Skip to content
Execlave
Back to home

§ DOCUMENTATION

Policies & Security

Guard your AI agents with automated policy enforcement, kill switches, and access control.

§ 01

Instant setup

Copy this prompt into your AI coding assistant to provision all five baseline policies at once.

§ Copy prompt · paste into your AI coding assistant
Set up comprehensive security policies in Execlave to protect my AI agents. Here's what you need to do using the Execlave REST API: 1. Create a Prompt Injection Detection policy (blocks malicious prompts): curl -X POST https://api.execlave.com/api/v1/policies \  -H "X-API-Key: <my-api-key>" \  -H "Content-Type: application/json" \  -d '{    "name": "Block Prompt Injection",    "policyType": "injection_scan",    "enforcementMode": "block",    "ruleDefinition": { "patterns": ["ignore previous instructions", "system prompt"], "action": "block", "scan_input": true, "scan_output": true },    "appliesToAgents": [],    "isActive": true  }' 2. Create a PII Protection policy (detects and redacts personal information): curl -X POST https://api.execlave.com/api/v1/policies \  -H "X-API-Key: <my-api-key>" \  -H "Content-Type: application/json" \  -d '{    "name": "PII Protection",    "policyType": "pii_access",    "enforcementMode": "monitor",    "ruleDefinition": { "denied_pii_types": ["ssn", "credit_card"], "mask_output": true, "log_access": true },    "appliesToAgents": [],    "isActive": true  }' 3. Create a Cost Limit policy (prevents runaway spending): curl -X POST https://api.execlave.com/api/v1/policies \  -H "X-API-Key: <my-api-key>" \  -H "Content-Type: application/json" \  -d '{    "name": "Daily Cost Limit",    "policyType": "cost_limit",    "enforcementMode": "block",    "ruleDefinition": { "max_cost_per_execution": 5.0, "daily_budget": 50.0 },    "appliesToAgents": [],    "isActive": true  }' 4. Create a Monthly Budget Cap policy (enforces monthly spend limits): curl -X POST https://api.execlave.com/api/v1/policies \  -H "X-API-Key: <my-api-key>" \  -H "Content-Type: application/json" \  -d '{    "name": "Monthly Budget Cap",    "policyType": "budget_cap",    "enforcementMode": "block",    "ruleDefinition": { "monthly_cap_usd": 1000.0, "warning_threshold_pct": 80, "reset_day": 1 },    "appliesToAgents": [],    "isActive": true  }' 5. Set up pre-execution enforcement in your code. enforcePolicy() THROWS PolicyBlockedError when a block-mode policy fires — it does not return { allowed: false }. You must catch the error. // JavaScript/TypeScriptimport { ag } from './lib/execlave';import { AgentPausedError, PolicyBlockedError } from '@execlave/sdk'; async function handleMessage(input: string) {  try {    // Check policies BEFORE calling the LLM. Throws on block.    await ag.enforcePolicy({ agentId: 'my-chatbot', input });     const response = await llm.call(input);    return response;  } catch (err) {    if (err instanceof PolicyBlockedError) {      // err.violations: list of { policyType, policyName, severity, message, enforcementMode }      return 'Your input was blocked by our content policies.';    }    if (err instanceof AgentPausedError) {      return 'Service temporarily unavailable.';    }    throw err;  }} # Pythonfrom execlave import AgentPausedError, PolicyBlockedError def handle_message(user_input: str):    try:        ag.enforce_policy(agent_id="my-chatbot", input=user_input)        return llm.invoke(user_input)    except PolicyBlockedError:        return "Your input was blocked by our content policies."    except AgentPausedError:        return "Service temporarily unavailable." These policies apply to ALL agents by default (empty appliesToAgents array).To scope to specific agents, pass their UUIDs in the appliesToAgents array. IMPORTANT: tracing alone does NOT block LLM calls. Trace ingestion creates incidents post-hoc. To block requests before they reach the LLM you MUST call enforcePolicy() / enforce_policy() and handle PolicyBlockedError as shown above.
§ 02

How policies work

Policies are rules that govern how your AI agents operate. Each policy has a type (what it checks) and an enforcement mode (what happens on violation):

§ MONITOR

Record the violation, allow the request to proceed. Use to baseline before turning on enforcement.

