What is a Range Constraint?
Restricting a numeric tool call argument to a minimum and/or maximum value. Range constraints set safe operational bounds — for example, ensuring a transfer amount stays between 0 and 10,000 or a query limit does not exceed 1,000 rows.
WHY IT MATTERS
Numeric arguments are among the highest-risk parameters in tool calls. An amount field, a count field, a limit field — these directly control how much an agent does. Without range constraints, a hallucinating agent might request a transfer of 999,999,999 or a database query returning 10 million rows.
Range constraints are the simplest and most effective guard against numeric overflows. A minimum of 0 prevents negative amounts. A maximum of 10,000 caps transaction size. A query limit ceiling prevents resource exhaustion. These rules are trivial to write and enormously effective at preventing costly mistakes.
Range constraints also interact well with other policy mechanisms. Combined with per-tool rate limits, they create a comprehensive throughput and magnitude envelope — limiting both how often and how much an agent can do. This defence-in-depth approach is far more robust than either mechanism alone.
HOW POLICYLAYER USES THIS
Intercept supports numeric range constraints in YAML policies via min and max fields on argument rules. Both are optional — you can set just a minimum, just a maximum, or both. Intercept parses the argument value as a number and evaluates it against the bounds. Values outside the range are denied with a clear message stating the allowed range.