PolicyGuard

Create or update a security policy for agent governance.

Policies define rules that control what agents can do. Each policy contains conditions and actions (allow/deny/require_approval).

Args: policy_id: Unique identifier for the policy (e.g., "prod-db-access") name: Human-readable name (e.g., "Production Database Access Control") description: Description of what this policy controls rules: JSON array of rule objects. Each rule has: - condition: Object with matching criteria - tool_pattern: Glob pattern for tool names (e.g., "database_*") - action_type: Type of action (e.g., "tool_call") - trust_level_at_least: Minimum trust level required - trust_level_below: Trigger if trust below this level - action: "allow", "deny", or "require_approval" - message: Message to show when rule matches priority: Higher priority policies are evaluated first (default: 100) enabled: Whether the policy is active (default: true)

Returns: JSON string with creation result: - success: Whether creation succeeded - policy_id: The policy's ID - message: Status message

Example: create_policy( policy_id="prevent-deletions", name="Prevent Dangerous Deletions", description="Block delete operations for non-admin agents", rules='[{"condition": {"tool_pattern": "delete_*", "trust_level_below": "admin"}, "action": "deny", "message": "Delete operations require admin access"}]' )