Condukt.Sandbox.NetworkPolicy.AgentDecider (Condukt v1.5.0)

Copy Markdown View Source

Condukt.Sandbox.NetworkPolicy.Decider implementation that delegates to a Condukt-defined agent module.

Use this when you want the decision to come from a model with the session context in front of it:

%Condukt.Sandbox.NetworkPolicy{
  rules: [decide: {Condukt.Sandbox.NetworkPolicy.AgentDecider, agent: MyApp.NetGuard}]
}

The decider does not ask the agent's prompt to describe a wire format. It injects a strict :output JSON Schema into Condukt.run/3 (decision: "allow" | "deny", reason: string) so the model's answer is validated structured output, not parsed prose. The wrapped agent only needs a system prompt that describes the policy. Structured enforcement requires the native runtime; a non-native runtime adapter ignores the schema and the decider falls back to JSON-decoding the agent's text.

Required option:

  • :agent — a module that uses Condukt (or is a runnable Condukt agent).

Optional options:

  • :api_key / :base_url / :model / :system_prompt — passed to Condukt.run/3, override the agent module's declared values.
  • :output — override the injected decision schema (rarely needed; parse_decision/1 still expects decision/reason).
  • :context_keys — list of context-snapshot keys to render into the prompt. Defaults to [:recent_messages, :request, :metadata].

Loop avoidance

The decider agent's own outbound traffic does NOT route through the gated session's policy. Configure the decider agent with its own :network_policy (or with it unset) so its API calls reach the model provider without going through the same gate they decide on.