Documentation / examples

Policy Pattern Examples

Learn how to write effective security policies for your agents. From simple allow-lists to complex human-in-the-loop workflows.

Trust-but-Verify

Allow safe read operations, but require approval for any destructive file modifications.

json

{
  "rules": [
    { "tool": "file.read.*", "action": "ALLOW" },
    { "tool": "file.write.*", "action": "APPROVE" },
    { "tool": "file.delete", "action": "DENY" }
  ]
}

Hard-Blocked API

Ensures that the agent can never access internal billing or user management systems via tool calling.

json

{
  "rules": [
    { "tool": "internal.api.*", "action": "DENY" },
    { "tool": "aws.billing.get", "action": "DENY" }
  ]
}

Common Use Cases

E-commerce Support

Allow checking order status, but require approval for processing refunds over $50.

json

{
  "rules": [
    { "tool": "orders.get", "action": "ALLOW" },
    { "tool": "orders.refund", "condition": "args.amount > 50", "action": "APPROVE" },
    { "tool": "orders.refund", "action": "ALLOW" }
  ]
}

DevOps Automation

Allow listing resources and logs, but hard-block any infrastructure deletion commands.

json

{
  "rules": [
    { "tool": "k8s.get.*", "action": "ALLOW" },
    { "tool": "k8s.logs", "action": "ALLOW" },
    { "tool": "k8s.delete.*", "action": "DENY" }
  ]
}

← CrewAI Open Dashboard