Policy Categories & Templates

Waxell ships with 26 policy categories and pre-built templates. Categories define what kind of governance you want. Templates provide ready-to-use configurations you can enable with one click.

Policy Categories

Every policy belongs to a category that determines how it's evaluated and what controls it exposes.

Operational Guardrails

Category	What it controls	Actions
Rate Limit	Request rates and concurrency limits per agent, user, or team	warn, throttle, block
Cost	Token and dollar budgets (per-run, daily, monthly)	warn, block
Scheduling	Allowed operation hours and days (e.g., business hours only)	warn, skip, block
Safety	Step limits, tool call limits, execution depth	warn, block
Kill Switch	Emergency stop based on error rates or anomaly thresholds	block
Audit	Audit logging behavior, retention periods, detail levels	allow
Operations	Timeouts, retry limits, concurrency settings	warn, block
Control	Webhook notifications, execution control, alerting	allow
LLM	Model allowlists/blocklists, provider restrictions	warn, block
Quality	Output quality thresholds, stability checks	warn, block
Content	Input/output scanning for PII, credentials, and injection patterns	warn, redact, block

Data & Security Boundaries

Category	What it controls	Actions
Data Access	Which data sources agents can read/write, record limits	warn, block
Network	Outbound domain allowlists/blocklists, protocol restrictions	warn, block
Scope	Blast radius limits -- max records modified, files changed, transaction amounts	warn, block
Code Execution	Allowed languages, paths, commands, sandbox requirements	warn, block
Input Validation	Inbound data schema validation, size limits, sanitization	warn, block

Cognitive Governance

Category	What it controls	Actions
Grounding	Source grounding requirements, citation minimums, abstention thresholds	warn, block
Retrieval	Vector/RAG quality governance -- relevance scores, source age, diversity	warn, block
Reasoning	Decision explainability, bias detection, logical consistency	warn, block

Agent Action Control

Category	What it controls	Actions
Approval	Human-in-the-loop gates for high-stakes actions, cost thresholds	block
Delegation	Multi-agent trust -- delegation depth, allowed delegates, policy inheritance	warn, block
Communication	Output channel governance -- allowed channels, recipient restrictions	warn, block

Trust, Privacy & Compliance

Category	What it controls	Actions
Privacy	Data minimization, retention policies, consent requirements, residency	warn, block
Identity	AI disclosure requirements, impersonation prevention	warn, block
Memory	Session isolation, cross-session memory, retention limits, forbidden types	warn, block
Compliance	Regulatory profile validation (HIPAA, SOC 2, PCI-DSS) -- verifies required policies are active	warn, block
Context Management	Conversation length, context window utilization, message count, session duration	warn, block

Policy Actions

When a policy evaluates, it returns one of these actions:

Action	Effect
`allow`	Execution proceeds normally
`warn`	Execution proceeds, warning recorded in trace
`redact`	Sensitive content masked with `##TYPE##` placeholders, execution proceeds
`throttle`	Execution delayed (rate-limited)
`block`	Execution stopped, `PolicyViolationError` raised
`skip`	Execution skipped silently (no error raised)
`retry`	Execution retried with backoff

Policies are evaluated in priority order. The first blocking result stops evaluation. Warnings and redactions accumulate across all matching policies.

Pre-Built Templates

Templates are ready-to-use policy configurations. Create a policy from a template in the dashboard or via the API -- no configuration needed for sensible defaults.

General Templates

These apply to all agents by default:

Template	Category	Default Configuration
Default Budget Policy	Cost	Daily token and cost limits with warn thresholds
Standard Rate Limit	Rate Limit	Requests per minute/hour per agent
Business Hours Only	Scheduling	Mon-Fri, 9am-5pm PT
Standard Safety Policy	Safety	max_steps: 100, max_tool_calls: 50
Error Rate Kill Switch	Kill Switch	20% error threshold over 5-minute window
Full Audit Logging	Audit	90-day retention, full detail
PII Protection	Content	Detects SSN, email, phone, credit card
Prompt Injection Guard	Content	Blocks "ignore previous instructions" patterns
Credential Leak Prevention	Content	Detects API keys, secrets, AWS keys, tokens
LLM Model Allowlist	LLM	Restrict to approved models only
Webhook Notifications	Control	Send events to your webhook URL
Standard Timeout	Operations	300-second execution timeout
Output Quality Check	Quality	Minimum quality thresholds

Data & Security Templates

Template	Category	Default Configuration
Read-Only Data Access	Data Access	All sources read-only, block writes
Restricted Data Access	Data Access	Block HR/payroll/financial sources by default
Internal Only Network	Network	Block external domains, internal only
Domain Allowlist	Network	Explicit list of approved external services
Read-Only Scope	Scope	Zero deletes, zero writes, require rollback
Limited Write Scope	Scope	Max 100 records, 10 files, $1000 transactions
Claude Code Sandbox	Code Execution	Sandbox required, block dangerous commands, restrict filesystem
Restricted Code Execution	Code Execution	Python only, workspace paths, 30s limit
Strict Input Validation	Input Validation	Schema required, 100KB max, reject empty, sanitize HTML
Permissive Input	Input Validation	Warn on large inputs, no schema required

