Policy Packs as the Agent Governance Unit
Policy packs turn agent controls into reusable operating rules: who they apply to, which surfaces they govern, what they observe, and what they block.
Thesis
Agent policy becomes manageable when controls are grouped into assignable packs that resolve by user, group, host, repository, and agent surface.
Technical readout
Resolver invariants
Policy packs are enterprise-ready only when admins can predict and test the resolved runtime policy.
group source
Did this assignment come from Entra ID, Google Workspace, Okta, or a local group?
Display provider source, provider ID, sync timestamp, and membership count on every selectable group.
pack priority
Which pack wins when a user matches several groups and contexts?
Expose priority, inheritance, disabled state, and matched conditions before saving a production assignment.
merge behavior
Can a broad audit pack weaken a stricter block pack by accident?
Apply monotonic strictness for verdicts and make evidence-retention precedence explicit in tests and UI.
explainability
Can an admin see why the final policy applied to a specific user action?
Render resolver traces that list matched groups, packs, rules, overrides, and the final runtime decision.
Packs map policy to operating reality
A single global AI-agent policy is easy to explain and hard to live with. Developers, contractors, platform engineers, data teams, and incident responders need different access patterns. Policy packs create named bundles that can be assigned and tested without copying rules across every team.
The pack becomes the unit security can review: rules, affected groups, surfaces, enforcement level, and evidence settings in one place.
Resolution has to be visible
The hard part is not only saving assignments. Admins need to know which pack wins when a user belongs to several groups, which rules are inherited, and whether the final result is observe, warn, or block.
A useful resolver simulator lets the team choose a user, inspect matched directory groups, see pack priority, and understand the final runtime policy before changing production behavior.
Merging must preserve intent
When two packs disagree, the merge model should be explicit. A stricter block should not disappear because a broad audit pack also applies. A warning should not become a pass by accident. Evidence retention should be clear enough for audit teams to trust.
That makes tests important. Policy pack systems should include invariants for monotonic merges, strictness, disabled states, and resolver explanations.
Good UX keeps the model understandable
Policy pack UI should expose users and groups without making admins memorize provider IDs. Source badges, group search, member counts, and matched-group previews reduce mistakes.
This is where enterprise quality shows up: the security model is technical, but the assignment workflow should feel obvious to the person carrying rollout risk.
Technical model
Policy pack resolution
The important UX is not rule editing alone. It is explaining which policy applies to a real person doing real work.
Resolver graph
pack resolver
block survives broad audit packs
groups, packs, rules, verdict
Signals in the model
Identity context
User, groups, provider, role, deprovision state
Work context
Host, repository, agent surface, MCP server, tool
Pack resolver
Priority, inheritance, merge rules, stricter-wins behavior
Runtime decision
Observe, warn, block, capture evidence, explain match
Policy feels enterprise-ready when admins can predict the result before rollout.