# Agent policy

**Source:** https://promtable.com/glossary/agent-policy

> An agent policy is the structured config defining what an LLM agent can do (tools + permissions + cost cap + escalation rules) — the production-deployable artifact that lets non-engineers configure agent behavior safely.

---
An agent policy is the structured config defining what an LLM agent can do (tools + permissions + cost cap + escalation rules) — the production-deployable artifact that lets non-engineers configure agent behavior safely.

Engineers know agents need tool ACL + cost cap + escalation rules; non-engineers shouldn't have to edit code to update them. Agent policies formalize this as structured config: YAML / JSON / dashboard form with allowed tools, permission tiers (auto-approve vs ask), cost caps per session / per day / per task, escalation rules (after N failures, page a human), audit settings (log all tool calls, retain N days). Tools: Claude Code's settings.json + claude.md, Cursor's rules + allowlist, Anthropic agent platforms, OpenAI Assistant config, MCP server scopes. Production unlocks: SRE can tune agent guardrails without code change, security can audit + approve policy edits in PRs.

## When to use

- Production agents deployed to non-engineers.
- Multi-tenant agent platforms.

## Common mistakes

- Storing policy in code only — non-engineers can't update without dev cycle.
- No policy validation — bad YAML silently breaks the agent.

## Related terms

- [tool-permission](https://promtable.com/glossary/tool-permission)
- [tool-allowlist](https://promtable.com/glossary/tool-allowlist)
- [agent-sandbox](https://promtable.com/glossary/agent-sandbox)

*Last updated: 2026-06-01*
---

Original page: https://promtable.com/glossary/agent-policy
Maintained by Promtable (https://promtable.com). Content: CC BY 4.0. Cite as "Promtable — https://promtable.com/glossary/agent-policy".
Contact: info@vibecodingturkey.com.