Policy System

Enterprise governance for AI agents through cryptographically-signed workspace policies.

What Are Policies?

A policy is a JSON document that defines what AI agents can and cannot do within a workspace. Policies are:

Cryptographically signed - Tamper-proof via Ed25519 signatures
Version controlled - Track changes over time
Machine-readable - Automated validation before deployment

Policy Documentation

Guide	Description
Syntax Guide	Policy JSON structure
Validator	Validate policies and agents

Policy Lifecycle

+---------------+    +---------------+    +---------------+
|    CREATE     |--->|    SIGN       |--->|   ACTIVATE    |
|               |    |               |    |               |
|  Define rules |    | Admin signs   |    | Apply to      |
|  in JSON      |    | with Ed25519  |    | workspace     |
+---------------+    +---------------+    +---------------+
        |                                      |
        +-------- VALIDATE AGENTS <------------+

Policy Structure

policy.json
{
  "policy_id": "policy_abc123",
  "workspace_id": "ws_xyz789",
  "version": "1",
  "status": "active",
  "content": {
    "agent": {
      "models": { ... },
      "capabilities": { ... }
    },
    "compliance": { ... }
  },
  "hash": "blake3_hash_of_content",
  "signature": "ed25519_signature",
  "signing_key_id": "key_..."
}

Key Features

Model Control

Restrict which LLM providers and models agents can use:

"models": {
  "allowed_providers": ["openai", "anthropic"],
  "allowed_models": ["gpt-4", "claude-3-opus-20240229"],
  "denied_models": ["gpt-3.5-turbo"]
}

Capability Control

Define which tools and capabilities agents can register:

"capabilities": {
  "allowed_tools": ["calculator", "web_search"],
  "denied_tools": ["file_write", "shell_exec"],
  "require_tool_approval": true
}

Compliance Frameworks

Enforce regulatory requirements:

"compliance": {
  "frameworks": ["soc2", "hipaa"],
  "require_audit_logging": true,
  "data_residency": "us"
}

CLI Commands

Command	Description
`sekuire policy pull`	Download workspace policy
`sekuire policy validate`	Verify policy integrity
`sekuire policy show`	Display policy summary

See CLI Policy for full documentation.

tip

Policies are validated when you push with --workspace. Non-compliant agents are blocked.

What Are Policies?​

Policy Documentation​

Policy Lifecycle​

Policy Structure​

Key Features​

Model Control​

Capability Control​

Compliance Frameworks​

CLI Commands​