Policies
How to write and manage Kyra policies.
Policies
Policies are the rules Kyra enforces on your agent's tool calls. You configure them in the dashboard — no code changes required.
What a policy is
A policy has three parts:
- Condition — what to catch (e.g. "transfer over $10,000")
- Action —
BLOCKorESCALATE - Scope — which agents and tools it applies to
Writing policies in plain language
Go to Policies → New Policy and write in plain language:
Block any refund over $500 for orders older than 30 days.
Escalate any email sent to an external domain not on the approved list.
Block deletion of records flagged as audit-critical.
Kyra parses and enforces these automatically.
Policy scope
Policies can be scoped to all agents in your org, specific agents by ID, or specific tools by name.
Policy actions
| Action | What happens |
|---|---|
BLOCK | Tool call is stopped. Agent receives a blocked decision with a reason. |
ESCALATE | Call is paused and routed to a human approver. Agent waits for a response. |
Uploading policy documents
Go to Policies → Upload Document to upload an existing policy handbook or compliance document. Kyra extracts enforceable rules automatically. Review and activate them before they take effect.
Compliance packs
Pre-built packs for common frameworks — enable under Policies → Compliance Packs:
- GDPR — data subject rights, consent, cross-border transfer controls
- HIPAA — PHI access and disclosure controls
- SOC 2 — access control, availability, change management
Individual policies within a pack can be toggled on or off.
Priority
When multiple policies match, the most restrictive action wins:
BLOCK takes priority over ESCALATE.
Testing policies
Use Shadow Mode to see what would be blocked before going live.