Skip to content
OnceOnly

Policy Templates

Policy Templates: Ready-to-Use Configurations

Section titled “Policy Templates: Ready-to-Use Configurations”

This guide provides copy-paste policy templates for different agent types and use cases.

Template 1: Customer Support Bot

Section titled “Template 1: Customer Support Bot”

For agents handling customer emails, tickets, knowledge base access.

{
  "agent_id": "support_bot",
  "allowed_tools": [
    "send_email",
    "create_ticket",
    "read_knowledge_base",
    "read_customer_data",
    "read_order_history"
  ],
  "blocked_tools": [
    "delete_customer",
    "delete_ticket",
    "process_refund",
    "update_customer_data"
  ],
  "max_actions_per_hour": 150,
  "max_spend_usd_per_day": 50,
  "max_calls_per_tool": {
    "send_email": 500,
    "create_ticket": 100,
    "read_knowledge_base": 1000,
    "read_customer_data": 200
  },
  "pricing_rules": [
    {"tool": "send_email", "price_usd": 0.001},
    {"tool": "create_ticket", "price_usd": 0.05},
    {"tool": "read_knowledge_base", "price_usd": 0.0},
    {"tool": "read_customer_data", "price_usd": 0.0},
    {"tool": "read_order_history", "price_usd": 0.0}
  ]
}

Use this if:

  • Agent only reads customer data
  • Can send emails and create tickets
  • Cannot refund or modify customer data

To customize:

  • Increase max_spend_usd_per_day if more actions needed
  • Add more tools to allowed_tools
  • Adjust max_calls_per_tool limits

Template 2: Billing Bot

Section titled “Template 2: Billing Bot”

For agents processing payments, invoices, and billing.

{
  "agent_id": "billing_bot",
  "allowed_tools": [
    "send_invoice",
    "read_invoice",
    "process_payment",
    "create_refund",
    "read_payment_history",
    "update_billing_address"
  ],
  "blocked_tools": [
    "delete_invoice_history",
    "delete_payment_record",
    "write_off_debt",
    "change_subscription_terms"
  ],
  "max_actions_per_hour": 200,
  "max_spend_usd_per_day": 5000,
  "max_calls_per_tool": {
    "send_invoice": 500,
    "process_payment": 300,
    "create_refund": 100,
    "read_invoice": 1000,
    "read_payment_history": 1000
  },
  "pricing_rules": [
    {"tool": "send_invoice", "price_usd": 0.001},
    {"tool": "read_invoice", "price_usd": 0.0},
    {"tool": "process_payment", "price_usd": 0.1},
    {"tool": "create_refund", "price_usd": 0.1},
    {"tool": "read_payment_history", "price_usd": 0.0},
    {"tool": "update_billing_address", "price_usd": 0.01}
  ]
}

Use this if:

  • Agent handles payments and refunds
  • Can modify billing address
  • Cannot delete records (audit trail)
  • Needs higher budget

To customize:

  • Increase max_spend_usd_per_day for higher volumes
  • Add more payment-related tools
  • Adjust max_calls_per_tool for refunds

Template 3: Analytics Bot

Section titled “Template 3: Analytics Bot”

For read-only agents that generate reports and analytics.

{
  "agent_id": "analytics_bot",
  "allowed_tools": [
    "read_all_data",
    "generate_report",
    "export_csv",
    "query_database",
    "visualize_metrics"
  ],
  "blocked_tools": [],
  "max_actions_per_hour": 500,
  "max_spend_usd_per_day": 20,
  "max_calls_per_tool": {
    "read_all_data": 2000,
    "generate_report": 200,
    "export_csv": 100,
    "query_database": 1000,
    "visualize_metrics": 500
  },
  "pricing_rules": [
    {"tool": "read_all_data", "price_usd": 0.0},
    {"tool": "generate_report", "price_usd": 0.005},
    {"tool": "export_csv", "price_usd": 0.01},
    {"tool": "query_database", "price_usd": 0.0},
    {"tool": "visualize_metrics", "price_usd": 0.002}
  ]
}

Use this if:

  • Agent only reads data, never writes
  • Can generate reports and exports
  • High volume of reads needed
  • Low cost operations

To customize:

  • Increase max_actions_per_hour if many reports
  • Add more read-only tools
  • Keep prices at $0 for most tools

Template 4: Data Processing Bot

Section titled “Template 4: Data Processing Bot”

For agents that perform bulk operations and data transformations.

{
  "agent_id": "data_processor_bot",
  "allowed_tools": [
    "read_dataset",
    "transform_data",
    "validate_data",
    "export_results",
    "update_records_batch",
    "log_processing_results"
  ],
  "blocked_tools": [
    "delete_data",
    "truncate_table",
    "bypass_validation"
  ],
  "max_actions_per_hour": 1000,
  "max_spend_usd_per_day": 500,
  "max_calls_per_tool": {
    "read_dataset": 5000,
    "transform_data": 2000,
    "validate_data": 3000,
    "export_results": 500,
    "update_records_batch": 1000
  },
  "pricing_rules": [
    {"tool": "read_dataset", "price_usd": 0.0},
    {"tool": "transform_data", "price_usd": 0.001},
    {"tool": "validate_data", "price_usd": 0.0},
    {"tool": "export_results", "price_usd": 0.01},
    {"tool": "update_records_batch", "price_usd": 0.01}
  ]
}

Use this if:

  • Agent processes large datasets
  • Performs transformations and validations
  • Batch updates records
  • Cannot delete (safety)

To customize:

  • Increase max_spend_usd_per_day for larger batches
  • Adjust max_calls_per_tool based on dataset size
  • Add cost to read operations if using expensive APIs

Template 5: Content Moderation Bot

Section titled “Template 5: Content Moderation Bot”

For agents that review and moderate user-generated content.

