> ## Documentation Index
> Fetch the complete documentation index at: https://docs.goantiai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a Policy

> Control what your agents are allowed to do.

Policies control what your agents can access. Without a policy, an agent can't do anything — Anti AI uses a **deny-by-default** model.

## Using the AI Policy Builder

1. Go to **Policies → New Policy**
2. Click **AI Suggest**
3. Describe what you want in plain English:
   > *"Allow this agent to read customer data from Stripe but only during business hours"*
4. Review the generated Rego, then click **Save**

## Writing a policy manually

```rego theme={null}
package oculus.authz

default allow = false

allow {
    input.action == "stripe:customer:read"
    input.subject.status == "active"
}

allow {
    input.action == "stripe:charge:write"
    "payment-processor" in input.subject.tags
    input.subject.status == "active"
}
```

## Scope format

```
stripe:customer:read     ← read Stripe customers
stripe:charge:write      ← create Stripe charges
github:repo:read         ← read GitHub repos
db:read                  ← read from the database
```

## Test before activating

1. In the Policy Editor, click **Simulate**
2. Enter a mock request (agent ID, action, scope)
3. See whether the policy allows or denies it

<Tip>
  Use **Shadow Mode** to run a new policy in production without enforcing it. Watch the audit log for 24 hours, then activate when confident.
</Tip>

## Assign to an agent

Go to your agent → **Settings → Policies** and add the policy. Changes take effect within 60 seconds.
