AutoPIL — Industry Policy Coverage

25 policies across consumer banking, fraud investigation, wealth management, risk & compliance, and operations — built for the strict data boundary requirements of retail and institutional finance.

SOX BSA/AML GLBA MiFID II Basel III

consumer_banking.yaml 4 roles

wealth.yaml 4 roles

risk_compliance.yaml 4 roles

operations.yaml 4 roles

All 16 agent roles

customer_service loan_underwriter fraud_analyst collections_agent wealth_advisor investment_analyst kyc_agent intake_agent compliance_officer credit_risk_analyst aml_investigator compliance_agent settlement_agent ops_support data_pipeline_agent risk_agent

policies/financial_services/consumer_banking.yaml

policies:
  # Loan underwriter — credit and collateral data; blocked from peer data and internal models
  - name: loan_underwriter_policy
    agent_role: loan_underwriter
    allowed_sources:
      - account_summaries
      - credit_scores
      - loan_history
      - property_valuations
      - income_verification
    denied_sources:
      - other_customer_data
      - internal_risk_models
      - executive_communications
    allowed_tasks:
      - credit_decision
      - collateral_check
      - risk_assessment
    denied_tasks:
      - account_freeze
      - fraud_flag
      - product_recommendation
    max_sensitivity: high

policies/financial_services/wealth.yaml

policies:
  # Wealth advisor — portfolio and market data; blocked from risk models and peer accounts
  - name: wealth_advisor_policy
    agent_role: wealth_advisor
    allowed_sources:
      - portfolio_summaries
      - market_data
      - client_risk_profiles
      - research_reports
    denied_sources:
      - other_client_portfolios
      - internal_risk_models
      - executive_communications
    allowed_tasks:
      - portfolio_review
      - rebalancing_recommendation
      - client_reporting
    denied_tasks:
      - trade_execution
      - account_opening
      - compliance_override
    max_sensitivity: high
    session_ttl_minutes: 240
    sensitivity_decay:
      - after_minutes: 60
        max_sensitivity: medium
      - after_minutes: 120
        max_sensitivity: low

policies/financial_services/risk_compliance.yaml

policies:
  # AML investigator — transaction and watchlist data; blocked from unrelated customer data
  - name: aml_investigator_policy
    agent_role: aml_investigator
    allowed_sources:
      - transaction_records
      - watchlist
      - kyc_records
      - suspicious_activity_reports
    denied_sources:
      - other_customer_data
      - internal_pricing_models
      - executive_communications
    allowed_tasks:
      - aml_investigation
      - sar_filing
      - entity_resolution
    denied_tasks:
      - account_freeze
      - credit_decision
      - product_recommendation
    max_sensitivity: critical
    session_ttl_minutes: 60
    sensitivity_decay:
      - after_minutes: 30
        max_sensitivity: high
      - after_minutes: 45
        max_sensitivity: medium

policies/financial_services/operations.yaml

policies:
  # Settlement agent — trade settlement data; blocked from client accounts and models
  - name: settlement_agent_policy
    agent_role: settlement_agent
    allowed_sources:
      - trade_records
      - settlement_instructions
      - counterparty_data
      - nostro_accounts
    denied_sources:
      - client_portfolios
      - internal_risk_models
      - executive_communications
    allowed_tasks:
      - settlement_confirmation
      - reconciliation
      - exception_flagging
    denied_tasks:
      - trade_execution
      - credit_decision
      - client_reporting
    max_sensitivity: high

17 policies across clinical operations, compliance & privacy, and revenue cycle — designed for the PHI access controls and audit trail requirements of HIPAA-covered entities.

