Skip to content

agentix.policy

policy

Declarative agent policy.

None of this generalizes across applications — it depends entirely on what your agent can touch — so it lives here as plain config rather than baked into the loop. The loop reads it; it never hard-codes any of these values.

Tier

Bases: Enum

Permission tier for a tool action (enforced by the guard subsystem).

AgentPolicy dataclass

AgentPolicy(
    prohibited: set[str] = set(),
    confirm_first: set[str] = set(),
    default_deny: bool = False,
    max_steps: int = 25,
    max_tokens_budget: int = 200000,
    max_budget_usd: float | None = None,
    tool_timeout_s: float = 30.0,
    network_allowlist: list[str] = list(),
    pii_patterns: list[str] = (
        lambda: [
            "\\b\\d{3}-\\d{2}-\\d{4}\\b",
            "\\b(?:\\d[ -]*?){13,16}\\b",
            "[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+",
        ]
    )(),
)

All policy in one place: resource budgets, tool tiers, and the inputs the security subsystem reads. Safe to construct with no arguments for an unrestricted toolkit run; tighten as needed.