Skip to main content
The policy author’s view of an AgentAction. The clean interface for writing real application policy.

Definition

PolicyContext is not the same thing as raw action data. It is what the policy author sees. The runtime has a large internal record: trace IDs, capability metadata, tenant metadata, workflow state, risk scores, and side effect metadata. The policy author should not have to navigate all of that directly. PolicyContext is the clean, stable interface that makes policy feel like natural application code.

Raw Fields

  • action: the full AgentAction record
  • args: bound input arguments for the call
  • output: the function’s return value, only available in after_capability policies
  • runtime_metadata: metadata passed from the runtime to the policy engine

Convenience Properties

Methods

Read an input argument by name.
Check whether the capability requires a given scope name. This is a name-match check against capability metadata, not a full agent grant check.

Common Policy Patterns

What PolicyContext Does Not Have

PolicyContext surfaces a curated interface. It does not expose the full runtime internals. This is intentional: policy authors should not need to know about framework-specific metadata, internal trace systems, or deployment details. If you need additional context for your policies, use capability.metadata or action.metadata to pass custom data through. Future versions will add principal_has_scope(), tenant_has_feature(), has_grant(), and require_metadata().