Cognitive Governance Templates

Template	Category	Default Configuration
Strict Grounding	Grounding	Require sources, min 2 citations, block unsupported claims
RAG Grounding	Grounding	Source grounding required, factual consistency check
High-Quality RAG	Retrieval	Min 0.8 relevance, 90-day max age, source diversity
Strict Retrieval	Retrieval	Block on low relevance, allowlisted collections only
Explainable Decisions	Reasoning	Require explanations, alternatives considered, confidence scores
Fair Decision Making	Reasoning	Bias detection enabled, protected attributes, block on bias

Agent Action Templates

Template	Category	Default Configuration
High-Stakes Approval Gate	Approval	Require approval for financial, delete, and external comms
Cost Approval Gate	Approval	Require approval when estimated cost > $10
Strict Delegation	Delegation	Max depth 2, inherit policies, require approval
Open Delegation	Delegation	No depth limit, inherit policies, no approval needed
Internal Only Communications	Communication	Block email/Slack/SMS, allow internal API and DB only
Governed External Comms	Communication	Allow email to company domain, require disclaimer

Trust, Privacy & Compliance Templates

Template	Category	Default Configuration
GDPR Basics	Privacy	Require consent, 30-day PII retention, EU residency
Data Minimization	Privacy	Minimization enabled, purpose limitation, short retention
AI Disclosure Required	Identity	Require disclosure footer, prevent impersonation
Ephemeral Sessions	Memory	Session isolation, purge on completion, no cross-session memory
Governed Memory	Memory	Allow memory with retention limits and type restrictions
HIPAA Profile	Compliance	Requires audit, content, privacy, data-access with health settings
SOC 2 Profile	Compliance	Requires audit, safety, kill, operations with enterprise settings

Claude Code Templates

Purpose-built policies for teams using Claude Code with Waxell governance:

Template	Category	Default Configuration
Session Budget	Cost	Per-session token/cost limits
Daily Budget	Cost	Hard daily limit (blocks, not warns)
Model Restriction	LLM	Sonnet + Haiku only (no Opus)
Business Hours	Scheduling	Mon-Fri, 8am-8pm ET
Kill Switch	Kill Switch	Error rate + anomaly detection
Full Audit	Audit	SOC 2 / ISO 27001 compliant logging
Rate Limit	Rate Limit	Per-user request throttling
Secret Scanning	Content	API keys, credentials, PII in prompts
Webhook Notifications	Control	Real-time event streaming

Creating Policies from Templates

Via Dashboard

Navigate to Governance > Policies
Click New Policy
Select a template -- configuration is pre-filled
Adjust scope (which agents, users, or teams it applies to)
Enable

Via API

# List available templates
curl -H "Authorization: Bearer $TOKEN" \
  https://acme.waxell.dev/waxell/v1/policy-templates/

# List categories
curl -H "Authorization: Bearer $TOKEN" \
  https://acme.waxell.dev/waxell/v1/policy-categories/

Via Platform Assistant

Ask the assistant to create a policy:

"Create a rate limit policy for my support-bot agent, max 100 requests per hour"

The assistant renders an interactive policy card you can review and confirm before it's created. See Platform Assistant for details.

Policy Scoping

Every policy can be scoped to specific targets. Scopes are combined with AND logic -- a policy scoped to agent support-bot AND user group enterprise only applies to enterprise users running support-bot.

Scope	What it filters
`agents`	Agent names
`agent_ids`	Specific agent UUIDs
`users`	User IDs
`user_groups`	User group names
`teams`	Team names
`workflows`	Workflow names
`tools`	Tool names
`models`	LLM model names

Unscoped policies (no filters) apply globally to all executions.

Enforcement Points

Policies are checked at three points during execution:

Pre-execution -- Before the agent runs. Blocks prevent the run from starting.
Mid-execution -- During the run (if mid_execution_governance=True). Checked on each record_step() call.
Post-execution -- After the run completes. Records violations for analytics.

import waxell_observe as waxell

waxell.init()

@waxell.observe(
    agent_name="support-bot",
    enforce_policy=True,              # Pre-execution check
    mid_execution_governance=True,    # Mid-execution checks
)
async def handle_query(query: str) -> str:
    # Policies checked before this runs
    response = await call_llm(query)

    # Each step triggers a mid-execution policy check
    waxell.step("process", output={"status": "done"})

    return response

Next Steps

Governance -- Policy enforcement in your agent code
Recommendations -- Automated policy suggestions
Platform Assistant -- Create and manage policies via chat