HIPAA HITECH 21st Century Cures Act SOC 2

clinical_operations.yaml 4 roles

compliance_privacy.yaml 3 roles

revenue_cycle.yaml 4 roles

All 11 agent roles

clinical_summary_agent medication_review_agent care_gap_agent triage_agent hipaa_audit_agent consent_management_agent breach_detection_agent prior_auth_agent claims_coding_agent denial_management_agent patient_billing_agent

policies/healthcare/clinical_operations.yaml

policies:
  # Clinical summary agent — EHR and care gap data; blocked from billing and financial records
  - name: clinical_summary_agent_policy
    agent_role: clinical_summary_agent
    allowed_sources:
      - ehr_summaries
      - care_gap_data
      - lab_results
      - vital_signs
    denied_sources:
      - billing_records
      - insurance_data
      - audit_logs
    allowed_tasks:
      - clinical_summary
      - care_gap_identification
      - handoff_preparation
    denied_tasks:
      - billing_submission
      - prescription_write
      - hipaa_audit
    max_sensitivity: critical

policies/healthcare/compliance_privacy.yaml

policies:
  # HIPAA audit agent — read-only access to audit logs, access logs, and BAA records; no clinical content
  - name: hipaa_audit_agent_policy
    agent_role: hipaa_audit_agent
    allowed_sources:
      - audit_logs
      - access_logs
      - baa_records
      - policy_documents
    denied_sources:
      - ehr_summaries
      - imaging_reports
      - medication_history
      - billing_records
    allowed_tasks:
      - hipaa_audit
      - access_review
      - violation_flag
    denied_tasks:
      - diagnosis_entry
      - billing_submission
      - prescription_write
    max_sensitivity: critical

policies/healthcare/revenue_cycle.yaml

policies:
  # Prior auth agent — insurance and treatment plan data; blocked from audit logs and financial records
  - name: prior_auth_agent_policy
    agent_role: prior_auth_agent
    allowed_sources:
      - insurance_data
      - treatment_plans
      - clinical_guidelines
      - formulary_data
    denied_sources:
      - audit_logs
      - financial_ledgers
      - baa_records
    allowed_tasks:
      - prior_auth_submission
      - eligibility_check
      - denial_review
    denied_tasks:
      - prescription_write
      - hipaa_audit
      - diagnosis_entry
    max_sensitivity: high

9 policies across network operations, fraud assurance, and customer experience — covering the CPNI protections and network security requirements unique to telecommunications carriers.

CPNI FCC Part 64 GDPR ISO 27001

network_operations.yaml 3 roles

fraud_assurance.yaml 3 roles

customer_experience.yaml 3 roles

All 9 agent roles

network_fault_agent capacity_planning_agent change_management_agent subscription_fraud_agent revenue_assurance_agent wangiri_detection_agent cx_support_agent churn_prediction_agent provisioning_agent

policies/telecom/network_operations.yaml

policies:
  # Network fault agent — topology and alarm data; blocked from CDR and billing data
  - name: network_fault_agent_policy
    agent_role: network_fault_agent
    allowed_sources:
      - network_topology
      - alarm_feeds
      - performance_metrics
      - change_records
    denied_sources:
      - cdr_data
      - billing_data
      - customer_profiles
    allowed_tasks:
      - fault_detection
      - root_cause_analysis
      - ticket_creation
    denied_tasks:
      - billing_adjustment
      - account_suspension
      - plan_recommendation
    max_sensitivity: high

policies/telecom/fraud_assurance.yaml

policies:
  # Subscription fraud agent — activation data and device fingerprints; no network topology
  - name: subscription_fraud_agent_policy
    agent_role: subscription_fraud_agent
    allowed_sources:
      - activation_data
      - device_fingerprints
      - credit_checks
      - watchlist
    denied_sources:
      - network_topology
      - cdr_data
      - internal_pricing_models
      - billing_data
    allowed_tasks:
      - fraud_flag
      - account_suspension
      - case_escalation
    denied_tasks:
      - billing_adjustment
      - credit_decision
      - plan_recommendation
    max_sensitivity: high

policies/telecom/customer_experience.yaml

policies:
  # CX support agent — account and service data; blocked from network topology and CDR
  - name: cx_support_agent_policy
    agent_role: cx_support_agent
    allowed_sources:
      - customer_profiles
      - service_orders
      - billing_summaries
      - interaction_history
    denied_sources:
      - network_topology
      - cdr_data
      - internal_pricing_models
    allowed_tasks:
      - account_inquiry
      - plan_recommendation
      - ticket_creation
    denied_tasks:
      - account_suspension
      - fraud_flag
      - network_change
    max_sensitivity: medium

9 policies across supply chain, fleet operations, and customs compliance — addressing the cross-border data sovereignty and trade compliance requirements of global logistics operators.

