> ## Documentation Index
> Fetch the complete documentation index at: https://gump.build/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Guards

> Guards are live circuit breakers that monitor an agent during execution.

# Guards

Guards are live circuit breakers that monitor an agent during execution. While gates check after a step finishes, guards watch in real-time and kill the agent immediately if a condition is met.

## Declaring guards

```yaml theme={null}
- name: impl
  type: code
  run:
    agent: claude-haiku
    guard:
      max_turns: 30
      max_budget: 2.00
  gate: [compile, test]
```

## Available guards

| Guard        | Description                                                       |
| ------------ | ----------------------------------------------------------------- |
| `max_turns`  | Kill if turns exceed a threshold                                  |
| `max_budget` | Kill if estimated cost exceeds a dollar amount                    |
| `max_tokens` | Kill if tokens consumed exceed a threshold                        |
| `max_time`   | Kill if wall-clock duration exceeds a threshold. Alias: `timeout` |
| `no_write`   | Kill if the agent writes files outside `.gump/out/`               |

`no_write` is implicitly `true` for `split` and `validate` step types. Override with `guard: { no_write: false }` if needed.

`timeout` is an alias for `max_time` — if both are present, it's a parsing error.

## What happens when a guard triggers

1. The agent is killed immediately
2. The worktree is reset to the pre-step state (mutations undone)
3. Partial metrics are collected (tokens spent, cost so far, turns completed)
4. The gate runs (it will fail)
5. Retry applies — same flow as a gate failure

A `guard_triggered` event is emitted in the ledger with the guard name, reason, and partial metrics.

## Guards are reactive, not preventive

Guards react to agent behavior by parsing the NDJSON stream. There's a small delay between the agent acting and the guard detecting it. File writes are caught and reverted via worktree reset. Network calls or other side effects outside the worktree cannot be undone.

## Guards vs Gates

|              | Gates                                        | Guards                                      |
| ------------ | -------------------------------------------- | ------------------------------------------- |
| When         | After the step finishes                      | During execution                            |
| What         | Compile, test, lint, schema, validators      | Turn count, cost, tokens, time, file writes |
| Mechanism    | Shell commands, file checks, agent workflows | Stream parsing, process kill                |
| On failure   | Retry applies                                | Retry applies (via gate fail)               |
| LLM involved | Only for workflow validators                 | Never                                       |