Policies
Constrain what an agent may do — guardrails, allowed models, blocked tools, and spend budgets.
Policies are the guardrails around an agent: which safety guards run, which models
and tools are allowed, and how much it may spend. Define them in
agent/policies/index.ts as a default-exported PolicyConfig.
// agent/policies/index.ts
export default {
inputGuards: ["pii-redaction"],
outputGuards: ["content-filtering"],
allowedModels: ["claude-sonnet-4-5", "gpt-4o"],
blockedTools: ["delete_account"],
budget: {
maxSpendPerSession: "5.00",
maxSpendPerDay: "100.00",
maxSpendPerMonth: "2000.00",
},
};PolicyConfig
interface PolicyConfig {
inputGuards?: string[]; // guards applied to inbound messages
outputGuards?: string[]; // guards applied to model output
allowedModels?: string[]; // allowlist of models the agent may use
blockedTools?: string[]; // tools that must never run
budget?: {
maxSpendPerSession?: string;
maxSpendPerDay?: string;
maxSpendPerMonth?: string;
};
}| Field | Purpose |
|---|---|
inputGuards | Safety guards run on input, e.g. "pii-redaction". |
outputGuards | Safety guards run on output, e.g. "content-filtering". |
allowedModels | If set, only these models may run. |
blockedTools | Tools that are always denied, even if defined. |
budget | Hard spend caps per session / day / month (USD strings). |
Enforcement
Guards and budgets are enforced by Cencori at run time — the same security and
spend controls that protect Cencori's gateway. The policy travels with the agent's
Cencori configuration; the security.policy field on
agent.ts (strict / standard / permissive) sets the basarcie that these
per-agent rules tighten.
Budgets are strings so you can express currency precisely ("5.00"). Pair a tight
maxSpendPerSession with requireApproval in sessions for
defense in depth on costly agents.