C-TPAT AEO GDPR FMCSA ELD Mandate

supply_chain.yaml 3 roles

fleet_operations.yaml 3 roles

customs_compliance.yaml 3 roles

All 9 agent roles

demand_forecast_agent procurement_agent inventory_reconciliation_agent route_optimization_agent driver_compliance_agent maintenance_scheduling_agent trade_compliance_agent sanctions_screening_agent import_export_agent

policies/logistics/supply_chain.yaml

policies:
  # Demand forecast agent — sales and inventory data; blocked from carrier contracts and driver records
  - name: demand_forecast_agent_policy
    agent_role: demand_forecast_agent
    allowed_sources:
      - sales_history
      - inventory_levels
      - market_signals
      - supplier_lead_times
    denied_sources:
      - carrier_contracts
      - driver_records
      - financial_ledgers
    allowed_tasks:
      - demand_forecasting
      - replenishment_planning
      - supplier_recommendation
    denied_tasks:
      - purchase_order_creation
      - carrier_booking
      - sanctions_screening
    max_sensitivity: medium

policies/logistics/fleet_operations.yaml

policies:
  # Route optimization agent — GPS and order data; blocked from financial ledgers and customs records
  - name: route_optimization_agent_policy
    agent_role: route_optimization_agent
    allowed_sources:
      - gps_telemetry
      - delivery_orders
      - traffic_data
      - fuel_prices
    denied_sources:
      - financial_ledgers
      - customs_declarations
      - carrier_contracts
    allowed_tasks:
      - route_optimization
      - eta_calculation
      - load_planning
    denied_tasks:
      - purchase_order_creation
      - sanctions_screening
      - carrier_booking
    max_sensitivity: medium

policies/logistics/customs_compliance.yaml

policies:
  # Sanctions screening agent — shipper/consignee data and watchlists; no internal pricing or contracts
  - name: sanctions_screening_agent_policy
    agent_role: sanctions_screening_agent
    allowed_sources:
      - shipper_consignee_data
      - watchlist
      - customs_declarations
    denied_sources:
      - financial_ledgers
      - carrier_contracts
      - internal_pricing_models
      - driver_records
    allowed_tasks:
      - sanctions_screening
      - entity_resolution
      - case_escalation
    denied_tasks:
      - carrier_booking
      - purchase_order_creation
      - route_optimization
    max_sensitivity: critical

10 policies across underwriting, claims management, and fraud & compliance — designed for the strict data segregation requirements of P&C, life, and specialty carriers operating under state DOI and Solvency II frameworks.

NAIC Model Laws Solvency II IFRS 17 GDPR State DOI

underwriting.yaml 4 roles

claims_management.yaml 3 roles

fraud_compliance.yaml 3 roles

All 10 agent roles

underwriting_analyst risk_assessor actuarial_agent pricing_agent claims_adjuster claims_investigator subrogation_agent fraud_detection_agent compliance_officer audit_trail_agent

policies/insurance/underwriting.yaml

policies:
  # Underwriting analyst — risk profile and applicant data; blocked from claims history and competitor pricing
  - name: underwriting_analyst_policy
    agent_role: underwriting_analyst
    allowed_sources:
      - risk_profile_data
      - applicant_records
      - actuarial_tables
      - property_valuations
      - credit_reports
    denied_sources:
      - claims_history
      - competitor_pricing
      - internal_risk_models
    allowed_tasks:
      - risk_assessment
      - policy_quoting
      - eligibility_determination
    denied_tasks:
      - claims_settlement
      - fraud_investigation
    max_sensitivity: high

policies/insurance/claims_management.yaml

policies:
  # Claims adjuster — policy records and damage assessments; blocked from actuarial models and underwriting files
  - name: claims_adjuster_policy
    agent_role: claims_adjuster
    allowed_sources:
      - policy_records
      - claims_data
      - damage_assessments
      - medical_records
      - repair_estimates
    denied_sources:
      - actuarial_models
      - underwriting_files
      - internal_risk_models
    allowed_tasks:
      - coverage_verification
      - damage_estimation
      - settlement_offer
    denied_tasks:
      - fraud_investigation
      - policy_quoting
      - reserve_calculation
    max_sensitivity: high

