Policy & Governance

In an autonomous system, trust is good, but control is better. The Policy Engine ensures that agents operate within strict, pre-defined boundaries set by the engineering team.

Policy-as-Code

Policies are defined in YAML (and optionally Rego for complex logic) and enforced at runtime. The Policy Engine intercepts every tool call and validates it against the active policy set.

Use Cases

No Direct Push: Agents can commit code but cannot push to main without human approval.
Secret Safety: Agents provide write-only access to secrets; they cannot read them back (preventing leakage).
Scope Limits: Agents can only access files in src/ and tests/.

CLI Commands

bash

# List active policies
pilot policy list

# Validate a policy file for syntax errors
pilot policy validate my-policy.yaml

# Test a policy against a context
pilot policy test my-policy.yaml --action file_write --file /etc/passwd

Configuration

Policies are stored in ~/.pilot/policies/.

yaml

policy:
  id: protect-main
  description: Prevent direct pushes to main branch

rules:
  - action: git.push
    condition: args.branch == "main"
    effect: deny
    message: "Direct push to main is forbidden. Open a PR instead."

Policy & Governance ​

Policy-as-Code ​

Use Cases ​

CLI Commands ​

Configuration ​

Policy & Governance

Policy-as-Code

Use Cases

CLI Commands

Configuration