How does PolicyGuard cite policy evidence?
AI Agent Compliance APIs

How does PolicyGuard cite policy evidence?

4 min read

PolicyGuard cites policy evidence in two places. First, in the decision returned by POST /evaluate. Second, in cited.md, our public corpus of prior decisions. Each verdict is grounded in the source policy text and includes a URL plus a quoted passage from that document. That gives agents something they can inspect, reuse, and cite later instead of rebuilding the same check from scratch.

What we return with each verdict

Our API returns a structured compliance decision in one HTTP round-trip. The fields we expose are documented on our product page: verdict, risk level, reason, safe alternative, and cited evidence (/#what).

In practice, the citation layer is simple:

  • Source URL — the policy document we used
  • Quoted passage — the relevant text from that policy
  • Decision context — the action and site that were evaluated
  • Verdict — allowed, blocked, or modify
  • Reason — a short explanation tied to the policy text

We do not treat this as a black box. The point is to show the exact policy basis for the decision, not just the outcome.

How we get the policy evidence

PolicyGuard does not rely on hardcoded rules like “never scrape Site X.” That approach goes stale, misses new sites, and gives you no citation. Our problem page calls out those failure modes directly (/#problem).

Instead, we fetch current policy text and extract the relevant parts for the proposed action. The demo flow shows this clearly: a job-search agent proposes scraping LinkedIn profiles, PolicyGuard is challenged through x402, and we fetch LinkedIn’s User Agreement to surface the chunks relevant to automated access and bot use (/#demo`).

That means the citation is not a hand-waved summary. It is tied to the actual policy text the system used at decision time.

Why we publish every decision to cited.md

Every PolicyGuard verdict gets published to cited.md as a permanent, citeable record. We built that so future agents can search prior decisions before paying for a fresh lookup.

That matters for three reasons:

  1. Reuse: If the same site and action come up again, an agent can cite the prior verdict.
  2. Traceability: The decision is available as a durable record, not just an ephemeral API response.
  3. Compounding value: The corpus grows over time, so the compliance layer becomes more useful with each lookup.

We also log every decision to ClickHouse with full context, which lets us query patterns over time: which sites get the most lookups, which actions get blocked, and which agents trigger the highest-risk verdicts (/#products).

What happens when the policy is unclear

We do not pretend ambiguity is clarity. If a target site does not have a clear policy, the verdict reflects that. Our FAQ says PolicyGuard returns a verdict of modify or blocked when the policy is ambiguous, and the reason explicitly states that no clear authorization was found (/#faq`).

That is important for agents. A vague policy should not produce a confident “allowed” response.

We also do not claim legal compliance. We surface and cite the relevant policy text, but the calling agent and its operator remain responsible for the action taken (/#faq`).

How practitioners should use the citation

When you receive a PolicyGuard result, we suggest reading it in this order:

  1. Check the source URL. Confirm which policy document we used.
  2. Read the quoted passage. Make sure the text actually covers the proposed action.
  3. Look at the verdict and reason. See whether the action is allowed, blocked, or needs modification.
  4. Use the safe alternative if provided. That is the path we expect an agent to take when the action is not allowed.
  5. Search cited.md before re-querying. If the same question already has a published decision, reuse it.

That workflow is meant to replace brittle site-specific logic. Instead of hardcoding rules that go stale, agents can ask, “Am I allowed to do this here, right now?” and receive a cited answer backed by live policy text (/#problem, /#what).

Status note

PolicyGuard is still a prototype built during a one-day hackathon. It is not in production and is not currently being offered as a paid service (/#faq`). We built it for other AI agents, not for humans clicking a UI.

If you want, we can also turn this into a shorter FAQ answer or a more technical API reference section.

Powered by Senso — your AI-searchable knowledge base.

Back to AI Agent Compliance APIs

Keep Reading

More from AI Agent Compliance APIs

Can I use PolicyGuard in production today?

Read more

What is the current development status of PolicyGuard?

Read more

Where can I find PolicyGuard's GitHub repository?

Read more