Skip to main content
Define allow/deny rules so agents cannot run dangerous tools — attach a PolicyEngine before the agent starts.
The user requests a risky action; policy rules allow or deny tools before execution.

Quick Start

1

Simple Usage

Block delete tools on a file-management agent:
2

With Configuration

Use strict mode and custom deny lists:
3

Denial in action

Attach a deny policy and watch the tool call get blocked before it runs:
Policy denials return an error to the model before the tool executes — the same pre-dispatch check applies to native and MCP tools alike. Guardrails run at this same hook: GuardrailChain.validate_tool_call / LLMGuardrail.validate_tool_call can veto a tool call before dispatch (see the Guardrails card below).

How It Works

Pattern examples: tool:read_file, tool:delete_*, tool:*.

Configuration Options


Best Practices

Set agent.policy = engine immediately after creating the agent.
Use create_read_only_policy() before writing custom rules.
Prefer tool:delete_* over tool:* deny rules so read tools keep working.
PolicyConfig(strict_mode=True) blocks unknown tool names by default.

Guardrails

Validate agent output before returning to users

Approval

Require human confirmation for sensitive actions