Governance Policies
Governance Policies are the core rules that define how TheWARDN evaluates AI agent actions. Policies are implemented through the CHAM (Contextual Hierarchical Action Model) engine.
Overview
Every action submitted to the governance pipeline is evaluated against all active CHAM policies. Policies define conditions under which actions should be cleared, held, or blocked. You can create, edit, enable, disable, and delete policies from the console.
Policy List View
The main view displays all configured policies with:
- Name -- Human-readable policy name
- Type -- The policy type (see supported types below)
- Status -- Active or Inactive toggle
- Created -- When the policy was created
- Last Modified -- When the policy was last updated
Creating a Policy
Click Create Policy and provide:
- Name -- A descriptive name for the policy
- Type -- Select from the supported policy types
- Configuration -- JSON configuration specific to the policy type
- Active/Inactive -- Whether the policy should be immediately enforced
Editing and Deleting Policies
Click any policy to open its configuration editor. You can modify the configuration JSON, rename the policy, toggle its active status, or delete it entirely.
WARNING
Deleting a policy is permanent. Consider deactivating a policy instead if you may need it again. Deactivated policies remain in the system but are not evaluated during governance checks.
Supported Policy Types
confidence_floor
Sets a minimum confidence threshold. Actions with confidence below the floor are held or blocked.
{
"type": "confidence_floor",
"config": {
"floor": 0.85,
"action_on_fail": "HOLD"
}
}environment_restriction
Restricts actions based on the target environment (e.g., production vs. staging).
{
"type": "environment_restriction",
"config": {
"blocked_environments": ["production"],
"action_on_match": "BLOCK"
}
}action_type_block
Blocks specific action types entirely. Use this to prohibit dangerous operations.
{
"type": "action_type_block",
"config": {
"blocked_actions": ["delete_database", "drop_table", "modify_permissions"],
"action_on_match": "BLOCK"
}
}rate_limit
Limits the number of actions an agent can submit within a time window.
{
"type": "rate_limit",
"config": {
"max_actions": 60,
"window_seconds": 60,
"action_on_exceed": "HOLD"
}
}require_reasoning
Requires the agent to submit a reasoning explanation with every action. Actions without reasoning are held.
{
"type": "require_reasoning",
"config": {
"min_length": 20,
"action_on_missing": "HOLD"
}
}grant_lifecycle
Controls the lifecycle of action grants -- temporary permissions that allow agents to perform specific actions for a limited time.
{
"type": "grant_lifecycle",
"config": {
"max_duration_seconds": 3600,
"require_justification": true,
"auto_revoke": true
}
}Policy Evaluation Order
When an action is submitted, all active policies are evaluated. The most restrictive verdict wins:
- If any policy returns BLOCK, the action is blocked
- If any policy returns HOLD (and none return BLOCK), the action is held
- Only if all policies return CLEAR is the action cleared
TIP
Start with a small number of broad policies and refine over time. Use the Governance Lab to test policy changes before deploying them, and Governance Replay to understand how changes would affect historical decisions.
Related Features
- Compliance Packs -- Pre-built policy sets for common regulatory frameworks
- Tier Mapping -- Map action types to governance tiers
- Governance Lab -- Test policies in a sandbox