The guardrail lifecycle
Every AI coding task goes through three phases with Sparkle.1. Context before generation
Guardrails are only useful if they match your codebase. Sparkle builds context from:- Repo structure — frameworks, languages, module boundaries, existing patterns
- Security expectations — standards like OWASP and PCI-DSS, plus your organization’s policies
- Architecture — how services communicate, where auth lives, which layers own what
- Work context — tickets and task descriptions, when connected
2. Guardrails during generation
When you give your agent a coding task, Sparkle intercepts the moment before planning:- Sparkle identifies the target repository from your workspace and its git remote.
- The agent calls the Sparkle MCP
get_guardrailstool with the task and repo context. - Sparkle returns the guardrails that apply to this repo, this organization, and this task.
- The guardrails are injected into the agent’s context before it writes any code.
3. Verification after generation
After the agent finishes, Sparkle checks whether the generated or changed code follows the expected rules. The agent also reports which guardrails it applied in a Sparkle Guardrails Applied summary at the end of its response:Visibility and governance
Guardrails only work if teams can see them working. Sparkle records:- Which guardrails were fetched and applied for each task
- Which repos are covered and which aren’t
- Where generated code deviated from expected rules
Where guardrails apply
| Surface | How guardrails are delivered |
|---|---|
| Cursor, Windsurf, VS Code | Sparkle Guardrails extension — applies on every AI prompt |
| Claude Code, Codex | Sparkle CLI — MCP server, hooks, and rules wired by sparkle setup |
| Any MCP-compatible agent | Sparkle MCP server with the get_guardrails tool |

