Operate · Policy

Guardrails designer

Set budgets and rate limits at three scopes. Export a policy your AI gateway can enforce.

Per engineer

The most important scope. Catches runaway scripts and over-eager agents.

Daily cap (USD)

Monthly cap (USD)

Soft warn threshold80% of cap

Per tool

Cap each integration independently. Catches one tool eating the whole budget.

GitHub Copilot Business

GitHub

$/seat/mo

Cursor Pro

Anysphere

$/seat/mo

Claude Code (Max)

Anthropic

$/seat/mo

ChatGPT Business

OpenAI

$/seat/mo

Anthropic API (raw)

Anthropic

$/seat/mo

OpenAI API (raw)

OpenAI

$/seat/mo

Model allowlist

Premium models often cost 10–60× cheaper alternatives. Allowlist explicitly.

4 of 10 models allowed. Disallowed models will be rejected at the gateway with a clear error.

Per API key & MCP server

Stop a single key or MCP from torching the bill.

Rate limit (req/min)

Token ceiling per request

Tip: For MCP servers, also enforce a max tool-result size (≤ 4KB recommended) and a max agent step count (≤ 30) — both common runaway-cost vectors.

Target gateway

Tokmeter is the default — one click to apply. Other targets are for teams migrating off an existing gateway.

★ Default. Tokmeter applies these guardrails natively across every connected provider — no proxy required.

Policy preview

tokmeter compatible YAML

Default target — no deploy needed. These rules apply natively across every connected provider. Export to LiteLLM, Portkey, or Helicone only if you are migrating off an existing gateway and need the same policy in their format.

# Tokmeter native guardrails policy
# Apply with one click — no proxy or YAML deploy required.
# This file is for audit/source-control; Tokmeter persists the same rules in your workspace.
policy_version: 1
workspace: default

per_engineer:
  daily_usd: 50
  monthly_usd: 600
  soft_warn_pct: 80
  enforcement: soft   # soft = warn + notify; hard = block at cap

per_tool_seat_caps_usd:
  cursor: 40
  claude-code: 200
  github-copilot: 19
  chatgpt-business: 25
  anthropic-api: 300
  openai-api: 250

model_allowlist:
  - claude-sonnet-4
  - claude-haiku-4
  - gpt-5-mini
  - gemini-2.5-flash

request_limits:
  rpm: 60
  max_tokens: 50000

notifications:
  channels: [in_app, email, slack]   # configure under Settings → Integrations

Estimated impact

Max possible monthly spend / engineer$600.00

Annual cap @ 150 engineers$1.1M

Hard block enforcementOff (warn only)