Policy & Guardrails

Define governance boundaries for your agents. Set connector permissions, approval gates, and risk thresholds that keep high-risk actions safe without slowing down execution.

What are policies?

Policies are rules that govern how agents can interact with your infrastructure. Each policy declares:

  • Blast radius — which connectors an agent can call
  • Action types — what the agent can do (read, write, modify)
  • Risk thresholds — when to require human approval
  • Approval gates — who reviews before execution

Policy enforcement

Policies are evaluated at runtime. When an agent attempts an action:

# Agent: triage_crowdstrike_01 # Action: close 3 ServiceNow tickets # Risk score: 78 (exceeds threshold of 50) # Policy decision: REQUIRE_APPROVAL → Action blocked until human approval received → Approval window: 15 minutes (configurable) → Denial logs to audit trail with reason

If the action passes policy checks, it executes immediately with full audit trail. No additional latency.

How approval gates work

High-risk actions trigger approval requests. Your team reviews in Arx and makes a decision:

  • Approve — action executes immediately
  • Deny — agent receives rejection with reason
  • Escalate — route to higher authority or on-call

Every decision is logged with full context: who approved, when, why, and what changed.

Simulation mode

Before shipping agents to production, test policies against historical data. Simulation mode:

  • Replays 30 days of agent invocations
  • Applies proposed policies without executing actions
  • Shows which actions would have been blocked or approved
  • Identifies edge cases before they reach production

Refine policies based on simulation results, then deploy with confidence.

Policy templates

Arx includes starter templates for common governance patterns:

Read-only

Agent can query data from any connector. No write actions allowed. Useful for discovery and enrichment agents.

Scoped write

Agent can write only to specific connectors (e.g., ServiceNow only). All writes require approval. Common for incident response.

Express approval

Low-risk actions execute immediately. High-risk actions require single approval. Balances speed and safety.

Dual control

All write actions require approval from two different people. Required for regulated environments (banking, healthcare).

Guardrails language

Policies are defined in a simple, human-readable format:

agent: triage_crowdstrike_01 description: "Enriches detections with context, opens incidents" connectors: - crowdstrike: [detections.read] - okta: [users.read] - wiz: [findings.read] - servicenow: [incidents.create, change_requests.create] approval_gates: - action: "servicenow.change_requests.create" risk_threshold: 50 approval_required: true approvers: [soar-team, ciso]

No code changes needed. Policies live alongside agents in your source control with full version history.