What is Guardrails as Code in Sedai, and how does it work?

Guardrails as Code is a feature in Sedai that allows engineering teams to define the boundaries within which Sedai's autonomous optimization can operate, directly in their Git repository as versioned YAML files. Before Sedai makes any optimization decision, it checks these guardrails and constrains its actions accordingly. Guardrails can be set at the resource, group, or account level, and are managed through GitHub, GitLab, or Bitbucket integrations. This ensures that all autonomous changes respect organizational policies and IaC governance. Note: Guardrails as Code is currently available for Kubernetes workload optimization; support for VMs and Kubernetes nodes is coming soon.

How does Sedai prevent configuration drift when using autonomous optimization with Infrastructure as Code (IaC)?

Sedai addresses configuration drift with three mechanisms: (1) Guardrails as Code, which defines the allowed optimization ranges in Git; (2) Loopback Updates, which automatically open a pull request in your Git repo within 24 hours of every validated optimization to keep your IaC in sync; and (3) CI/CD Overwrite Protection, which uses Sedai Sync or the Live Sync Controller to prevent your deployment pipeline from reverting Sedai's changes. This ensures that your source of truth remains accurate and that all changes are auditable. Note: These mechanisms currently focus on Kubernetes workloads; support for additional resource types is planned.

What configuration parameters can be controlled with Guardrails as Code?

With Guardrails as Code, you can specify minimum and maximum bounds for configuration dimensions that Sedai can optimize, such as vCPU and memory for Kubernetes workloads. These guardrails are defined in simple, human-readable YAML files and can be set at the resource, group, or account level. Note: Currently, only vCPU and memory for Kubernetes workloads are supported; additional parameters and resource types will be added in future releases.

How does Sedai handle conflicting guardrails at different levels (resource, group, account)?

Sedai resolves conflicts using a clear precedence hierarchy: resource-level guardrails override group-level settings, which in turn override account-level defaults. This allows you to set broad policies while making exceptions for specific services or environments that require tighter or looser constraints. Note: This hierarchy applies to all guardrails managed through Guardrails as Code for Kubernetes workloads.

What integrations are required to use Guardrails as Code?

To use Guardrails as Code, you need to configure a Git integration in Sedai (Settings → Integrations) and enable the 'Manage guardrails using this integration' option. Sedai supports GitHub, GitLab, and Bitbucket Cloud for managing guardrails files. Once integrated, guardrails can be managed at the resource, group, or account level, and all changes are versioned and reviewed through your standard Git workflow. Note: Only these Git providers are currently supported for guardrails management.

How does Sedai ensure safety and compliance when making autonomous optimizations?

Sedai is designed with safety as a core principle. Before making any optimization, Sedai checks the defined guardrails in your Git repository to ensure all actions stay within approved boundaries. It also features continuous health verification, automatic rollbacks, and incremental changes for real-time validation. Additionally, Sedai is SOC 2 certified, demonstrating adherence to stringent security and compliance standards. Note: While Sedai's safety mechanisms are robust, detailed limitations are not publicly documented; ask sales for specifics regarding your environment.

What are the main benefits of using Guardrails as Code with Sedai?

Guardrails as Code enables teams to safely adopt autonomous optimization by codifying policy boundaries in Git, ensuring that all changes are versioned, reviewed, and compliant with organizational standards. It helps prevent configuration drift, supports granular policy enforcement (resource, group, account), and integrates with existing CI/CD workflows. This approach allows for continuous optimization without sacrificing governance or auditability. Note: Currently, this feature is limited to Kubernetes workload optimization; support for other resource types is planned.

How quickly can Guardrails as Code be implemented in an existing Sedai environment?

Guardrails as Code can be enabled as soon as a Git integration is configured in Sedai. The setup process is straightforward: connect your GitHub, GitLab, or Bitbucket Cloud account, enable guardrails management, and define your policy files. Sedai will automatically propose initial guardrail values based on observed utilization patterns, and all changes go through your normal review process. Initial onboarding for Sedai typically takes about 15 minutes; configuring Guardrails as Code adds minimal overhead. Note: Implementation time may vary based on environment complexity.

What technical documentation is available for setting up Guardrails as Code?

