Policies
Policies are the core of Sequenceware. They define rules that match tool calls by any combination of fields and enforce actions automatically.
How policies work
When an agent makes a tool call, Sequenceware evaluates it against all enabled policies:
Tool call received → Match against all policies → Apply strictest action
Strictest-action-wins: when multiple policies match, the most restrictive action applies.
block > require_approval > warn > allow
Policy actions
| Action | Behavior | Use case |
|---|---|---|
allow | Tool call proceeds normally | Explicitly allow known-safe operations |
warn | Tool call proceeds, risk flagged in dashboard | Monitor without blocking |
block | Tool call is immediately rejected | Prevent dangerous operations |
require_approval | Tool call pauses until a human approves | Critical operations needing review |
Match conditions
Each policy has one or more match conditions. All conditions must match for the policy to trigger (AND logic).
Fields
You can match on any field in the tool call event:
| Field | Description | Example value |
|---|---|---|
toolName | Name of the tool being called | create_pull_request |
agentId | ID of the agent | claude-code-maria |
inputPayload.* | Any field in the tool's input | inputPayload.environment |
metadata.* | Any metadata field | metadata.branch |
actionHint | Semantic action hint | deploy, pr_merge |
Operators
| Operator | Description | Example |
|---|---|---|
equals | Exact match | toolName equals "deploy" |
not_equals | Not equal | agentId not_equals "admin-agent" |
contains | Substring match | toolName contains "delete" |
matches | Regex match | inputPayload.query matches "(DROP|TRUNCATE)" |
in | Value in list | inputPayload.environment in ["production", "prod"] |
not_in | Value not in list | agentId not_in ["trusted-agent"] |
exists | Field exists | inputPayload.password exists |
gt / lt / gte / lte | Numeric comparison | inputPayload.amount gt 1000 |
Default policies
Sequenceware ships with sensible defaults that are created on first boot:
| Policy | Matches | Action |
|---|---|---|
| Sensitive Files Gate | .env, credentials, secrets, .pem | require_approval |
| Deployment Gate | Deploy actions to production | require_approval |
| Destructive Script Block | rm -rf, DROP TABLE, destructive commands | block |
| Main Branch Protection | Direct pushes/merges to main/master | require_approval |
Creating policies
Via the dashboard
- Navigate to Policies > Create Policy
- Add match conditions
- Select the action
- Enable the policy
Via the API
curl -X POST http://localhost:3000/v1/policies \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Block prod database writes",
"description": "Prevent agents from writing to production databases",
"matchConditions": [
{ "field": "toolName", "operator": "equals", "value": "db_query" },
{ "field": "inputPayload.environment", "operator": "equals", "value": "production" },
{ "field": "inputPayload.operation", "operator": "in", "value": ["INSERT", "UPDATE", "DELETE"] }
],
"action": "block",
"enabled": true
}'
Via the SDK
await client.createPolicy({
name: 'Block prod database writes',
description: 'Prevent agents from writing to production databases',
matchConditions: [
{ field: 'toolName', operator: 'equals', value: 'db_query' },
{ field: 'inputPayload.environment', operator: 'equals', value: 'production' },
],
action: 'block',
enabled: true,
});
Policy simulation
Test policies before enabling them using the policy simulator:
curl -X POST http://localhost:3000/v1/policies/simulate \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"toolName": "deploy",
"inputPayload": {
"environment": "production",
"service": "api"
}
}'
The simulator returns which policies would match and what action would be taken — without affecting any real agent.
Rate limiting
Policies can include rate limits to control how frequently agents can use specific tools:
{
"name": "Rate limit API writes",
"matchConditions": [
{ "field": "toolName", "operator": "matches", "value": "(create_|update_|delete_)" }
],
"action": "block",
"rateLimit": {
"maxCalls": 50,
"windowMinutes": 60,
"scope": "per-agent"
}
}
Rate limit scopes:
per-agent— limit applies to each agent individuallyper-tool— limit applies to each tool across all agentsper-org— limit applies organization-wide
Policy versioning
Policies are automatically versioned. Every update increments the version number and preserves the previous state. This gives you a full history of how a policy evolved over time.
Each policy includes:
version— auto-incremented integer starting at 1updatedAt— timestamp of the last modification
View the full version history of any policy:
curl http://localhost:3000/v1/policies/pol_abc123/versions \
-H "Authorization: Bearer $TOKEN"
This is useful for:
- Auditing — understanding why a policy changed and who changed it
- Debugging — identifying when a policy change caused unexpected behavior
- Compliance — maintaining a record of governance rule evolution
Policy presets
Sequenceware includes preset policies grouped by category that you can enable with one click from the dashboard. View available presets at GET /v1/policy-presets.