Policies Guide

Policies are rules that automatically block certain data from being stored. When you write data using anchor.data.write(), Anchor checks the data against your policies before storing.

Why Policies?

Without policies, agents can accidentally store:

  • Email addresses, phone numbers, SSNs (PII)
  • API keys, passwords, tokens (secrets)
  • Data that should have been deleted months ago

Policies enforce these rules automatically when you write data using anchor.data.write().

Using Policies

from anchor import Anchor

anchor = Anchor(api_key="anc_...")
agent = anchor.agents.create("support-bot")

# Configure policies
anchor.config.update(agent.id, {
    "policies": {
        "block_pii": True,
        "block_secrets": True
    }
})

# Allowed - just a fact
result = anchor.data.write(agent.id, "user:123:language", "spanish")
print(result.allowed)  # True

# Blocked - email is PII
result = anchor.data.write(agent.id, "user:123:email", "john@example.com")
print(result.allowed)     # False
print(result.blocked_by)  # "policy:block_pii"

Built-in Policies

no-pii - Block Personally Identifiable Information

Detects and blocks:

  • Email addresses (john@example.com)
  • Phone numbers (555-123-4567, +1-555-123-4567)
  • Social Security Numbers (123-45-6789)
  • Credit card numbers
  • Physical addresses
  • Names when clearly identifiable

no-secrets - Block Credentials and Secrets

Detects and blocks:

  • API keys (sk-abc123..., AKIA...)
  • Bearer tokens (Bearer eyJ...)
  • Passwords and password-like strings
  • Private keys (-----BEGIN RSA PRIVATE KEY-----)
  • Connection strings with credentials
  • OAuth tokens

retention_days - Auto-delete After N Days

# Configure retention policy
anchor.config.update(agent.id, {
    "policies": {
        "retention_days": 30
    }
})

# This entry will be automatically deleted after 30 days
anchor.data.write(agent.id, "session:abc:context", "discussed pricing options")

retention-90d - Auto-delete After 90 Days

Same as above, but 90-day retention.

Combining Policies

You can combine multiple policies. All must pass for data to be stored:

memory = anchor.memory.create(
    agent_id="agent-123",
    policies=["no-pii", "no-secrets", "retention-30d"]
)

# Must pass ALL three:
# 1. no-pii: Is there PII? No → pass
# 2. no-secrets: Is there a secret? No → pass
# 3. retention-30d: Set 30-day expiry → done

result = memory.write("user:123:prefers_morning", "true")
# Allowed, will auto-delete in 30 days

Common Patterns

Strict Mode (Default for Production)

anchor.config.update(agent.id, {
    "policies": {
        "block_pii": True,
        "block_secrets": True,
        "retention_days": 30
    }
})

Long-term Storage

anchor.config.update(agent.id, {
    "policies": {
        "block_pii": True,
        "block_secrets": True,
        "retention_days": 90
    }
})

Session-only

anchor.config.update(agent.id, {
    "policies": {
        "retention_days": 30
    }
})

For more details, see the Data API reference.