AI Control Tower ships with a clean UI for toggling guardrails per skill. That UI scales fine for ten skills. At a hundred skills across five business units, click-ops governance falls apart and your AI policy posture becomes whatever the last admin happened to set.
Treat policy like code
AI policies belong in version control, not in clicked configuration. Define policies as JSON or YAML, store in Git, and apply to instances with a deployment job. The platform exposes the underlying tables — automate against them.
A minimal policy schema
policy_id: pii_redaction_required
description: All skills handling customer data must redact PII before LLM call
applies_to:
skill_tag: customer_data
skill_tag: portal_facing
enforcement: deny_if_missing
required_features:
- pii_redaction_action
- prompt_logging
review_owner: privacy_lead
review_date: 2026-04-28Every policy in this shape can be diffed, code-reviewed, and applied with a deterministic script.
The apply script
var PolicyApplier = Class.create();
PolicyApplier.prototype = {
apply: function(policy) {
var skills = this._matchSkills(policy.applies_to);
skills.forEach(function(sk) {
if (!this._hasFeatures(sk, policy.required_features)) {
if (policy.enforcement == 'deny_if_missing') {
this._disableSkill(sk, policy.policy_id);
}
}
}.bind(this));
},
type: 'PolicyApplier'
};The deployment runs after every release. Drift gets caught at the next apply, not at the next audit.
Categories of policy that pay back
- Data classification — what data classes a skill may see
- Output constraints — JSON schema, length, banned strings
- Tool allowlists — which platform tools a skill may invoke
- Logging — full prompt logging mandatory for skills above a confidence threshold
- Cost ceilings — max tokens per invocation, max invocations per user per day
Run a quarterly policy review
The review_date in each policy is mandatory. The quarterly review confirms each is still appropriate. Expired policies block deploys until renewed. This forces refresh and prevents dead policies from accumulating.
Audit log is the deliverable
Every policy application writes an audit row: policy_id, skill_id, action_taken, before_state, after_state. When the auditor asks “how do you enforce PII redaction?” the answer is “this table.”
What to do this week
Pick one policy you currently enforce manually. Convert it to the schema above and write the apply script. The first one is the hardest. The next ten will be templates of the first.
