Policy Management
Create and manage governance policies. Define rules for PII handling, rate limiting, content filtering, and more.
Overview
Policies are the rules that govern how your AI agents operate. They define what actions are allowed, what content is filtered, and how violations are handled.
PII Policies
Control handling of personal data
Rate Limits
Set request and cost limits
Content Filters
Block harmful content
Custom Rules
Define custom policy logic
Policy Types
| Type | Description | Example Rule |
|---|---|---|
| pii_redaction | Automatically redact PII from outputs | Redact emails, SSNs, phone numbers |
| rate_limit | Limit request frequency | Max 100 requests per minute |
| content_filter | Block specific content types | Block code execution requests |
| jailbreak_detection | Detect prompt injection attacks | Block DAN-style prompts |
| tool_restriction | Limit tool access | Allow only read-only tools |
| hitl_required | Require human approval | Approve actions over $100 |
Create a Policy
Create policies via the Admin Console or programmatically:
python
from tork import TorkClient
client = TorkClient(api_key="your_key")
# Create a PII redaction policy
policy = client.policies.create(
name="Strict PII Redaction",
type="pii_redaction",
rules={
"redact_types": ["email", "phone", "ssn", "credit_card"],
"action": "redact", # or "block", "warn"
"log_violations": True
},
severity="high",
enabled=True
)
# Create a rate limit policy
policy = client.policies.create(
name="Production Rate Limit",
type="rate_limit",
rules={
"requests_per_minute": 100,
"requests_per_hour": 1000,
"tokens_per_day": 1000000,
"action": "throttle"
},
severity="medium",
enabled=True
)
# Create a HITL policy
policy = client.policies.create(
name="High-Value Actions",
type="hitl_required",
rules={
"conditions": [
{"field": "action.cost", "operator": ">", "value": 100},
{"field": "action.type", "operator": "in", "value": ["delete", "transfer"]}
],
"timeout_minutes": 30,
"fallback": "deny"
},
severity="critical",
enabled=True
)Visual Rule Builder
The Admin Console includes a visual rule builder for creating complex policies without writing code:
- Drag-and-drop conditions - Build rules visually
- Test policies - Validate rules against sample data
- Export as JSON - Export policies for version control
Policy Templates
Start with pre-built policy templates for common use cases like HIPAA compliance, SOC 2, and GDPR requirements.
Assign Policies to Agents
Policies can be assigned to individual agents or applied globally:
python
# Assign policy to specific agent
client.policies.assign(
policy_id="policy_123",
agent_id="agent_456"
)
# Apply policy globally (all agents)
client.policies.update(
policy_id="policy_123",
global_scope=True
)
# List policies for an agent
policies = client.policies.list(agent_id="agent_456")
for policy in policies:
print(f"{policy['name']}: {policy['type']}")Handling Violations
When a policy is violated, Tork can take different actions:
| Action | Description |
|---|---|
| log | Record violation, allow action to proceed |
| warn | Log and trigger alert, allow action |
| redact | Remove/mask sensitive content, allow action |
| block | Prevent action from executing |