Sedai provides detailed technical documentation, including a Getting Started Guide and Kubernetes Optimization Guide, which cover onboarding, integration setup, and best practices for Guardrails as Code. These resources are available at https://docs.sedai.io/get-started and on the Sedai resources page. Note: Documentation is updated regularly; check the official site for the latest guidance.

Who should use Guardrails as Code, and what problems does it solve?

Guardrails as Code is designed for engineering teams practicing Infrastructure as Code (IaC) who want to adopt autonomous optimization without losing governance or auditability. It solves problems such as configuration drift, lack of policy enforcement, and the risk of unsafe changes by ensuring all optimizations stay within approved boundaries and are tracked in Git. This is especially valuable for organizations with compliance requirements or complex multi-team environments. Note: Teams not using Kubernetes workloads or Git-based IaC may not benefit from this feature until broader support is released.

What are the limitations of Guardrails as Code?

Currently, Guardrails as Code is only available for Kubernetes workload optimization. Support for VM and Kubernetes node optimization guardrails is planned but not yet available. Only vCPU and memory can be controlled at this time, and only GitHub, GitLab, and Bitbucket Cloud are supported for guardrails management. For other environments or more granular controls, contact Sedai for roadmap details. Note: Detailed limitations are not publicly documented; ask sales for specifics.

Is Sedai SOC 2 certified?

Yes, Sedai is SOC 2 certified, demonstrating its commitment to high standards of security and compliance. This certification ensures that Sedai meets industry standards for data protection and governance. For more details, visit the Sedai Security page. Note: For environment-specific compliance questions, contact Sedai directly.

How is Sedai priced, and is there a free trial for Guardrails as Code?

Sedai uses a volume-based pricing model, charging based on the resources optimized (such as Kubernetes pods, ECS tasks, VMs, etc.). All costs are transparently outlined on the Sedai pricing page. Sedai offers a free tier and a 30-day free trial, allowing users to evaluate features like Guardrails as Code before committing. For Kubernetes environments, it is recommended to book a demo to discuss your needs and determine the best pricing structure. Note: Pricing details may change; refer to the official site for the latest information.

What support is available for teams implementing Guardrails as Code?

Sedai provides comprehensive technical documentation, onboarding guides, and customer support to assist with implementing Guardrails as Code. Teams can access resources at https://docs.sedai.io/get-started and schedule demos or support sessions via the Sedai website. Note: For complex environments or custom requirements, direct consultation with Sedai is recommended.

Guardrails as Code: IaC Governance for Autonomous Optimization

For engineering teams running a mature IaC practice, introducing autonomous optimization creates an inherent tension: any system that continuously adjusts infrastructure outside of Git creates drift — a gap between what's in your code and what's actually running.

Sedai's answer to that challenge is a set of three concrete integrations, and today we're announcing the latest: Guardrails as Code, now available for Kubernetes workload optimization.

Sedai’s IaC Story So Far

Sedai already offers two mechanisms for keeping your IaC in sync with our autonomous optimizations:

Loopback Updates open a pull request in your Git repo within 24 hours of every validated optimization, so your IaC reflects what's actually running.
CI/CD Overwrite Protection is achieved via Sedai Sync for release-based pipelines, or the Live Sync Controller for GitOps environments like Argo CD and Flux. This feature prevents your deployment pipeline from reverting Sedai's changes.

Together, these handle the after: what happens once Sedai has acted. But there's a before side too, and that's what we’ve addressed with Guardrails as Code.

If your team is constantly rewriting rules to keep up with workload changes, there is a better way. Book a demo to see what autonomous cloud management looks like in production.

Our Solution: Codifying Ranges, Not Fixed Values

Guardrails as Code is the best way to optimize cloud infrastructure at scale, while still maintaining a source of truth.

Today, resource configuration values — CPU limits, memory requests, replica counts — are almost universally expressed as fixed numbers in IaC. A single value, committed to code, treated as a stable fact about a service. This made sense when infrastructure was static and changes were expensive. It makes less sense in a world where workloads are dynamic, cloud resources are elastic, and optimization systems can act autonomously and continuously.

A better model is already embodied in Kubernetes pod autoscaler configuration: HPAs and VPAs don't require a fixed replica count or a fixed memory value. Instead, we specify ranges — minimums and maximums — and offload the details to an intelligent system (Kubernetes) to operate within those bounds in real time.

