Skip to main content
Guardrails allow admin users to configure verified parameters (such as user_email, user_id, subscription_plan) that are passed securely from your application to Typewise. These parameters are critical for security as they are treated as trusted identity information. When used in Actions or Lookups, they prevent the AI (LLM) from hallucinating or modifying sensitive values. This ensures that external systems receive authenticated data, allowing them to validate permissions effectively. For a deeper dive into the security principles, see the Security & Verification guide.

Configuration

Admins can define verified variables in the Platform UI.
  1. Go to Settings > Guardrails.
  2. Select the Verified parameters tab.
  3. Click Add item to define a new parameter.
The user_email variable comes pre-configured and cannot be deleted.
FieldDescription
Variable nameThe technical key used in the JSON payload (e.g., user_email, user_id, vip_customer).
DescriptionA human-readable description of what this parameter represents.
TypeThe data type of the variable (e.g., Text, Number, Yes/No).

Verification per Channel

The method for passing and verifying these parameters depends on the communication channel.

Chat

Parameters passed through the chat widget are treated as verified because they originate from your secured client-side code. You can pass any arbitrary information that you want the AI to trust. 
// Variables can be used to pass verified parameters when configuring the chat widget.
window.twConfig = {
  clientId: 'YOUR_CLIENT_ID',
  variables: {
    user_email: '[email protected]',
    user_id: '12345',
    plan: 'enterprise'
    // ... other verified parameters
  }
};

Email

For email channels, verification is strictly limited to the sender’s email address. Arbitrary parameters (like a User ID) cannot be securely passed via standard email protocols. Typewise employs a “proof of receipt” mechanism to verify email senders, as headers can be spoofed.
  1. Typewise verifies a sender when there is proof they received our response.
  2. If a sensitive action requires a verified email and the user is not yet verified, the AI may initiate a message asking the user to reply to confirm their identity.
  3. If this verification fails, the conversation is handed off to a human agent.

Usage in Actions and Lookups

Once defined, verified parameters appear as options for Secure inputs when configuring Actions and Knowledge Sources.

In Actions

When creating or editing an Action (such as an AI Action or Manual Action), you can map specific inputs to your verified parameters. This guarantees that the action uses the exact value provided by your system.
  • Verified Variable Availability: If an Action requires a verified variable that was not passed (e.g., missing from twConfig), the system will automatically hand off the conversation to a human agent.
  • Tool Responsibility: The integration tool (e.g., the MCP) is responsible for the final permission check. For example, a “Refund” tool must verify that the user_email provided allows them to access the specific order_id.
Actions Secure Input

In Knowledge Sources

Similarly, when setting up a Knowledge Source (like a Linear MCP tool or an API lookup), you can use verified parameters to authenticate requests or filter data based on the current user context. Knowledge Secure Input