Overview
Policies are codified rules that govern agent behavior. Define them in your squad’sSQUAD.md file, and critic agents automatically enforce them on PRs, issues, and agent actions.
Why policies matter:
- Prevent mistakes before they reach production
- Maintain consistency across agents
- Build trust through predictable behavior
- Enable compliance and auditability
How Policies Work
Defining Policies
Add apolicies: section to your squad’s SQUAD.md:
Policy Fields
Severity Levels
Creating Critic Agents
Critic agents review work against your policies. Create one in your squad:Process
- Fetch PR: gh pr view —json files,body,title
- Check each policy in your policy_file
- Output review:
Policy Review: ❌ Changes Requested
Action Required: Fix before merge.
”
If clean:
gh pr review —approve —body “
Policy Review: ✅ Approved
No policy violations found. “Common Policy Categories
Organize policies by domain. Use consistent prefixes:Example: Security Policies
Example: Code Quality Policies
Example: Governance Policies
Triggering Policy Reviews
Automatic (Recommended)
Set up a smart trigger to run critics on PR events:Manual
Handling Violations
Blocker Violations
PR cannot merge until fixed:Warning Violations
PR can merge, but should address:Exceptions
Some files or patterns can bypass specific policies:Multiple Critics
For comprehensive coverage, use multiple specialized critics:Best Practices
1. Start Small
Begin with 5-10 critical policies. Add more as needed.2. Use Blockers Sparingly
Onlyblocker for things that absolutely cannot ship. Most rules should be warning.
3. Document Exceptions
Every exception should have a clear reason:4. Review and Evolve
Policies that always pass or always fail need adjustment.5. Make Policies Actionable
Bad: “Code should be good” Good: “Functions over 50 lines must be split”Checking Policy Coverage
Policies are plain markdown tables inSQUAD.md — there’s no separate
lookup command, grep the file directly: