Agent policy

An agent policy is the structured config defining what an LLM agent can do (tools + permissions + cost cap + escalation rules) — the production-deployable artifact that lets non-engineers configure agent behavior safely.

Engineers know agents need tool ACL + cost cap + escalation rules; non-engineers shouldn't have to edit code to update them. Agent policies formalize this as structured config: YAML / JSON / dashboard form with allowed tools, permission tiers (auto-approve vs ask), cost caps per session / per day / per task, escalation rules (after N failures, page a human), audit settings (log all tool calls, retain N days). Tools: Claude Code's settings.json + claude.md, Cursor's rules + allowlist, Anthropic agent platforms, OpenAI Assistant config, MCP server scopes. Production unlocks: SRE can tune agent guardrails without code change, security can audit + approve policy edits in PRs.

When to use agent policy

• Production agents deployed to non-engineers.
• Multi-tenant agent platforms.

Common mistakes

• Storing policy in code only — non-engineers can't update without dev cycle.
• No policy validation — bad YAML silently breaks the agent.

FAQ

Related terms

• Tool permission — Tool permission is the agent-platform mechanism for granting / denying specific tool calls (read this file, run this command, hit this API) — required guardrail for any production agent with non-trivial side effects in 2026.
• Tool allowlist — A tool allowlist is the explicit set of commands / APIs / files an agent is allowed to use — deny-by-default permission policy preventing the agent from invoking surprise tools. Claude Code's settings.json, Cursor allowlist, MCP server scoping are 2026 implementations.
• Agent sandbox — An agent sandbox is the isolated execution environment where an LLM-driven agent runs code, browses, or controls a desktop — the safety boundary that contains prompt-injection blast radius.

Last updated: 2026-06-01. Raw markdown: https://promtable.com/glossary/agent-policy.md.