```{contents}
```
## Policy Enforcement

**Policy Enforcement** in LangGraph is the systematic mechanism by which an application **constrains, validates, governs, and controls** the behavior of LLM-driven workflows at **design time** and **runtime**.
It ensures that every decision, tool invocation, data access, and state transition complies with **business rules, safety requirements, security constraints, and regulatory obligations**.

---

### **1. Why Policy Enforcement Is Necessary**

LLM systems are:

* **Non-deterministic**
* **Autonomous**
* **Capable of acting on real systems**

Without policy enforcement, they become unsafe in production.

| Risk                        | Example                        |
| --------------------------- | ------------------------------ |
| Unauthorized tool execution | Deleting cloud resources       |
| Data leakage                | Accessing restricted documents |
| Compliance violation        | Skipping human approval        |
| Runaway behavior            | Infinite autonomous loops      |
| Cost explosion              | Unbounded API calls            |

Policy enforcement transforms LLM workflows into **governable systems**.

---

### **2. Policy Enforcement Architecture in LangGraph**

```
User / Event
     ↓
Input Policies
     ↓
Graph Execution Engine
     ↓
Node-Level Policies
     ↓
Tool-Level Policies
     ↓
State Transition Policies
     ↓
Output Policies
     ↓
Audit & Compliance Layer
```

Policies operate **continuously** throughout execution.

---

### **3. Policy Types**

| Policy Class       | Enforced On                |
| ------------------ | -------------------------- |
| Access Control     | Who can run what           |
| Behavior Control   | What actions are allowed   |
| Data Governance    | What data can be used      |
| Execution Control  | How the graph may run      |
| Safety Control     | What the model may produce |
| Compliance Control | What must be recorded      |

---

### **4. Enforcement Points in LangGraph**

| Stage                  | Enforcement              |
| ---------------------- | ------------------------ |
| Before entry           | Input validation, auth   |
| Before node            | Permission check         |
| Before tool call       | Tool allowlist           |
| Before state update    | Schema + rule validation |
| Before edge transition | Routing constraints      |
| Before output          | Redaction, filtering     |
| After execution        | Audit logging            |

---

### **5. Policy Implementation Patterns**

### **A. Node-Level Enforcement**

```python
def secure_node(state):
    if not state["user_role"] == "admin":
        raise PermissionError("Unauthorized")
    return {"approved": True}
```

---

### **B. Tool-Level Enforcement**

```python
ALLOWED_TOOLS = {"search", "calculator"}

def tool_guard(tool_name):
    if tool_name not in ALLOWED_TOOLS:
        raise Exception("Tool blocked by policy")
```

---

### **C. State Transition Enforcement**

```python
def validate_state(state):
    if state["budget"] > 100:
        raise Exception("Cost limit exceeded")
```

---

### **D. Routing Policy**

```python
def router(state):
    if state["risk_score"] > 0.8:
        return "human_review"
    return "execute"
```

---

### **6. Human-in-the-Loop as Policy Enforcement**

```python
builder.add_node("review", human_review_node)
builder.add_edge("execute", "review")
```

Used for:

* Legal approval
* Financial authorization
* Medical decisions
* Destructive actions

---

### **7. Production-Grade Policy Controls**

| Control             | Purpose                   |
| ------------------- | ------------------------- |
| Max recursion depth | Prevent infinite loops    |
| Timeouts            | Prevent runaway execution |
| Rate limiting       | Prevent abuse             |
| Budget ceilings     | Control cost              |
| RBAC                | Role enforcement          |
| Encryption          | Data protection           |
| Audit logs          | Regulatory compliance     |
| Model restrictions  | Prevent unsafe output     |

```python
graph.invoke(input, config={"recursion_limit": 25, "timeout": 60})
```

---

### **8. Real-World Example — Secure Enterprise Agent**

```
User Request
   ↓
Auth Policy
   ↓
Safety Policy
   ↓
Planner Agent
   ↓
Tool Policy Gate
   ↓
Execution Agent
   ↓
Human Approval (if high risk)
   ↓
Final Response
   ↓
Audit Log
```

---

### **9. Why Policy Enforcement Is a Core Feature of LangGraph**

Without policy enforcement, LangGraph is **just orchestration**.
With policy enforcement, it becomes a **governed AI platform**.

| Property    | Without Policy | With Policy      |
| ----------- | -------------- | ---------------- |
| Safety      | Weak           | Strong           |
| Compliance  | Impossible     | Enforced         |
| Autonomy    | Dangerous      | Controlled       |
| Scalability | Limited        | Enterprise-ready |

---

### **10. Mental Model**

> **Policies are the constitution of your AI system.
> LangGraph is the government that enforces it.**


### Demonstration

In [1]:
from langgraph.graph import StateGraph, END
from typing import TypedDict

# ------------------ STATE SCHEMA ------------------

class State(TypedDict):
    user_role: str
    budget: int
    risk: float
    approved: bool
    result: str

# ------------------ POLICIES ------------------

def access_policy(state):
    if state["user_role"] != "admin":
        raise PermissionError("Access denied")

def budget_policy(state):
    if state["budget"] > 100:
        raise Exception("Budget limit exceeded")

# ------------------ NODES ------------------

def secure_entry(state):
    access_policy(state)
    return {}

def planner(state):
    budget_policy(state)
    return {"result": "plan created"}

def executor(state):
    return {"result": state["result"] + " → executed"}

def human_review(state):
    return {"approved": True}

def final_node(state):
    return {"result": state["result"] + " → completed"}

# ------------------ ROUTING POLICY ------------------

def router(state):
    if state["risk"] > 0.7:
        return "review"
    return "execute"

# ------------------ GRAPH ------------------

builder = StateGraph(State)

builder.add_node("entry", secure_entry)
builder.add_node("plan", planner)
builder.add_node("execute", executor)
builder.add_node("review", human_review)
builder.add_node("final", final_node)

builder.set_entry_point("entry")
builder.add_edge("entry", "plan")

builder.add_conditional_edges("plan", router, {
    "execute": "execute",
    "review": "review"
})

builder.add_edge("execute", "final")
builder.add_edge("review", "final")
builder.add_edge("final", END)

graph = builder.compile()

# ------------------ RUN ------------------

output = graph.invoke(
    {
        "user_role": "admin",
        "budget": 50,
        "risk": 0.9,
        "approved": False,
        "result": ""
    },
    config={"recursion_limit": 10, "timeout": 30}
)

print(output)


{'user_role': 'admin', 'budget': 50, 'risk': 0.9, 'approved': True, 'result': 'plan created → completed'}
