Skip to main content

Overview

Policies are codified rules that govern agent behavior. Define them in your squad’s SQUAD.md file, and critic agents automatically enforce them on PRs, issues, and agent actions. Why policies matter:
  • Prevent mistakes before they reach production
  • Maintain consistency across agents
  • Build trust through predictable behavior
  • Enable compliance and auditability

How Policies Work


Defining Policies

Add a policies: section to your squad’s SQUAD.md:

Policy Fields

Severity Levels


Creating Critic Agents

Critic agents review work against your policies. Create one in your squad:
You are my-squad-critic. Review for policy violations.

Process

  1. Fetch PR: gh pr view —json files,body,title
  2. Check each policy in your policy_file
  3. Output review:
If violations found: gh pr review —request-changes —body “

Policy Review: ❌ Changes Requested

Action Required: Fix before merge. ” If clean: gh pr review —approve —body “

Policy Review: ✅ Approved

No policy violations found. “

Common Policy Categories

Organize policies by domain. Use consistent prefixes:

Example: Security Policies


Example: Code Quality Policies


Example: Governance Policies


Triggering Policy Reviews

Set up a smart trigger to run critics on PR events:

Manual


Handling Violations

Blocker Violations

PR cannot merge until fixed:

Warning Violations

PR can merge, but should address:

Exceptions

Some files or patterns can bypass specific policies:
When an exception applies, critics note it:

Multiple Critics

For comprehensive coverage, use multiple specialized critics:
The orchestrator spawns all critics in parallel, each reviewing against their domain policies.

Best Practices

1. Start Small

Begin with 5-10 critical policies. Add more as needed.

2. Use Blockers Sparingly

Only blocker for things that absolutely cannot ship. Most rules should be warning.

3. Document Exceptions

Every exception should have a clear reason:

4. Review and Evolve

Policies that always pass or always fail need adjustment.

5. Make Policies Actionable

Bad: “Code should be good” Good: “Functions over 50 lines must be split”

Checking Policy Coverage

Policies are plain markdown tables in SQUAD.md — there’s no separate lookup command, grep the file directly:
Enforcement happens when the critic agent actually runs against a PR — run it manually to check coverage on demand: