Policy Rules
Control what tools Claude can use with allow/deny rules from the chat prompt
Policy Rules
Control what tools Claude can use, right from the chat prompt. Policy rules are evaluated before intent plans. A denied tool stays denied even if it is in the plan.
Commands
| Command | Example |
|---|---|
| Create a rule | Policy new: deny WebFetch |
| List all rules | Policy list |
| View one rule | Policy get policy1 |
| Delete a rule | Policy delete policy1 |
| Clear all rules | Policy reset |
| Modify a rule | Policy update policy1: allow WebFetch |
| Reorder rules | Policy prioritize policy2 1 |
| Show help | Policy help |
How Rules are Evaluated
- Rules evaluate top-to-bottom in the order they appear
- First matching rule wins (deny, allow, or require_approval)
- No match means allow (default-open for local policies)
New rules are added at the top, giving them the highest priority.
Data Classification
ArmorClaude auto-detects sensitive data in tool arguments:
| Class | What it detects |
|---|---|
| PCI | Credit card numbers (Luhn validation), card-related keywords |
| PAYMENT | Payment tool names, banking keywords (IBAN, SWIFT, routing) |
| PHI | Health/medical data (manual policy) |
| PII | Personal data, SSN (manual policy) |
Example: Block Payment Data
Policy new: deny * for payment dataIf Claude tries to write a credit card number to a file, ArmorClaude will detect PCI data, match against the payment policy, and block the tool call.
Agent-Managed Policies
When ArmorClaude blocks a tool, Claude sees the denial and may ask:
"The WebFetch call was blocked by policy1. Would you like me to update the policy to allow it?"
If you say yes, Claude calls the policy_update MCP tool to modify or delete the rule, then retries. This is safe because policy_update is whitelisted (never blocked by intent enforcement) and the policy change is logged.
Where Policies are Stored
Policies persist across sessions in the plugin data directory:
cat ~/.claude/plugins/data/armorclaude-armoriq/policy.jsonThey survive restarts, plugin updates, and re-installs.