Docs / Policies

Policies define the only legal execution paths.

Policies encode authority boundaries, approvals, budgets, and regulation. Every decision references explicit policy basis.

Docs Home Evidence Model Export Packs

Policy schema

Minimum fields required to enforce deterministic execution governance.

{
  "policy_id": "PB-042",
  "status": "ACTIVE",
  "scope": "write_files",
  "actors": {
    "allowed": ["first_party_agents"],
    "denied": ["external_runtimes"]
  },
  "approvals": {
    "required": 2,
    "dual_control": true
  },
  "budget": {
    "max_operations": 1000
  },
  "regulation": "SOX_RETENTION",
  "evidence": {
    "retention_days": 2555,
    "export": ["pdf", "json"]
  }
}

Core fields

Scope

Defines which intents this policy governs. Examples: `write_files`, `pay_vendor`, `send_email`.

Actors

Declares who may execute and who is prohibited. Scopes are useless without actor boundaries.

Approvals

Single approval, multi-party approval, or dual control for sensitive actions.

Budget

Hard caps that prevent runaway automation and cost exposure.

Policy lifecycle

Draft

Proposed policy exists but is not enforced.

Simulate

Policy evaluated in observe-only mode to measure impact.

Active

Policy is enforced. Decisions are deterministic and auditable.

Retired

Policy is no longer enforced but remains in the ledger.

Approval controls

Require explicit approvers for high-risk scopes

Separate “initiate” from “approve” for dual control

Record approver identity in evidence ledger

Budget enforcement

Operation limits

Cap execution attempts per time window. Enforced at decision time.

Cost ceilings

Require executive approval when spend thresholds are exceeded.