policies/insurance/fraud_compliance.yaml

policies:
  # Compliance officer — regulatory filings and audit logs; no individual claims or adjuster notes
  - name: compliance_officer_policy
    agent_role: compliance_officer
    allowed_sources:
      - audit_logs
      - regulatory_filings
      - policy_records
      - training_records
      - market_conduct_data
    denied_sources:
      - claims_adjuster_notes
      - individual_claims_data
      - medical_records
    allowed_tasks:
      - compliance_review
      - regulatory_reporting
      - policy_attestation
      - exam_response
    denied_tasks:
      - claims_settlement
      - fraud_investigation
    max_sensitivity: critical

10 policies across merchandising, customer experience, and loss prevention — governing the data boundaries between personalization, pricing, and shrinkage detection in omnichannel retail environments.

PCI DSS CCPA GDPR FTC Act

merchandising.yaml 4 roles

customer_experience.yaml 3 roles

loss_prevention.yaml 3 roles

All 10 agent roles

inventory_planning_agent pricing_analyst category_manager supplier_negotiation_agent personalization_agent loyalty_agent returns_agent shrinkage_detection_agent lp_fraud_analyst incident_investigation_agent

policies/retail/merchandising.yaml

policies:
  # Pricing analyst — cost and market data; blocked from individual customer profiles and payment records
  - name: pricing_analyst_policy
    agent_role: pricing_analyst
    allowed_sources:
      - cost_data
      - competitor_pricing
      - market_benchmarks
      - margin_reports
    denied_sources:
      - individual_customer_profiles
      - payment_records
      - legal_contracts
    allowed_tasks:
      - price_recommendation
      - margin_analysis
      - competitive_benchmarking
    denied_tasks:
      - customer_targeting
      - payment_processing
    max_sensitivity: medium

policies/retail/customer_experience.yaml

policies:
  # Personalization agent — behavioral and loyalty data; blocked from payment records and raw PII
  - name: personalization_agent_policy
    agent_role: personalization_agent
    allowed_sources:
      - purchase_history
      - browsing_behavior
      - loyalty_data
      - product_catalog
    denied_sources:
      - payment_records
      - raw_pii
      - other_customer_data
    allowed_tasks:
      - product_recommendation
      - offer_personalization
      - next_best_action
    denied_tasks:
      - payment_processing
      - customer_data_export
    max_sensitivity: medium

policies/retail/loss_prevention.yaml

policies:
  # Shrinkage detection agent — inventory and exception data; blocked from customer PII and payment records
  - name: shrinkage_detection_agent_policy
    agent_role: shrinkage_detection_agent
    allowed_sources:
      - inventory_deltas
      - video_analytics_metadata
      - pos_exception_data
    denied_sources:
      - customer_pii
      - payment_records
      - employee_records
    allowed_tasks:
      - shrinkage_detection
      - exception_flagging
      - anomaly_reporting
    denied_tasks:
      - customer_targeting
      - payment_processing
    max_sensitivity: medium

10 policies across grid operations, trading compliance, and field safety — enforcing the NERC CIP-mandated boundary between operational technology and energy markets, and isolating field safety workflows from trading data.

NERC CIP FERC Order 2222 ISO 50001 OSHA PSM

grid_operations.yaml 4 roles

trading_compliance.yaml 3 roles

field_safety.yaml 3 roles

All 10 agent roles

grid_monitoring_agent demand_response_agent outage_management_agent capacity_planning_agent energy_trading_agent market_surveillance_agent regulatory_reporting_agent work_order_agent safety_inspection_agent environmental_monitoring_agent

policies/energy/grid_operations.yaml

policies:
  # Grid monitoring agent — SCADA feeds and alarm data; blocked from trading positions and customer PII
  - name: grid_monitoring_agent_policy
    agent_role: grid_monitoring_agent
    allowed_sources:
      - scada_feeds
      - alarm_feeds
      - grid_topology
      - sensor_telemetry
    denied_sources:
      - trading_positions
      - customer_pii
      - financial_reports
    allowed_tasks:
      - grid_monitoring
      - alarm_triage
      - fault_detection
    denied_tasks:
      - scada_control_commands
      - trading_execution
    max_sensitivity: high

