Your First Policy

This guide walks you through creating your first CHAM governance policy in TheWARDN.

What is a CHAM Policy?

CHAM policies are the configurable rules that govern AI agent behavior. CHAM stands for:

• Configurable — defined as JSON, no code required
• Hot-swappable — activate or deactivate instantly
• Auditable — every evaluation is logged
• Measurable — track effectiveness via stats

Creating a Confidence Floor Policy

The most common first policy is a confidence floor — it ensures AI agents only execute actions when they meet minimum confidence thresholds.

Via the Console

1. Navigate to Governance Policies in the sidebar
2. Click + New Policy
3. Fill in:
   • Name: Production Confidence Floor
   • Type: confidence_floor
   • Active: Toggle ON
4. Set the configuration:

{
  "floors": {
    "incident": 0.80,
    "fix": 0.75,
    "containment": 0.85
  }
}

5. Click Save

Via the API

curl -X POST https://api.thewardn.ai/policies \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production Confidence Floor",
    "policy_type": "confidence_floor",
    "config": {
      "floors": {
        "incident": 0.80,
        "fix": 0.75,
        "containment": 0.85
      }
    },
    "active": true
  }'

How It Works

When an agent sends a governance request with confidence scores:

{
  "confidence": {
    "incident": 0.92,
    "fix": 0.70,
    "containment": 0.88
  }
}

Sentinel compares each score against the floor:

• incident: 0.92 >= 0.80 ✅
• fix: 0.70 < 0.75 ❌ Below floor!
• containment: 0.88 >= 0.85 ✅

Result: The action is HELD (B-tier) because fix confidence is below the floor.

Testing Your Policy

Before enforcing a new policy, test it safely:

Option 1: Governance Lab

1. Go to Governance Lab in the sidebar
2. Create a test action with specific confidence scores
3. Run it against your policies
4. See what verdict would be returned

Option 2: AUDIT_ONLY Mode

1. Go to Settings > Governance Mode
2. Switch to AUDIT_ONLY
3. Set an expiration (e.g., 24 hours)
4. All actions will be logged with what the verdict would have been, but agents won't actually be blocked

WARNING

Remember to switch back to ENFORCED mode when testing is complete, or set a short expiration timer.

Common Policy Types

Here are other policies you might want to create next:

Environment Restriction

Block agents from taking actions in production without explicit approval:

{
  "name": "Block Production Deploys",
  "policy_type": "environment_restriction",
  "config": {
    "blocked_environments": ["production"],
    "allowed_action_types": ["read_only", "data_query"]
  }
}

Action Type Block

Block specific high-risk action types:

{
  "name": "Block Data Deletion",
  "policy_type": "action_type_block",
  "config": {
    "blocked_actions": ["delete_data", "drop_table", "remove_user"]
  }
}

Require Reasoning

Force agents to provide reasoning for all actions:

{
  "name": "Require Reasoning",
  "policy_type": "require_reasoning",
  "config": {
    "min_length": 20,
    "required_for_tiers": ["B", "C"]
  }
}

Applying a Compliance Pack

For instant compliance coverage, apply a pre-built pack:

1. Navigate to Compliance Packs
2. Choose a pack (e.g., SOC 2)
3. Click Apply Pack
4. The pack creates 8-10 pre-configured CHAM policies instantly

See Compliance Packs for details on what each pack includes.

Next Steps

• CHAM Policy Reference — Deep dive into all policy types
• Tier Mapping — Map action types to governance tiers
• Compliance Packs — One-click regulatory compliance
• Governance Lab — Test policies before deploying