Agent Policy
A declarative policy language for controlling AI agent autonomy.
Agent Policy lets teams define guardrails that govern what an AI agent can do, when it needs human approval, and when it should be blocked entirely. Policies are written in YAML, version-controlled alongside code, and evaluated at runtime before every tool invocation.
How it works
- Write a policy – a YAML file that maps tools, execution modes, risk levels, and models to effects like
allow,deny,hitl, orfilter. - Load the policy into a
PolicyEnginein your runtime – available in Python, TypeScript, and Go. - Evaluate before every tool call – the engine returns a verdict (effect + channel + matched policy ID) that your runtime dispatches on.
apiVersion: agent-policy/v1
kind: PolicySet
metadata:
name: my-guardrails
defaults:
effect: hitl
policies:
- id: allow-readonly
priority: 10
condition:
tools: [view, grep, glob]
effect: allow
- id: deny-bg-infra
priority: 20
condition:
modes: [background]
tools: [bash, run, "mcp:github-*"]
effect: deny
from agent_policy_guard import PolicyEngine, EvalContext, load_policy_set
engine = PolicyEngine(load_policy_set("policy.yaml"))
action = engine.resolve(EvalContext(tool="bash", mode="background"))
# action == "deny"
Key features
- Extensible effects –
allow,deny,hitl,aitl,pitl,filter, or any custom string your runtime understands. - Context fallbacks – map execution modes to fallback modes so policies compose without duplication.
- Glob matching – use
*and?patterns in tool names, models, users, and MCP servers. - Priority ordering – lower number wins, first match returns. Predictable, auditable evaluation.
- Three SDKs – Python, TypeScript, and Go with identical semantics. Write policies once, evaluate anywhere.
- JSON Schema – validate policies in CI before they reach production.
Agent Policy is under active development. The library is not yet published to any package registry (PyPI, npm, or Go modules). Install from source via
git clonefor now. See Getting Started for details.