agentix.policy¶
policy ¶
Declarative agent policy.
None of this generalizes across applications — it depends entirely on what your agent can touch — so it lives here as plain config rather than baked into the loop. The loop reads it; it never hard-codes any of these values.
Tier ¶
Bases: Enum
Permission tier for a tool action (enforced by the guard subsystem).
AgentPolicy
dataclass
¶
AgentPolicy(
prohibited: set[str] = set(),
confirm_first: set[str] = set(),
default_deny: bool = False,
max_steps: int = 25,
max_tokens_budget: int = 200000,
max_budget_usd: float | None = None,
tool_timeout_s: float = 30.0,
network_allowlist: list[str] = list(),
pii_patterns: list[str] = (
lambda: [
"\\b\\d{3}-\\d{2}-\\d{4}\\b",
"\\b(?:\\d[ -]*?){13,16}\\b",
"[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+",
]
)(),
)
All policy in one place: resource budgets, tool tiers, and the inputs the security subsystem reads. Safe to construct with no arguments for an unrestricted toolkit run; tighten as needed.