PolicyEngine before the agent starts.
Quick Start
How It Works
| Component | Purpose |
|---|---|
PolicyRule | Wildcard resource patterns with ALLOW, DENY, ASK, or LOG |
PolicyEngine | Evaluates rules by priority; optional strict mode |
agent.policy | Attach the engine before start() |
tool:read_file, tool:delete_*, tool:*.
Configuration Options
| Option | Type | Default | Description |
|---|---|---|---|
strict_mode | bool | False | Deny operations not explicitly allowed |
action | PolicyAction | — | ALLOW, DENY, ASK, LOG, RATE_LIMIT |
resource | str | None | Glob pattern (e.g. tool:shell_*) |
priority | int | 0 | Higher priority rules evaluate first |
Best Practices
Attach policy before the first turn
Attach policy before the first turn
Set
agent.policy = engine immediately after creating the agent.Start with read-only presets
Start with read-only presets
Use
create_read_only_policy() before writing custom rules.Use wildcards sparingly
Use wildcards sparingly
Prefer
tool:delete_* over tool:* deny rules so read tools keep working.Enable strict mode in production
Enable strict mode in production
PolicyConfig(strict_mode=True) blocks unknown tool names by default.Related
Guardrails
Validate agent output before returning to users
Approval
Require human confirmation for sensitive actions