policies/energy/trading_compliance.yaml

policies:
  # Energy trading agent — market prices and position data; blocked from operational grid state (NERC CIP boundary)
  - name: energy_trading_agent_policy
    agent_role: energy_trading_agent
    allowed_sources:
      - market_prices
      - position_data
      - forward_curves
      - settlement_data
    denied_sources:
      - scada_feeds
      - operational_grid_state
      - customer_pii
    allowed_tasks:
      - trade_execution
      - position_management
      - hedging_analysis
    denied_tasks:
      - scada_control_commands
      - grid_operations
    max_sensitivity: critical

policies/energy/field_safety.yaml

policies:
  # Environmental monitoring agent — emissions and sensor data; blocked from trading positions and customer PII
  - name: environmental_monitoring_agent_policy
    agent_role: environmental_monitoring_agent
    allowed_sources:
      - emissions_data
      - sensor_telemetry
      - regulatory_filings
      - environmental_permits
    denied_sources:
      - trading_positions
      - customer_pii
      - financial_reports
    allowed_tasks:
      - emissions_monitoring
      - compliance_reporting
      - permit_tracking
    denied_tasks:
      - trading_execution
      - scada_control_commands
    max_sensitivity: medium

10 policies across quality control, supply chain operations, and safety compliance — separating defect detection and SPC data from procurement financials, and isolating OSHA incident records from production and customer data.

ISO 9001 OSHA 1910 EPA Title V ITAR

quality_control.yaml 4 roles

supply_chain_ops.yaml 3 roles

safety_compliance.yaml 3 roles

All 10 agent roles

defect_detection_agent spc_agent supplier_quality_agent calibration_agent procurement_agent production_planning_agent inventory_reconciliation_agent incident_reporting_agent mfg_safety_inspection_agent environmental_compliance_agent

policies/manufacturing/quality_control.yaml

policies:
  # Defect detection agent — sensor and vision data; blocked from supplier contracts and financials
  - name: defect_detection_agent_policy
    agent_role: defect_detection_agent
    allowed_sources:
      - sensor_data
      - vision_system_outputs
      - spc_charts
      - product_specs
    denied_sources:
      - supplier_contracts
      - financial_ledgers
      - customer_data
    allowed_tasks:
      - defect_detection
      - quality_flagging
      - root_cause_initiation
    denied_tasks:
      - purchase_order_creation
      - pricing_decision
    max_sensitivity: medium

policies/manufacturing/supply_chain_ops.yaml

policies:
  # Procurement agent — supplier and inventory data; blocked from quality inspection records and customer data
  - name: procurement_agent_policy
    agent_role: procurement_agent
    allowed_sources:
      - supplier_catalogs
      - purchase_orders
      - inventory_levels
      - cost_data
    denied_sources:
      - quality_inspection_records
      - safety_reports
      - customer_data
    allowed_tasks:
      - purchase_order_creation
      - supplier_selection
      - cost_benchmarking
    denied_tasks:
      - quality_disposition
      - safety_incident_reporting
    max_sensitivity: medium

policies/manufacturing/safety_compliance.yaml

policies:
  # Incident reporting agent — OSHA forms and near-miss logs; blocked from financials and customer data
  - name: incident_reporting_agent_policy
    agent_role: incident_reporting_agent
    allowed_sources:
      - incident_reports
      - near_miss_logs
      - osha_forms
      - corrective_action_records
    denied_sources:
      - financial_ledgers
      - customer_data
      - production_financials
    allowed_tasks:
      - incident_documentation
      - osha_filing
      - root_cause_analysis
    denied_tasks:
      - purchase_order_creation
      - quality_disposition
    max_sensitivity: high

10 policies across property management, transactions, and valuation compliance — enforcing Fair Housing Act data boundaries in tenant screening, maintaining appraiser independence from lender instructions, and separating escrow custody from listing data.

