Rules

What it does

• Checks every agent action against an active policy before execution
• Enforces spend limits: blocks payments that exceed per-action or per-day thresholds
• Enforces quiet hours: prevents actions outside of configured time windows
• Controls domain access: restricts external calls to an explicit allowlist
• Blocks action types that aren't permitted for the current agent role
• Logs every block with reason, timestamp, and action details

Configuration

Rules is configured in natural language or structured policy files. You can express things like "no payments over $50", "only contact domains on this list", or "nothing after 11pm". The policy is evaluated at runtime before any skill executes.

Policies can be scoped to specific agent roles, action types, or time windows. Changes take effect immediately. No restart or redeploy required.

Why before, not after

Post-hoc policy checking tells you something went wrong after the damage is done. Pre-execution enforcement means the action simply doesn't happen if it's out of scope. For agents with financial or communication authority, this distinction matters.