This practice is standard, trusted, and pragmatic within the dynamic context of Kubernetes. As autonomous optimization becomes the new normal in the world of infrastructure management, we must embrace the same solution for the values that we are entrusting to autonomous systems, like CPU and memory allocation. As autonomous systems adjust configurations on the fly to reduce costs and protect performance, static values quickly become stale. As in the case of pod autoscalers, IaC in the context of autonomous optimization should define the envelope of acceptable behavior. An optimization system like Sedai should find the best value within that envelope, continuously, based on real signals. Guardrails as Code is how we are attempting to live up to this new reality.

Introducing Guardrails as Code

Guardrails as Code lets you define the boundaries within which Sedai is allowed to operate — directly in your Git repository, as versioned YAML files, reviewed and merged like any other configuration change.

Think of it as a policy layer that lives in code. Before Sedai makes any optimization decision, it checks the applicable guardrails and constrains its option space accordingly. You might specify that a particular service should never run with fewer than 8 vCPU or more than 32 vCPU. You might set memory limits for a latency-sensitive service that can't tolerate aggressive downsizing. You might define account-wide defaults that apply unless overridden at the group or resource level.

A guardrails file looks like this:

If a guardrails file doesn't exist yet for a resource, Sedai will automatically create one via pull request with a proposed set of initial values (so you're not starting from a blank page) and the file still goes through your normal review process before taking effect.

Guardrails can be configured at three levels of granularity:

Resource level — for services with specific requirements Sedai can't infer from signals alone (specialized hardware, contractual SLAs, etc.)
Group level — apply consistent policies across a cluster, namespace, or tag-based group of resources
Account level — set defaults that apply across everything, and override where needed with resource-level and group-level guardrails

A note on scope: Today, Guardrails as Code is available for Kubernetes workload optimization. Support for optimization of VMs and Kubernetes nodes is coming soon.

Ready to govern autonomous optimization with confidence?

Book a Sedai demo to enforce policy-driven guardrails, automate cloud optimization, and maintain operational control.

How the Three Mechanisms Work Together

Each mechanism addresses a distinct moment in the lifecycle of an autonomous optimization event:

Guardrails as Code. Before Sedai acts, it evaluates optimization opportunities against the ranges your team has defined in Git, bounding the decision space from the start.
Loopback Updates. Once a change is validated, Sedai opens a PR in your repo to bring your IaC in sync.
CI/CD Overwrite Protection. If your pipeline fires in the window between Sedai's change and that PR being merged, Sedai catches and corrects it.

Throughout all of this, Sedai is doing what it's designed to do: continuously analyzing your workloads, executing changes safely, and learning from the results.

With all three integrations in place, the full lifecycle looks like this:

A Deeper Look: Using Guardrails as Code

Setting Up the Integration

Guardrails as Code requires a Git integration to be configured in Sedai (Settings → Integrations), with the Manage guardrails using this integration option enabled. Sedai supports GitHub, GitLab, and Bitbucket Cloud.

Once the integration is active, you can enable guardrails management for your resources. This can be done at the resource level, group level, or account level from the Sedai UI. The actual guardrail values themselves live in Git from that point forward.

Managing guardrails at the resource level

Scope and Precedence

When multiple levels of guardrails apply to the same resource, Sedai resolves conflicts using a precedence hierarchy: resource-level settings override group-level settings, which in turn override account-level defaults. This gives you the flexibility to set sensible defaults broadly while carving out exceptions for individual services or environments that need tighter or looser constraints.

The Guardrails File

The guardrails YAML format is intentionally simple and human-readable. It specifies the resource name, region, and min/max bounds for the configuration dimensions Sedai can optimize — currently vCPU and memory for Kubernetes workload optimization.

When Sedai proposes initial guardrail values, it bases them on observed utilization patterns — so the proposed ranges are grounded in real data, not arbitrary defaults.

Autonomous systems that operate within code-defined guardrails earn engineering team trust by making their boundaries explicit and auditable — not opaque. Book a demo to see how Sedai implements guardrails-as-code in your environment.

Get Started

Guardrails as Code is available now for Kubernetes workload optimization. If you're already a Sedai customer, you can enable it from Settings → Integrations. If you're new to Sedai, we'll explain how the full IaC integration story applies to your environment when you book a demo.

Support for Kubernetes and VM node optimization guardrails is coming soon. Stay tuned.

Frequently Asked Questions

Product Information: Guardrails as Code & IaC Governance