> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lasscyber.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Policies overview

> The four policy families in Agnes — combined Agnes policies, YARA policies, SDP policies, and safety policies — and when each one applies.

Agnes ships four distinct policy types. They are easy to confuse because
they all answer the same kind of question: *"how should this analyzer
behave for my tenant?"* This page is the orientation page. Each policy
type has its own dedicated reference under
[Policies](/policies/agnes-policies).

| Policy type                 | Lives at                        | Consumed by                           | Customer-facing?                                            |
| --------------------------- | ------------------------------- | ------------------------------------- | ----------------------------------------------------------- |
| **Combined / Agnes policy** | `/protection/policies`          | The `POST /api/v1/analyze/` endpoint. | Yes — most users only ever touch this.                      |
| **YARA policy**             | `/protection/yara-policies`     | The YARA analyzer.                    | Yes — opt in if you author your own rules.                  |
| **SDP policy**              | `/protection/sensitive-data`    | The Sensitive Data analyzer.          | Yes — required to fine-tune which info types are inspected. |
| **Safety policy**           | `/protection/safety-moderation` | The Safety & Responsible AI analyzer. | Yes — opt in for custom guidelines beyond the default.      |

## How they fit together

```mermaid theme={null}
flowchart LR
    Combined["Combined policy<br/>(execution_plan + termination)"]
    Combined --> YaraRef[("yara_policy_id")]
    Combined --> SdpRef[("sdp_policy_id")]
    Combined --> SafetyRef[("safety policy_id param")]
    YaraRef --> YaraRules["YARA policy<br/>= ordered set of rules"]
    SdpRef --> SdpRules["SDP policy<br/>= inspect_config + deidentify_config"]
    SafetyRef --> SafetyText["Safety policy<br/>= guideline text used in the LLM-as-judge prompt"]
```

A **combined policy** is the only thing your code refers to at request
time. It in turn names the supporting policies (YARA / SDP / safety) it
wants to run with, either inline as analyzer parameters or as
request-level overrides on the `analyze` call.

## Combined / Agnes policies

The hero policy. Defines the `execution_plan`, the ordered analyzer
steps, and the termination rules that decide whether a run blocks.

* **Read** [The Agnes Analyzer](/concepts/combined-analyzer) for the
  schema and execution semantics.
* **Read** [Agnes policies](/policies/agnes-policies) for CRUD, slugs,
  and versioning.
* Built-in fixtures: `default-inbound`, `default-outbound`,
  `default-permissive`.

## YARA policies

YARA is the rule engine you use to encode your business's specific
threat patterns — leaked source code shapes, internal codenames, known
prompt injection idioms, etc. Agnes lets you create individual YARA
rules and group them into a **YARA policy** so a single combined policy
can target a specific subset of rules.

* **Read** [YARA rules and policies](/policies/yara-rules-and-policies).
* A YARA policy is essentially `(name, ordered list of YARA rule IDs)`.
* The combined policy points at one via the `yara_policy_id` parameter
  on the `yara` analyzer (or via the request-level `yara_policy_id`
  override).

## SDP policies

SDP (Sensitive Data Protection) is Agnes's wrapper around Google Cloud
DLP. An **SDP policy** bundles an inspection configuration (which
info types to detect, at what likelihood) with a de-identification
configuration (how to mask findings). Agnes ships several defaults:

| Default                           | Detects                                                                                                 | Redacts as                        |
| --------------------------------- | ------------------------------------------------------------------------------------------------------- | --------------------------------- |
| **General PII Redaction**         | `EMAIL_ADDRESS`, `PHONE_NUMBER`, `PERSON_NAME`, `LOCATION`, `DATE_OF_BIRTH`, `IP_ADDRESS`, `URL`, `AGE` | `[REDACTED]`                      |
| **Financial Data Masking**        | `CREDIT_CARD_NUMBER`, `IBAN_CODE`, `SWIFT_CODE`, U.S. routing / account numbers                         | Asterisks                         |
| **Healthcare PHI Protection**     | Medical record numbers, NPI / DEA, ICD-9 / 10 codes, FDA codes, HIPAA beneficiary IDs, blood type       | Replaced with the info type label |
| **Government ID Protection**      | SSN, passport, driver's license, ITIN, ATIN                                                             | Asterisks                         |
| **Credential & Secret Detection** | `AUTH_TOKEN`, `BASIC_AUTH_HEADER`, `PASSWORD`, GCP API keys / credentials, signed URLs                  | Fully redacted                    |

* **Read** [SDP policies](/policies/sdp-policies).

## Safety policies

A **safety policy** is the prompt text Agnes feeds to ShieldGemma when
it acts as the LLM-as-judge. It defines the categories of content you
consider unsafe, with category-specific guidelines. The shipped
"Default Safety Policy" covers the standard categories (harmful
content, hate speech, harassment, sexual content, misinformation,
illegal content, privacy violations).

* **Read** [Safety policies](/policies/safety-policies).
* Custom safety policies are appropriate when your industry has tighter
  guidelines (e.g. healthcare advice safety, child-directed media,
  professional contexts).

## Choosing what to author

If you are just getting started:

1. Use the shipped `default-inbound` and `default-outbound` combined
   policies as-is. They reference a sensible default SDP policy and the
   default safety policy.
2. Watch the [Analysis log](/threat-analysis/analysis-logs) for a few
   days. Are you seeing false positives? Missing real attacks?
3. Tighten what's noisy: clone the default combined policy and adjust
   thresholds before you write any custom YARA / SDP / safety policies.
4. Reach for **YARA** when you have business-specific patterns Agnes's
   ML analyzers do not see.
5. Reach for **custom SDP** when the default info type set is wrong for
   your domain (e.g. you actually expect SSNs and want to allow them).
6. Reach for **custom safety policies** when the default category list
   does not match your product's tone (educational, creative, strict).

## Next

* [Agnes policies](/policies/agnes-policies)
* [YARA rules and policies](/policies/yara-rules-and-policies)
* [SDP policies](/policies/sdp-policies)
* [Safety policies](/policies/safety-policies)
