Skip to main content

Policy Configuration

Create policies with scope: workflow to control step execution in the Workflow Control Plane.

Block Specific Models

{
  "name": "block-gpt4-in-workflows",
  "scope": "workflow",
  "conditions": {
    "step_type": "llm_call",
    "model": "gpt-4"
  },
  "action": "block",
  "reason": "GPT-4 not allowed in production workflows"
}

Require Approval for Deployments

{
  "name": "require-approval-for-deploy",
  "scope": "workflow",
  "conditions": {
    "step_type": "connector_call",
    "step_name": "deploy"
  },
  "action": "require_approval",
  "reason": "Deployment steps require human approval"
}

Block PII in Step Inputs

{
  "name": "block-pii-in-workflow-inputs",
  "scope": "workflow",
  "conditions": {
    "step_input.contains_pii": true
  },
  "action": "block",
  "reason": "PII detected in workflow step input"
}

Tool-Specific Policies

With Per-Tool Governance, you can write policies that target specific tools within a workflow:

{
  "name": "block-code-executor",
  "scope": "workflow",
  "conditions": {
    "tool_name": "code_executor"
  },
  "action": "block",
  "reason": "Code execution not allowed in production"
}

{
  "name": "block-dangerous-sql",
  "scope": "workflow",
  "conditions": {
    "tool_name": "sql_query",
    "tool_input.query": { "contains": "DROP TABLE" }
  },
  "action": "block",
  "reason": "Destructive SQL operations blocked"
}

Block Specific Models
Require Approval for Deployments
Block PII in Step Inputs
Tool-Specific Policies