Skip to main content
Scope and guardrails tell MindFort what it is authorized to test and which actions require extra care. Configure them before starting assessments or Agents.

What Scope Controls

Use scope configuration to define:
  • primary domains and application URLs
  • additional allowed domains or routes that are part of the same target
  • in-scope systems agents should include
  • out-of-scope systems agents should exclude
  • important tenant, workspace, account, or environment values
  • authentication context and credential role boundaries
Keep the target scope as specific as possible. A precise scope gives agents stronger context and reduces noisy exploration.

Common Scope Patterns

Guardrail Types

MindFort agents use guardrails to keep testing inside approved boundaries:
  • Rate Limiting controls agent request pacing with Auto, Aggressive, Reduced, and Extreme Stealth modes.
  • Scope stores Include and Exclude entries for domains, IPs, CIDRs, routes, or other testing boundaries.
  • Rules store additional constraints for agent behavior.
  • Custom Values store target-specific context agents should know while testing.

Configure Scope

  1. Open Target Inventory.
  2. Select the target.
  3. Open the Guardrails tab.
  4. Set Rate Limiting if the default automatic pacing is not appropriate.
  5. Add Include entries for systems that agents should test.
  6. Add Exclude entries for systems that agents must avoid.
  7. Add Rules for behavior constraints such as avoiding destructive actions.
  8. Add Custom Values for context such as tenant_slug, workspace_id, organization_id, or environment.
  9. Save changes before starting an assessment or Agent.
The Scope modal supports bulk entry for Include and Exclude items. Add one domain, IP, CIDR, route, or other scoped item per line.

Examples

Tenant-Aware SaaS App

Multi-Domain Login Flow

Before Launch

Confirm:
  • the target is verified
  • stored credentials are dedicated test accounts
  • login instructions include every redirect and required intermediate step
  • include and exclude entries are current
  • behavior rules cover sensitive workflows
  • WAF allowlisting is complete if your infrastructure filters automated traffic
For authentication setup, see Authentication & Credentials. For firewall setup, see WAF Whitelisting.