Skip to content

Policy Playground

The Policy Playground lets you test whether a specific tool call would be allowed, blocked, or sent for approval - against your actual live policies - without running the call for real.

Use it when you want to understand how your policies will behave before an agent goes to production, or when an agent is being blocked unexpectedly and you want to find out why.

How to use it

1. Select an agent - choose from your registered agents. The Playground evaluates the call against this agent's actual policies.

2. Enter a tool name - type the tool name the agent would use, or pick from the list of tools available to the selected agent.

3. Enter the arguments - provide the JSON inputs the agent would pass. The Playground does not validate the arguments themselves - it is checking policy coverage, not argument correctness.

4. Run - the result appears immediately.

What the result tells you

Allowed - this call would succeed. The tool is active, covered by one of the agent's policies, and no human approval is required.

Approval required - this call would be held for human review. The result shows which policy flagged it and whether it would be reviewed before or after execution.

Blocked - this call would fail. The result tells you exactly why:

  • The tool name is not registered in this workspace
  • The tool exists but has not been approved yet
  • The tool has been rejected
  • The tool is currently disabled
  • The tool is active and approved, but not covered by any of this agent's policies

Example scenarios

Three pre-built examples are available to show what different blocked results look like in practice. Click any example to load it, then run it to see the result and the reason.

  • Unknown tool - a tool name that does not exist in the workspace
  • Disabled tool - a tool that is registered and approved but has been disabled
  • Not in policy - a tool that is active and approved, but not covered by any of the selected agent's policies

Playground vs. Preflight

The Playground and Preflight answer different questions:

Policy PlaygroundPreflight
Question it answersWould this specific call be allowed?Is this agent correctly set up?
What you provideAgent + tool name + argumentsSelect an agent
What you get backThe exact verdict for that callPass/fail per governance check
When to use itTesting specific call patternsBefore deploying an agent

Run Preflight first to confirm the agent's overall configuration is correct. Then use the Playground to confirm that the specific calls your agent will make produce the results you expect.

Released under the MIT License.