RESPA Fair Housing Act FIRPTA State Licensing

property_management.yaml 3 roles

transactions.yaml 4 roles

valuation_compliance.yaml 3 roles

All 10 agent roles

lease_management_agent maintenance_dispatch_agent tenant_screening_agent transaction_coordinator_agent title_search_agent escrow_agent disclosure_agent appraisal_agent market_analysis_agent re_compliance_reporting_agent

policies/real_estate/property_management.yaml

policies:
  # Tenant screening agent — credit and rental history; blocked from protected class data (Fair Housing Act)
  - name: tenant_screening_agent_policy
    agent_role: tenant_screening_agent
    allowed_sources:
      - credit_reports
      - background_check_data
      - rental_history
      - income_verification
    denied_sources:
      - protected_class_data
      - medical_records
      - other_tenant_data
    allowed_tasks:
      - credit_check
      - background_screening
      - eligibility_determination
    denied_tasks:
      - lease_amendment
      - legal_action_initiation
    max_sensitivity: high

policies/real_estate/transactions.yaml

policies:
  # Escrow agent — escrow records and closing docs; blocked from appraisal models and listing data
  - name: escrow_agent_policy
    agent_role: escrow_agent
    allowed_sources:
      - escrow_records
      - closing_docs
      - purchase_agreements
      - transaction_funds
    denied_sources:
      - appraisal_models
      - listing_data
      - tenant_records
    allowed_tasks:
      - escrow_management
      - fund_disbursement
      - closing_statement_prep
    denied_tasks:
      - appraisal_review
      - loan_origination
    max_sensitivity: critical

policies/real_estate/valuation_compliance.yaml

policies:
  # Appraisal agent — comparable sales and property records; blocked from borrower financials and lender instructions
  - name: appraisal_agent_policy
    agent_role: appraisal_agent
    allowed_sources:
      - comparable_sales
      - property_records
      - market_data
      - inspection_reports
    denied_sources:
      - borrower_financials
      - lender_instructions
      - tenant_records
    allowed_tasks:
      - property_valuation
      - comparable_analysis
      - appraisal_report_prep
    denied_tasks:
      - loan_origination
      - tenant_screening
    max_sensitivity: medium

10 policies across dispensing, clinical review, and regulatory compliance — enforcing DEA schedule boundaries, separating formulary management from individual Rx history, and ensuring pharmacovigilance agents cannot access billing or insurance data.

DEA 21 CFR HIPAA USP 795/797 FDA State Board

dispensing.yaml 4 roles

clinical_review.yaml 3 roles

regulatory_compliance.yaml 3 roles

All 10 agent roles

prescription_verification_agent drug_interaction_agent pharmacy_inventory_agent patient_counseling_agent medication_therapy_agent prior_auth_agent formulary_agent controlled_substance_agent adverse_event_reporting_agent pharmacy_audit_trail_agent

policies/pharmacy/dispensing.yaml

policies:
  # Prescription verification agent — Rx data and patient allergies; blocked from billing records and formulary pricing
  - name: prescription_verification_agent_policy
    agent_role: prescription_verification_agent
    allowed_sources:
      - prescription_records
      - patient_allergies
      - drug_database
      - prescriber_registry
    denied_sources:
      - billing_records
      - formulary_pricing
      - insurance_contracts
    allowed_tasks:
      - prescription_verification
      - allergy_check
      - dispense_authorization
    denied_tasks:
      - billing_submission
      - prescription_write
    max_sensitivity: high

policies/pharmacy/clinical_review.yaml

policies:
  # Formulary agent — formulary tiers and PBM data; blocked from individual patient records and billing
  - name: formulary_agent_policy
    agent_role: formulary_agent
    allowed_sources:
      - formulary_data
      - pbm_contracts
      - clinical_guidelines
      - drug_database
    denied_sources:
      - individual_patient_records
      - prescription_history
      - billing_records
    allowed_tasks:
      - formulary_review
      - tier_assignment
      - therapeutic_substitution
    denied_tasks:
      - billing_submission
      - prescription_write
    max_sensitivity: medium

policies/pharmacy/regulatory_compliance.yaml

policies:
  # Controlled substance agent — DEA schedules and dispensing logs; blocked from patient demographics beyond minimum necessary
  - name: controlled_substance_agent_policy
    agent_role: controlled_substance_agent
    allowed_sources:
      - dea_schedules
      - dispensing_logs
      - prescription_records
      - controlled_substance_registry
    denied_sources:
      - patient_demographics
      - clinical_notes
      - billing_records
    allowed_tasks:
      - controlled_substance_monitoring
      - dea_reporting
      - diversion_detection
    denied_tasks:
      - billing_submission
      - patient_counseling
    max_sensitivity: critical

10 policies across citizen services, records management, and procurement compliance — enforcing Privacy Act inter-agency data boundaries, blocking FOIA agents from classified and deliberative records, and isolating source selection data from vendor screening workflows.

