Preflight policy checks that run before execution begins.
Preflight evaluation catches impossible or invalid policy configurations
early, returning {:error, %Error{code: :policy_violation}} with clear
details instead of wasting provider resources.
Checks
- Empty allow list: if
{:allow, []}is present, no tool can ever be used — the run is guaranteed to violate policy. - Contradictory rules: if a tool appears in both allow and deny lists.
- Zero-budget limits: if
max_total_tokens: 0ormax_tool_calls: 0is set, the run cannot produce any useful output.
Summary
Functions
Validates a policy before execution.
Functions
@spec check(AgentSessionManager.Policy.Policy.t()) :: :ok | {:error, AgentSessionManager.Core.Error.t()}
Validates a policy before execution.
Returns :ok if the policy is satisfiable, or
{:error, %Error{code: :policy_violation}} with details if the policy
is impossible to satisfy.