> ## Documentation Index > Fetch the complete documentation index at: https://docs.keydris.com/llms.txt > Use this file to discover all available pages before exploring further. # Build a policy > Author an enforceable policy on the visual canvas. The Policy Builder is a visual canvas where you assemble the rules an agent operates under. As you build, Keydris shows a plain-English summary of the policy, and on save it compiles your work to a Rego module. Open **Policy Builder** and select **Create Policy**. The canvas opens with a trigger, the branches you can govern, and an outcome. Enable the **payments** branch, the **actions** branch, or both. Each branch is independent, so you can govern only what is relevant to this agent. For each permitted tool call, set the tool, the operation, and the decision (allow, approval, or reject). For destination-based tools such as HTTP, cURL, and email, you can: * Scope the rule to an allowlist or a blocklist of hosts and ports. * Cap the number of matching calls per hour. * Bind a Vault credential the agent must use for the call, by token rather than plaintext. Cap spending and refunds independently. Set a maximum amount and a decision for each, then scope them with a currency, payment rails (card, bank transfer, wallet), and a provider. Choose what happens to a request that matches no rule. Rejecting everything else is a safe default. Optionally enable team notifications for the policy. Save the policy. Keydris compiles it to a Rego v1 module, stores both the configuration and the compiled module, and assigns it a version. ## Reviewing the result The policies list shows each policy's name, current version, and last update. Select **View** on any policy to read its compiled Rego, and copy it if you need it elsewhere. To change a policy, open it from the list, edit it on the canvas, and save a new version. ## Related The concepts behind branches, decisions, and versioning. Store the credentials your rules reference by token.