# Policies Policies are how you bound what your agents are allowed to do - which hosts they can reach, which models they can call, and what happens when they try a risky action. All of them live under `dvx policy`, and most can be set org-wide or scoped to a single agent with `--agent `. ## Network destinations Control which hosts and networks agents may reach: ```bash dvx policy destination show dvx policy destination add-rule --action allow --host '*.github.com' --reason "source control" dvx policy destination add-rule --action deny --cidr 10.0.0.0/8 --reason "no internal network" dvx policy destination remove-rule --action allow ... ``` ## Model restrictions Limit which LLM models agents may use: ```bash dvx policy model ... ``` ## Execution-time policies Execution policies evaluate an agent's actions as they happen and take an action: `allow`, `deny`, `require_approval` (see [Approvals](/cli-approvals/)), or `alert`. Rules match on things like the tool being called, its arguments, the destination, inspector findings, the model, or a time window. ```bash dvx policy execution create my-rule \ --rule-type tool_match \ --rule-config '{"tool":"bash"}' \ --action require_approval \ --layer both \ --mode enforce dvx policy execution list dvx policy execution get dvx policy execution update --mode simulate # test a rule without enforcing it ``` `--mode simulate` lets you see what a rule *would* do (it shows up in audit) before switching it to `enforce`. ## Policy packs Policy packs are curated or org-authored bundles of rules you can install as a unit. Preview before you apply: ```bash dvx policy pack list dvx policy pack show [@version] dvx policy pack diff [@version] # dry-run: what installing it would change ```