> ## Documentation Index > Fetch the complete documentation index at: https://docs.keydris.com/llms.txt > Use this file to discover all available pages before exploring further. # Policies > Govern what an autonomous agent is permitted to do and spend. A policy defines what an agent may do, spend, and call. Every request an agent makes with a KIT is checked against the policy attached to that KIT. You author policies visually, and Keydris compiles each one to a Rego module and versions it. ## What a policy can govern A policy can govern payments, actions, or both at once. Each branch is an independent sub-configuration you can turn on or off. The tool calls an agent is permitted, each with its own decision. For destinations such as HTTP and email, you can scope a rule to an allowlist or a blocklist of hosts, cap calls per hour, and bind a Vault credential the agent must use. Independent caps on spending and refunds over a shared currency, payment rail, and provider scope. For example, allow spend up to a limit while requiring approval for refunds. ## Decisions Each rule carries a decision that Keydris applies when a request matches it: | Decision | Effect | | ------------ | ----------------------------------------------- | | **Allow** | The request proceeds. | | **Approval** | The request is held until a person approves it. | | **Reject** | The request is denied. | A policy also sets a **default decision** for any request that matches no rule in either branch. A common pattern is to allow or require approval for specific operations and reject everything else. ## Versioning Saving a policy compiles it to a Rego v1 module and increments its version. The policies list shows each policy's current version and when it was last updated, and you can view the compiled Rego for any version at any time. ## Related Author a policy on the visual canvas. Browse, version, and inspect your policies.