← All docs
Policy DSL
Plain JSON rules that gate agent actions inline. 11 operators. Sub-50ms decisions.
Anatomy of a policy
{
"name": "no-external-email",
"description": "Customer-support bot may never email outside the company.",
"match": {
"agent_name": "customer-support-bot",
"tool_name": "send_email"
},
"where": {
"metadata.recipient": {
"domain_not_in": ["company.com"]
}
},
"decision": "block",
"enabled": true
}match filters which actions this policy applies to. where evaluates per-field conditions. If both pass, decision is returned. Otherwise the policy doesn't fire.
Operators
| Operator | Meaning |
|---|---|
| equals | Exact match |
| not_equals | Anything but the value |
| in | Value is in the list |
| not_in | Value is not in the list |
| contains | Substring contains |
| not_contains | Substring does not contain |
| gt / lt | Numeric greater / less than |
| regex | JS-style regex match |
| domain_in | Email/URL domain in list |
| domain_not_in | Email/URL domain not in list |
Field paths
Use dot notation to walk into inputs, outputs, or metadata:
{ "metadata.recipient": { "domain_not_in": ["company.com"] } }
{ "inputs.amount": { "gt": 10000 } }
{ "outputs.error": { "contains": "PII" } }Example library
Block writes to production tables
{
"match": { "tool_name": "database_write" },
"where": { "metadata.table": { "in": ["users","payments","secrets"] } },
"decision": "block"
}Review any agent action over $1
{
"match": {},
"where": { "cost_usd": { "gt": 1 } },
"decision": "review"
}Block all model calls containing 'ignore previous instructions'
{
"match": { "action_type": "model_call" },
"where": { "inputs.messages": { "regex": "ignore (all )?previous instructions" } },
"decision": "block"
}