.

Different Constraints for Different Agents

Match constraints to agent purpose:

Agent Type	Steps	Duration	Tokens
Quick lookup	5	30s	5,000
Customer triage	15	120s	20,000
Document analysis	50	600s	100,000
Full offboarding	100	1800s	200,000