> ## Documentation Index
> Fetch the complete documentation index at: https://docs.duckie.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Restrictions

> Hard limits on what your agent cannot do

Restrictions are the highest-priority guardrails — absolute limits on what your agent cannot do or say.

{/* Screenshot: Restrictions tab showing list of restrictions with names and status */}

## What are Restrictions?

Restrictions define forbidden actions or topics. Unlike escalation rules (which hand off to humans), restrictions typically redirect the conversation or provide an alternative response.

**Examples:**

* Cannot promise refunds without approval
* Cannot discuss competitor products
* Cannot share internal pricing
* Cannot provide medical or legal advice

## Restrictions vs Escalation

| Restrictions                   | Escalation Rules                  |
| ------------------------------ | --------------------------------- |
| Block and redirect             | Hand off to human                 |
| Agent continues conversation   | Agent stops                       |
| Prevents specific actions      | Transfers responsibility          |
| "I can't do X, but I can do Y" | "Let me connect you with someone" |

## Creating Restrictions

<Steps>
  <Step title="Navigate to Guardrails">
    Go to **Train → Guardrails** and select the **Restrictions** tab.
  </Step>

  <Step title="Click Create Restriction">
    Click **Create Restriction**.

    {/* Screenshot: Create restriction dialog/drawer */}
  </Step>

  <Step title="Name the Restriction">
    Give it a clear name:

    * Good: "No Refund Promises", "No Competitor Discussion"
    * Avoid: "Restriction 1", "Don't"
  </Step>

  <Step title="Define What's Forbidden">
    Describe what the agent cannot do.

    {/* Screenshot: Restriction definition configuration */}
  </Step>

  <Step title="Configure Response">
    Define how the agent should respond when this triggers.
  </Step>

  <Step title="Test">
    Verify detection with the built-in playground.
  </Step>

  <Step title="Save">
    Save and activate the restriction.
  </Step>
</Steps>

## Detection Methods

Same as escalation rules:

### AI-Based

Describe the forbidden topic:

```
Restrict any discussion or comparison of competitor products 
or services, including:
- Naming competitor companies
- Comparing features or pricing
- Responding to "is X better than Y" questions
- Discussing why customers might choose competitors
```

### Keyword

Trigger on specific terms:

```
[competitor-name-1], [competitor-name-2], 
refund guarantee, price match, free trial extension
```

### Regex

Match specific patterns:

```
# Block sharing of internal URLs
https?://internal\.[a-z]+\.com

# Block specific codes
PROMO-[A-Z]{3}-\d{4}
```

## Configuring Restriction Response

{/* Screenshot: Restriction response template editor */}

When a restriction triggers, the agent should:

1. **Acknowledge** the request (don't ignore it)
2. **Explain** it can't fulfill this specific request
3. **Redirect** to an appropriate alternative
4. **Continue** helping with other matters

### Good Response Templates

**No Refund Promises:**

```
I'd be happy to help with your refund request! While I can't 
process refunds directly, I can connect you with our billing 
team who can review your case and assist you. Would you like 
me to do that?
```

**No Competitor Discussion:**

```
I'm focused on helping you get the most out of our product. 
I'd love to tell you more about [specific feature] that might 
address what you're looking for. What would be most helpful?
```

**No Internal Pricing:**

```
For custom pricing and enterprise plans, our sales team would 
be the best resource. They can put together options tailored 
to your needs. I can help you connect with them — would you 
like me to set that up?
```

**No Medical/Legal Advice:**

```
I'm not qualified to provide medical/legal advice, and I want 
to make sure you get accurate information. I'd recommend 
consulting with a [doctor/lawyer] for this question. Is there 
anything else I can help you with today?
```

## Example Restrictions

### No Unauthorized Discounts

| Setting         | Value                                                                                                                  |
| --------------- | ---------------------------------------------------------------------------------------------------------------------- |
| **Name**        | No Unauthorized Discounts                                                                                              |
| **Detection**   | AI + Keyword                                                                                                           |
| **Keywords**    | discount, coupon, promo code, special price                                                                            |
| **Description** | Cannot offer discounts or promotional pricing                                                                          |
| **Response**    | "I don't have the ability to offer special pricing, but our sales team might be able to help. Want me to connect you?" |

### No Competitor Comparison

| Setting         | Value                                                                                                |
| --------------- | ---------------------------------------------------------------------------------------------------- |
| **Name**        | No Competitor Discussion                                                                             |
| **Detection**   | Keyword + AI                                                                                         |
| **Keywords**    | \[list of competitor names]                                                                          |
| **Description** | Cannot discuss or compare competitor products                                                        |
| **Response**    | "I'm focused on helping you succeed with our product. What specific need are you trying to address?" |

### No Security Information

| Setting         | Value                                                                                                                                                            |
| --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Name**        | No Security Details                                                                                                                                              |
| **Detection**   | AI                                                                                                                                                               |
| **Description** | Cannot share internal security architecture, vulnerabilities, or detailed implementation                                                                         |
| **Response**    | "For security questions, please contact [security@example.com](mailto:security@example.com) or request our security documentation through your account manager." |

### No Data Deletion Promises

| Setting         | Value                                                                                                                                                                 |
| --------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Name**        | No Data Deletion Promises                                                                                                                                             |
| **Detection**   | Keyword + AI                                                                                                                                                          |
| **Keywords**    | delete my data, GDPR, right to be forgotten, data removal                                                                                                             |
| **Description** | Cannot promise or perform data deletion without proper process                                                                                                        |
| **Response**    | "Data deletion requests need to go through our privacy team to ensure we handle them properly. I can submit a request on your behalf — would you like me to do that?" |

## Testing Restrictions

{/* Screenshot: Restriction playground with test input showing triggered restriction */}

Use the built-in playground:

1. Open the restriction
2. Enter messages that might trigger it
3. Verify detection works correctly
4. Test edge cases

**Test scenarios:**

* Direct requests (e.g., "Give me a refund")
* Indirect requests (e.g., "I'm unhappy with my purchase")
* False positives (e.g., "What's your refund policy" should NOT trigger "No Refund Promises")

## Priority

Restrictions are the highest priority in the guardrail system:

```
Message arrives
      │
      ▼
Check Restrictions ← Highest priority
      │
      ├─ If triggered → Use restriction response
      │
      ▼
Check Escalation Rules
      │
      ├─ If triggered → Escalate
      │
      ▼
Normal Processing
```

## Assigning to Agents

<Steps>
  <Step title="Open Agent Configuration">
    Go to **Build → Agents** and click on an agent.
  </Step>

  <Step title="Go to Guardrails Tab">
    Select the **Guardrails** tab.
  </Step>

  <Step title="Select Restrictions">
    Check the restrictions that should apply.
  </Step>

  <Step title="Save">
    Save the agent configuration.
  </Step>
</Steps>

## Best Practices

* **Be specific** about what's forbidden
* **Provide helpful alternatives** in responses
* **Test for false positives** — don't over-restrict
* **Review regularly** — update as policies change
* **Keep responses friendly** — restrictions shouldn't feel like rejections

## Next Steps

<CardGroup cols={2}>
  <Card title="Escalation Rules" icon="arrow-up-right-from-square" href="/guardrails/escalation-rules">
    Define when to hand off to humans
  </Card>

  <Card title="Guardrails Overview" icon="shield" href="/guardrails/overview">
    Back to overview
  </Card>
</CardGroup>
