Using the CLI
Policies
Control what agents may do - destinations, models, and execution-time rules.
Policies
Policies are how you bound what your agents are allowed to do - which hosts they can reach, which models they can call, and what happens when they try a risky action. All of them live under dvx policy, and most can be set org-wide or scoped to a single agent with --agent <name>.
Network destinations
Control which hosts and networks agents may reach:
dvx policy destination show
dvx policy destination add-rule --action allow --host '*.github.com' --reason "source control"
dvx policy destination add-rule --action deny --cidr 10.0.0.0/8 --reason "no internal network"
dvx policy destination remove-rule --action allow ...
Model restrictions
Limit which LLM models agents may use:
dvx policy model ...
Execution-time policies
Execution policies evaluate an agent’s actions as they happen and take an action: allow, deny, require_approval (see Approvals), or alert. Rules match on things like the tool being called, its arguments, the destination, inspector findings, the model, or a time window.
dvx policy execution create my-rule \
--rule-type tool_match \
--rule-config '{"tool":"bash"}' \
--action require_approval \
--layer both \
--mode enforce
dvx policy execution list
dvx policy execution get <id>
dvx policy execution update <id> --mode simulate # test a rule without enforcing it
--mode simulate lets you see what a rule would do (it shows up in audit) before switching it to enforce.
Policy packs
Policy packs are curated or org-authored bundles of rules you can install as a unit. Preview before you apply:
dvx policy pack list
dvx policy pack show <name>[@version]
dvx policy pack diff <name>[@version] # dry-run: what installing it would change