Guardrails that enforce,
not just advise.
Define spend limits, merchant restrictions, approval workflows, and time windows per agent. Policies are enforced in the transaction path — not in prompts.
{
"name": "procurement-standard",
"enforcement_level": "enforce",
"max_transaction_euros": 500,
"monthly_limit_euros": 5000,
"merchant_blocklist": ["gambling", "crypto_exchanges"],
"blocked_countries": ["KP", "IR", "SY"],
"auto_approve_limit_euros": 100,
"allowed_days": ["mon", "tue", "wed", "thu", "fri"]
}Enforcement Levels
Three modes that determine how policies interact with live transactions.
Hard block. Transaction is declined at the API level. No override possible by agents. The charge never reaches the card network.
Requires human confirmation. Agent requests are held in a queue until a dashboard user approves or denies. Timeout configurable.
Advisory only. Transaction proceeds but flags are raised for review. Useful for monitoring spend patterns before tightening rules.
What you can control
Spend limits
Per-transaction, daily, weekly, monthly caps with hard enforcement at the API layer.
Merchant control
Allowlists, blocklists, and MCC category restrictions. Layer rules for fine-grained control.
Country blocking
Block transactions from high-risk jurisdictions. Configurable per-policy.
Time windows
Restrict purchases to business hours or specific days of the week.
Approval workflows
Auto-approve below threshold, escalate above. Configurable per policy.
Mandatory assignment
Every agent must have exactly one policy. Cannot be removed, bypassed, or modified by the agent.
Controls in the transaction path
Unlike prompt-based guardrails, Ovra policies are enforced at the API layer. When an agent creates a payment intent, the policy engine evaluates rules before any money moves. Blocked transactions never reach the card network. Agents cannot modify, disable, or read their own policy rules — they can only observe the outcome.
Define your first policy
Get started with presets or build custom rules from scratch.