Policy Engine

Learn how to create runtime policies that automatically apply to your decorated functions. No code changes needed - policies work seamlessly with decorators.

What are Policies?
Policies are rules that govern how your AI agents can behave at runtime.

The RunLog AI policy engine automatically evaluates every action in your decorated functions against configurable rules. Simply add a policies file to your decorator - no code changes needed.

Policies are evaluated in real-time with sub-10ms latency, ensuring your agents remain responsive while staying safe. Works seamlessly with the @runlog decorator.

Policy Types

Budget Controls
Prevent cost overruns with spending limits
max_cost_per_run: $1.00
PII Protection
Block processing of sensitive personal data
block_pii: true
Approval Workflows
Require human approval for high-risk actions
require_approval: financial_actions
Policy Configuration
Policies are defined using YAML configuration files
# Example policy configuration
policies:
  - id: budget_control
    name: "Daily Budget Limit"
    when:
      cost_today: { gt: 100.00 }
    action: deny
    message: "Daily budget exceeded"
    
  - id: pii_protection
    name: "PII Detection"
    when:
      tool: "database.query"
      args.query: { contains_pii: true }
    action: require_approval
    approvers: ["security-team"]
    
  - id: loop_detection
    name: "Infinite Loop Prevention"
    when:
      tool_calls_in_run: { gt: 50 }
    action: terminate
    message: "Possible infinite loop detected"
Policy Actions
What happens when a policy is triggered

deny
Block Action

Immediately prevent the action from executing and return an error to the agent.

require_approval
Human Approval

Pause execution and wait for human approval before proceeding.

modify
Modify Parameters

Change the parameters of the action before allowing it to proceed.

log
Log & Allow

Log the policy violation but allow the action to proceed normally.

Using Policies with Decorators
The simplest way to apply policies to your agent functions
# 1. Create your policy file: agent_policies.yaml
policies:
  - id: cost_control
    when: { cost: { gt: 1.00 } }
    action: deny
    
  - id: sensitive_data
    when: { input: { contains_pii: true } }
    action: require_approval

# 2. Add policies to your decorator - that's it!
@runlog(service="my-agent", policies="./agent_policies.yaml")
def process_user_request(user_input: str):
    # Your code stays the same
    # Policies are automatically enforced
    return handle_request(user_input)
Best Practices
Tips for effective policy management
  • Start with permissive policies and gradually tighten based on observed behavior
  • Use descriptive policy names and messages to help with debugging
  • Test policy changes using deterministic replay before deploying to production
  • Monitor policy violation rates and adjust thresholds as needed
  • Use approval workflows for high-risk actions rather than blanket denials
  • Regularly review and update policies as your agents evolve