Input Policy
Evaluate messages before they reach the LLM. Block, redact, or transform content at the boundary.
Agent Policy SpecificationEnforce policies on AI agent interactions.
A vendor-neutral standard for intercepting and enforcing policies on every message, tool call, and model response, before any side effect occurs.
Tool Call Policy
Intercept tool invocations before execution. Enforce allowlists, validate arguments, prevent unsafe operations.
Output Policy
Evaluate model responses before delivery. Redact sensitive content, block unsafe outputs, audit everything.
Extensible policy authoring
Write policies in Rego (WASM or REST), as runtime rules in TypeScript/Java, or in any custom DSL — APS defines the contract, not the language.
Vendor-neutral
Not tied to any agent framework, LLM provider, or cloud platform. Works wherever your agent runs.
Composable decisions
Five decision types — allow, deny, redact, transform, audit — that compose to cover any enforcement scenario.