How Policies Work

Policies are the core of Bulwark. They determine what happens when an agent tries to use a tool.

Policy Evaluation Flow

When Claude Code makes a tool call:

Intercept: Bulwark receives the tool call details (name, inputs, context)
Evaluate: Policies are checked in priority order (highest first)
Match: The first policy whose rules match is applied
Action: The policy's action (Allow/Deny/Ask) determines the outcome
Default: If no policies match, the action is allowed by default

Policy Components

Rules

Rules define the conditions that must be met for a policy to match. Each rule has:

Field: What to check (e.g., tool_name, tool_input.file_path)
Operator: How to compare (e.g., equals, contains, matches)
Value: What to compare against

Rules can be combined with AND/OR logic.

Actions

Allow: Auto-approve the tool call immediately
Deny: Block the tool call with an optional message
Ask: Pause and wait for manual approval via the dashboard

Priority

Policies are evaluated in priority order. Higher priority policies are checked first. When multiple policies could match, the first match wins.

Status

Active: Policy is enforced
Inactive: Policy exists but is not enforced
Draft: Policy is being edited

Example Flow

Tool call: Bash("rm -rf ./tests")
    ↓
Policy "Protect test files" (priority: 100)
  Rule: tool_name = "Bash" AND tool_input.command contains "rm"
  Action: Ask
    ↓
Match! → Send to approval queue
    ↓
User approves in dashboard
    ↓
Allow tool call to proceed

Default Behavior

If no policies match a tool call, Bulwark allows it by default. This "default allow" behavior means you only need to create policies for things you want to control.

Tip

Start with policies for your most sensitive operations, then expand coverage as needed.

Next Steps

Creating Policies - Step-by-step policy creation
Rule Conditions - Available fields and operators
Actions - When to use each action type