{
  "agent_id": "moderation_bot",
  "allowed_tools": [
    "read_content",
    "flag_content",
    "remove_content",
    "send_warning_email",
    "escalate_to_human",
    "log_moderation_decision"
  ],
  "blocked_tools": [
    "permanently_ban_user",
    "delete_user_account",
    "override_policy"
  ],
  "max_actions_per_hour": 1000,
  "max_spend_usd_per_day": 100,
  "max_calls_per_tool": {
    "read_content": 5000,
    "flag_content": 1000,
    "remove_content": 500,
    "send_warning_email": 500,
    "escalate_to_human": 100
  },
  "pricing_rules": [
    {"tool": "read_content", "price_usd": 0.0},
    {"tool": "flag_content", "price_usd": 0.001},
    {"tool": "remove_content", "price_usd": 0.005},
    {"tool": "send_warning_email", "price_usd": 0.001},
    {"tool": "escalate_to_human", "price_usd": 0.05}
  ]
}

Use this if:

  • Agent reviews content for violations
  • Can remove content and warn users
  • Cannot permanently ban (escalates instead)
  • High volume of content to review

To customize:

  • Adjust max_calls_per_tool based on content volume
  • Increase escalation limit if more review needed
  • Adjust prices based on tool complexity

Template 6: Restricted Read-Only

Section titled “Template 6: Restricted Read-Only”

For untrusted or new agents - maximum restrictions.

{
  "agent_id": "new_experimental_bot",
  "allowed_tools": [
    "read_public_data"
  ],
  "blocked_tools": [
    "*"  // Block everything except allowed_tools
  ],
  "max_actions_per_hour": 50,
  "max_spend_usd_per_day": 10,
  "max_calls_per_tool": {
    "read_public_data": 100
  },
  "pricing_rules": [
    {"tool": "read_public_data", "price_usd": 0.0}
  ]
}

Use this if:

  • New agent in testing
  • Untrusted or experimental
  • Want to limit blast radius
  • Plan to increase later

To customize:

  • Add tools one by one as needed
  • Increase limits after proving safe
  • Transition to other templates

How to Apply Templates

Section titled “How to Apply Templates”

Using Python SDK:

Section titled “Using Python SDK:”
import os
from onceonly import OnceOnly


client = OnceOnly(api_key=os.environ["ONCEONLY_API_KEY"])


# Apply a template (use the JSON from above as a Python dict)
policy = client.gov.upsert_policy(
    {**SUPPORT_BOT_TEMPLATE, "agent_id": "my_support_bot"},
    agent_id="my_support_bot",
)
print("Applied policy to:", policy.agent_id)

Using curl:

Section titled “Using curl:”
Terminal window
curl -X POST https://api.onceonly.tech/v1/policies/my_support_bot \
  -H "Authorization: Bearer once_live_xxxxx" \
  -H "Content-Type: application/json" \
  -d @support-bot-policy.json

Policy Customization Checklist

Section titled “Policy Customization Checklist”

Before applying any policy:

  • Agent ID matches your agent
  • All needed tools in allowed_tools
  • Dangerous tools in blocked_tools
  • max_actions_per_hour realistic for workload
  • max_spend_usd_per_day won’t cause issues
  • max_calls_per_tool matches tool usage
  • Pricing rules accurate for your tools
  • Policy tested on dev agent first

Monitoring Policy Success

Section titled “Monitoring Policy Success”

After applying policy, monitor:

import os
from onceonly import OnceOnly


client = OnceOnly(api_key=os.environ["ONCEONLY_API_KEY"])


def check_policy_effectiveness(agent_id: str):
    """Check if policy is appropriate"""


    metrics = client.gov.agent_metrics(agent_id, period="day")


    print(f"Agent: {agent_id}")
    print(f"  Total actions: {metrics.total_actions}")
    print(f"  Blocked actions: {metrics.blocked_actions}")
    print(f"  Block rate: {metrics.blocked_actions / (metrics.total_actions or 1):.1%}")
    print(f"  Daily spend: ${metrics.total_spend_usd:.2f}")
    print(f"  Top tools: {metrics.top_tools}")


    # Red flags
    block_rate = metrics.blocked_actions / (metrics.total_actions or 1)
    if block_rate > 0.1:
        print("  ⚠️  High block rate - policy too strict?")


    if metrics.total_spend_usd > 1000:
        print("  ⚠️  Very high spending - budget too high?")

Next: Agent Safe Defaults