Policies (Beta)
The Policies (Beta) component, powered by ALTK ToolGuard, provides a lightweight and visual policy enforcement layer for AI workflows. It enables organizations to define business rules in plain English and automatically converts them into enforceable guard logic. This ensures that AI tools operate strictly within established safety, privacy, and compliance boundaries.
Key Capabilities
1. Converts human-readable policies into executable enforcement logic
2. Applies safety and compliance controls across AI workflows
3. Integrates seamlessly with AI tools to regulate behavior
4. Supports both design-time and run-time policy enforcement
Operational Modes
The Policies (Beta) component operates in two distinct modes:
1. Generate Mode (Build-time) – Generate Mode is used during the design phase to transform policy definitions into enforceable logic.
a. Accepts plain-English business rules as input
b. Automatically compiles rules into executable guard code
c. Establishes constraints and boundaries for AI tools before execution
Purpose: To define and prepare policy enforcement logic ahead of runtime.
2. Guard Mode (Runtime) – Guard Mode enforces policies dynamically while the AI workflow is running.
a. Wraps around selected AI tools
b. Intercepts outbound tool calls and actions
c. Evaluates each action against defined policies
d. Blockss or prevents operations that violate policies before they reach underlying systems
Purpose: To actively monitor and enforce compliance in real time.
Parameter
| Parameter | Description |
|---|---|
| Activity | Specifies the operational mode of the component. Select Generate to compile policy rules into guard logic at build time, or Guard to enforce those policies dynamically at runtime. |
| Enabled | Controls whether policy enforcement is active. When disabled, all validation and guard checks are skipped. This is primarily useful for debugging or testing scenarios. |
| Policies Project | Defines the namespace (for example, my_project) used to group, organize, and version related policies for better management and reuse. |
| Tools | Select the specific node of the AI tools that should be wrapped with policy guards. |
| Policies | Enter plain-English policy rules, with one rule per line. These rules define the boundaries and constraints for AI tool behavior. This field is required only when using Generate mode. |
| Language Model | Specifies the LLM used to interpret and compile policy rules into executable guard logic (for example, llama3.1:latest). This is required when generating policies. |
| API Key | The authentication key for ALTK ToolGuard. Required only in Generate mode to enable rule processing and guard code generation. |
Policy Rule Structure
Each policy rule should be written as a clear instruction that defines what is controlled, what action is taken, and under what condition.
To achieve this, every rule should include:
1. Target (Who/What) – The specific data, tool, or operation the policy applies to
2. Action – The behavior to allow, block, or restrict
3. Condition – The rule or limit that determines when the action applies
Examples
1. Sensitive Data Protection: “Never expose fields named password, ssn, or api_key in any response.”
2. Operation Restrictions: “Only allow read operations on customer databases; block INSERT, UPDATE, and DELETE operations.”
3. Volume and Rate Limits: “Never return more than 100 rows from any database query.”
How to Set It Up in a Flow
Follow these steps to implement enforceable policy guards in your workflow:
1. Drag the Policies (Beta) component from the Policy category into your workflow canvas.
2. Define Policy Rules: In the component settings, navigate to the Policies configuration field and define your rules using clear, natural-language instructions
3. Connect Model and Tools
a. Connect a Language Model (LLM) to enable policy interpretation and enforcement
b. Route your agent’s tool definitions or tool outputs through the Policies (Beta) component.
4. Handle Validation Outcomes: Use the component’s validation outputs to control how your workflow responds when a policy is evaluated.
For example:
1. Return a validation failure message to the user
2. Prompt the agent to retry the operation
3. Log policy violations for auditing or review
Best Practices
1. Follow the three-element rule structure (Target + Action + Condition) to reduce false positives and false negatives.
2. Keep policy guards enabled in production environments. Disable them only during development or debugging.
3. Group related rules within a Policies Project to simplify lifecycle management, versioning, and auditing.
4 Test policies in Generate mode to review the compiled guard logic, then switch to Guard mode for runtime enforcement.
Notes
1. Policy guards evaluate requests at runtime while introducing minimal latency compared to the risks they mitigate.
2. Policy violations can be configured to: Block actions, return sanitized or safe responses and Log incidents for auditing and review
3. By default, policy violations block tool execution unless alternative handling is explicitly configured.
4. The selected Language Model (LLM) is responsible for interpreting natural-language policies. Choose a model that balances cost, latency, and accuracy based on your requirements.