FedRAMP FISMA FOIA ADA / Section 508 FAR / DFARS

citizen_services.yaml 4 roles

records_management.yaml 3 roles

procurement_compliance.yaml 3 roles

All 10 agent roles

benefits_eligibility_agent case_worker_agent permit_processing_agent benefits_disbursement_agent foia_response_agent records_retention_agent public_disclosure_agent contract_review_agent vendor_screening_agent procurement_audit_agent

policies/public_sector/citizen_services.yaml

policies:
  # Benefits eligibility agent — income and asset verification; blocked from unrelated agency records (Privacy Act)
  - name: benefits_eligibility_agent_policy
    agent_role: benefits_eligibility_agent
    allowed_sources:
      - income_records
      - asset_verification
      - program_eligibility_data
      - application_records
    denied_sources:
      - unrelated_agency_records
      - law_enforcement_data
      - classified_data
    allowed_tasks:
      - eligibility_determination
      - benefit_calculation
      - application_review
    denied_tasks:
      - benefit_disbursement
      - law_enforcement_referral
    max_sensitivity: high

policies/public_sector/records_management.yaml

policies:
  # FOIA response agent — public records and redaction guidelines; blocked from law enforcement sensitive and classified data
  - name: foia_response_agent_policy
    agent_role: foia_response_agent
    allowed_sources:
      - public_records
      - foia_requests
      - redaction_guidelines
      - disclosure_logs
    denied_sources:
      - law_enforcement_sensitive
      - classified_data
      - draft_deliberative_docs
    allowed_tasks:
      - foia_review
      - redaction_application
      - response_preparation
    denied_tasks:
      - benefit_disbursement
      - classified_access
    max_sensitivity: high

policies/public_sector/procurement_compliance.yaml

policies:
  # Vendor screening agent — SAM.gov exclusions and past performance; blocked from source selection sensitive and classified data
  - name: vendor_screening_agent_policy
    agent_role: vendor_screening_agent
    allowed_sources:
      - sam_gov_exclusions
      - past_performance_records
      - financial_statements
      - vendor_registry
    denied_sources:
      - source_selection_sensitive
      - classified_data
      - competitor_bid_data
    allowed_tasks:
      - vendor_eligibility_check
      - exclusion_screening
      - past_performance_review
    denied_tasks:
      - source_selection_decision
      - contract_award
    max_sensitivity: high

5 policies across SaaS platforms — governing AI agents that access code repositories, customer data, telemetry, and internal infrastructure. Enforces least-privilege access across engineering, support, security, and sales engineering roles.

SOC 2 Type II GDPR CCPA ISO 27001 NIST CSF

saas_platform.yaml 5 roles

All 5 agent roles

software_engineer support_agent security_analyst data_analyst sales_engineer

policies/technology/saas_platform.yaml

policies:
  # Software engineer — code and docs access; blocked from customer PII and billing data
  - name: software_engineer_policy
    agent_role: software_engineer
    allowed_sources:
      - code_repositories
      - ci_cd_logs
      - internal_docs
      - staging_environment
    denied_sources:
      - customer_pii
      - billing_records
      - production_credentials
    allowed_tasks:
      - code_review
      - test_execution
      - deployment_staging
    denied_tasks:
      - production_deployment
      - customer_data_export
    max_sensitivity: high

135 policies across 12 industries

One path.
All policies loaded.

Start with your industry.
Extend from there.

135 policies across 12 industries

One path.All policies loaded.

Start with your industry.Extend from there.

One path.
All policies loaded.

Start with your industry.
Extend from there.