AI Policy Builder

Automatically generate and refine security policies from observed agent behavior. Zero-config — Navil watches your agents and suggests policies you can approve with one click.

Closed-Loop Workflow

The AI Policy Builder follows a continuous observe → detect → suggest → approve → enforce cycle:

Observe — Navil records every tool call, building behavioral baselines per agent.
Detect — The anomaly engine flags unusual patterns (rate spikes, new tools, privilege escalation).
Suggest — The LLM generates policy rules to address detected anomalies with a confidence score and reversibility flag.
Approve — You review and approve or dismiss each suggestion in the dashboard or CLI.
Enforce — Approved rules are written to policy.auto.yaml and enforced immediately. Human rules always take precedence.

Suggestion Format

Each suggestion includes structured metadata to help you make an informed decision:

Example suggestion

rule:
  agents:
    rogue-agent:
      rate_limit_per_hour: 30
      tools_denied:
        - admin_panel
confidence: 0.9
reason: "Agent exceeded baseline tool usage by 4x"
reversible: true
source: anomaly

Confidence scores range from 0 to 1. Suggestions with confidence below 0.5 are conservative fallbacks generated when the LLM is unavailable or returns invalid output. High-confidence suggestions (>0.8) are based on clear anomaly patterns.

Zero-Config Onboarding

No hand-written policies needed to get started. Run navil policy auto-generate to create an initial policy from your agent baselines:

Terminal

# Generate policy from observed baselines
navil policy auto-generate

# Review the generated policy
cat ~/.navil/policy.auto.yaml

# Save a suggestion to the auto-policy file
navil policy save --suggestion-id demo-1

Safety: If auto-generation fails, Navil falls back to a permissive default policy. No agent calls are blocked unless you explicitly approve a restrictive rule.

Policy Files

Navil uses two policy files that are merged at runtime:

policy.yaml — Human-authored rules. You write and maintain this.
policy.auto.yaml — Machine-generated rules from the AI Policy Builder. Managed automatically. Includes a header comment noting it was auto-generated.

When both files define a rule for the same agent, human rules always take precedence. Auto-generated rules for new agents are merged in without conflict.

Merge example

# policy.yaml (human-authored, wins)
agents:
  reader:
    rate_limit_per_hour: 100

# policy.auto.yaml (machine-generated)
agents:
  reader:
    rate_limit_per_hour: 50    # ignored — human rule wins
  auto-agent:
    rate_limit_per_hour: 30    # merged in — no conflict

CLI Commands

navil policy auto-generate

Generate an initial policy from behavioral baselines (zero-config onboarding).

navil policy save --suggestion-id <id>

Approve a suggestion and write it to the auto-policy file.

navil policy check --tool <name> --agent <name> --action <action>

Check if a specific tool call would be allowed by the current merged policy. Logs the decision.

Dashboard

The Policy page in the local dashboard shows pending suggestions, approval history, and the current merged policy. Each suggestion displays its confidence score, source anomaly, and the rule it would enforce. You can approve or dismiss suggestions directly from the UI.

Access it at http://localhost:8484/policy. Dismissed suggestions are tracked and won't reappear.

Tool Scoping

A2A Agent Cards