Policy Packs

Policy Packs are sets of rules that agents must follow. They're defined at the identity level and can be attached to agents to ensure consistent behavior and compliance.

What are Policy Packs?

Policy Packs are:

Sets of rules: Brand style, safety, compliance, operational
Identity-level: Defined once for the entire identity
Attachable: Agents can use one or more policy packs
Enforceable: Rules can block, require approval, or warn

Think of policy packs as "guardrails" that keep agents on track.

How Policy Packs Work

1. Defined at Identity Level

Policy packs are created in Settings → Policy Packs:

One definition for the entire identity
Available to all agents in that identity
Centralized management of policies

2. Attached to Agents

Agents select which policy packs to use:

Choose packs: Which policies apply to this agent
Enforcement level: Block, require approval, or warn
Precedence: How to resolve conflicts

3. Enforced During Operation

When agents act:

Policies are checked: Rules are evaluated
Action is taken: Block, escalate, or allow
Violations are logged: For audit and review

Creating Policy Packs

Step 1: Go to Settings

Go to Settings → Policy Packs
Click "Add Policy Pack"
Fill in policy pack details

Step 2: Define Policy Pack

Name

Display name for the policy pack
Example: "Brand Style", "Safety Core", "Ops Caps"

Description

What this policy pack covers
Example: "Brand voice, tone, and style guidelines"

Category

Type of policy pack
Examples: Brand, Safety, Compliance, Operational

Step 3: Define Rules

Policy packs can include rules for:

Brand & Style

Tone bands: Professional, friendly, formal, casual
Signatures: Required email signatures
Formatting: How to format messages
Language: Preferred terminology

Safety & Compliance

Prohibited topics: What agents can't discuss
PII handling: How to handle personal information
Legal disclaimers: Required disclaimers
Compliance rules: Industry-specific rules

Operational Caps

Spending limits: Maximum amounts
Outbound rate limits: Messages per hour/day
Attachment rules: File size, type restrictions
API call limits: Rate limits for integrations

Data Governance

Retention: How long to keep data
Export rules: When data can be exported
Third-party sharing: Rules for sharing data
Privacy: Data privacy requirements

Escalation Policy

Who approves what: Approval requirements
When to escalate: Escalation triggers
Timeouts: How long to wait
Fallbacks: What to do if no response

Step 4: Set Enforcement

Enforcement Level

Block: Prevent action if policy violated
Require Approval: Escalate for review
Warn: Log violation but allow action

Scope

All agents: Apply to all agents by default
Specific agents: Apply to selected agents only
Agent-specific: Override per agent

Step 5: Save Policy Pack

Review configuration
Click "Save"
Policy pack is now available to agents

Using Policy Packs in Agents

Step 1: Attach Policy Packs

Go to Agent Config → Policies
Select policy packs to attach
Choose enforcement level
Set precedence rules

Step 2: Configure Enforcement

Attached Packs

Check which policy packs apply
Agent must follow all attached packs
Example: Brand Style + Safety Core

Enforcement Level

Block: Prevent action if violated
Require Approval: Escalate for review
Warn: Log but allow

Precedence

Identity overrides: Identity policies win
Most restrictive wins: Apply strictest rule
Choose based on your needs

Step 3: View Effective Policy

Effective Policy View

See what rules actually apply
Combines identity and agent policies
Shows enforcement level
Helps understand what agent must follow

Policy Pack Examples

Brand Style Pack

Purpose: Ensure consistent brand voice

Rules:

Tone: Professional, friendly
Signature: Required company signature
Formatting: Use company templates
Language: Use approved terminology

Enforcement: Block (must follow brand guidelines)

Safety Core Pack

Purpose: Prevent harmful or inappropriate content

Rules:

Prohibited topics: Legal advice, medical advice
PII handling: Never share personal information
Disclaimers: Required legal disclaimers
Safety: No harmful or offensive content

Enforcement: Block (safety is non-negotiable)

Ops Caps Pack

Purpose: Prevent overspending and abuse

Rules:

Spending: Max $100/day per agent
Rate limits: Max 100 emails/day
Attachments: Max 10MB, no executables
API calls: Max 1000/day

Enforcement: Require Approval (escalate if exceeded)

Policy Precedence

When multiple policies apply:

Identity Overrides

Identity-level policies override agent policies
Ensures identity-wide consistency
Example: Identity says "professional tone" → Agent can't use "casual"

Most Restrictive Wins

Apply the strictest rule
Ensures maximum safety
Example: One policy blocks, one warns → Block wins

Agent Overrides

Agent-specific policies can override identity (if allowed)
Gives flexibility for special cases
Example: One agent can use different tone for specific use case

Best Practices

Start with Core Policies

Create essential policy packs first
Brand style, safety, basic operational caps
Add more as needed
Don't over-complicate initially

Be Specific

Clear, specific rules work better
"No refunds over $100" not "be careful with refunds"
Easier for agents to follow
Easier to enforce

Review Regularly

Review policy violations
Update policies based on issues
Remove unnecessary policies
Keep policies current

Document Policies

Clear descriptions of what each policy does
Examples of allowed/blocked actions
Help team members understand
Useful for audits

Troubleshooting

Policies not being enforced?

Check agent has policy pack attached
Verify enforcement level is set
Review policy pack configuration
Check agent logs for violations

Too many violations?

Review policy rules (may be too strict)
Adjust enforcement level (warn instead of block)
Update policies to match actual needs
Provide feedback to agents

Policies conflicting?

Review precedence settings
Choose identity overrides or most restrictive
Resolve conflicts explicitly
Document resolution approach

Next Steps

Version: 1.0
Last Updated: November 2025