Guardrails are the controls that make AI-generated code safe: scanning, sandboxing, review thresholds, limits, and audit logs.
Quick answer
Guardrails are the controls that make AI-generated code safe: scanning, sandboxing, review thresholds, limits, and audit logs.
Scan before trust
AI-generated code should be scanned for unsafe patterns such as network calls, storage access, code execution, inline event handlers, dangerous URLs, and obfuscation. MorphCanvas runs this scan on every draft and converts the result into a safety score that gates publishing.
Sandbox by default
Even reviewed code should run with least privilege. MorphCanvas renders generated components inside a sandboxed frame that allows scripts but blocks same-origin access, so a component cannot read cookies, the session, or the parent page.
Limits, approval, and audit
Guardrails also include daily and per-provider usage limits, admin approval requirements, and an audit log that records every generation, publish, and setting change so the system stays observable and accountable.
FAQ
Can a scanner catch everything?
No scanner is perfect, which is why MorphCanvas also sandboxes rendering and supports admin review as defense in depth.
Why sandbox if code is already scanned?
Layered defense: sandboxing contains anything a scanner might miss, so a missed pattern still cannot reach the user's session.
Who can override the guardrails?
Only an administrator, and every override is recorded in the audit log.