§ WARN

Allow the request, flag it, and notify admins. The LLM call still executes.

§ REQUIRE_APPROVAL

Pause the request and put it in the human-approval queue. The LLM call only runs after a reviewer approves.

§ BLOCK

Reject the request. enforcePolicy() raises PolicyBlockedError before the LLM call executes.

Only block stops the LLM call. Monitor and warn allow the request to proceed; they only create dashboard incidents. Policies can be scoped to all agents or to specific agents by ID. Pre-execution gating requires ag.enforcePolicy() / ag.enforce_policy() in your code — trace-ingestion evaluation alone never blocks.

§ 03

Policy types

§ 04

Kill switch

Instantly pause any agent when you detect issues. Paused agents reject all new trace submissions and LLM calls (SDK throws AgentPausedError).

§ Pause an agent

# Via APIcurl -X PATCH https://api.execlave.com/api/v1/agents/AGENT_ID/pause \  -H "X-API-Key: exe_prod_xxx" \  -H "Content-Type: application/json" \  -d '{"reason": "Detected harmful outputs in production"}' # Via Dashboard: Agents → Select Agent → Settings → Pause Agent

§ Resume an agent

curl -X PATCH https://api.execlave.com/api/v1/agents/AGENT_ID/resume \  -H "X-API-Key: exe_prod_xxx" # Via Dashboard: Agents → Select Agent → Settings → Resume Agent

§ Handle in your app

// The SDK automatically checks agent status before each traceimport { AgentPausedError } from '@execlave/sdk'; try {  const response = await tracedCall('User message');} catch (err) {  if (err instanceof AgentPausedError) {    // Show a friendly message to the user    return 'This service is temporarily unavailable for maintenance.';  }  throw err;}
§ 05

Agent-to-agent access grants

In multi-agent systems, control which agents can invoke other agents. Access grants define allowed actions and optional expiration.

§ Available actions

executereadwritedeleteinvokequerysubscribedelegate
# Grant agent-a permission to execute and read from agent-bcurl -X POST https://api.execlave.com/api/v1/agents/AGENT_A_UUID/grants \  -H "X-API-Key: exe_prod_xxx" \  -H "Content-Type: application/json" \  -d '{    "targetAgentId": "AGENT_B_UUID",    "allowedActions": ["execute", "read"],    "expiresAt": "2025-12-31T23:59:59Z"  }' # Check authorization before an agent-to-agent callcurl -X POST https://api.execlave.com/api/v1/agents/authorize \  -H "X-API-Key: exe_prod_xxx" \  -H "Content-Type: application/json" \  -d '{    "sourceAgentId": "agent-a",    "targetAgentId": "agent-b",    "action": "execute"  }'
§ 06

Webhook notifications

Get notified in real-time when policy violations or anomalies occur.

§ Available events

policy.violatedagent.pausedagent.resumedtrace.anomalycost.threshold
curl -X POST https://api.execlave.com/api/v1/webhooks \  -H "X-API-Key: exe_prod_xxx" \  -H "Content-Type: application/json" \  -d '{    "url": "https://your-app.com/execlave-webhook",    "events": ["policy.violated", "agent.paused"],    "secret": "whsec_your_signing_secret"  }'
§ 07

Custom validators (BYOV)

Need to gate on state Execlave doesn't store — per-customer spend, internal entitlements, row-level ACLs, freeze windows? Register a signed HTTPS endpoint that Execlave calls during enforcement.

Read the BYOV guide
§ 08

Expression policies (CEL)

Write enforcement rules in CEL — Google's sandboxed, deterministic expression language (same one used by Kubernetes admission and GCP IAM). Ideal for cost caps, tool-scope checks, and metadata-driven gates.

Read the expressions guide
§ 09

Policy chaining

Declare prerequisites between policies to skip expensive checks when an upstream policy already decided — or escalate only if something already triggered. Cycles are rejected at write time.

Read the chaining guide