← Control Deck · Back to essay

Policy Surface

The machine-readable encoding of human judgment.

What it is

The Policy Surface is the boundary layer where human judgment about risk, scope, and acceptable behavior gets encoded into rules the Control Deck can enforce. It's the configuration that tells the system: what's allowed, what's forbidden, and what requires escalation.

Policy isn't enforced by hoping the model follows instructions. It's enforced by the structure around the model.

Why it exists

Models don't have inherent judgment about:

Humans have this judgment. The policy surface captures it in a form that:

What it defines

Module Ownership & Risk Tiers

modules:
  auth/:
    risk: high
    owners: ["security-team"]
    requires_review: true

  docs/:
    risk: low
    owners: ["*"]

Allowed and Forbidden Edges

boundaries:
  forbidden:
    - from: "src/**"
      to: "node_modules/**"
      action: "write"

  allowed:
    - from: "tests/**"
      to: "src/**"
      action: "read"

Blast Radius Limits

limits:
  max_files_per_operation: 5
  max_lines_changed: 200
  max_new_dependencies: 0

Mode Configurations

modes:
  conservative:
    required_gates: ["lint", "typecheck", "tests"]
    allowed_tools: ["read_file", "edit_file", "run_tests"]

  fast_lane:
    required_gates: ["lint"]
    allowed_tools: ["read_file", "edit_file"]

How it feeds other concepts

The policy surface is the source of truth that configures everything else:

ConceptWhat policy provides
ModesWhat's allowed in each mode, which gates required
GatesWhich gates exist, which are required vs optional
Scope & Blast RadiusMaximum allowable changes
Epistemic GuardrailsWhen to escalate vs proceed

The Key Insight

Policy surfaces externalize judgment. Instead of embedding "be careful with auth code" in a prompt and hoping the model complies, you encode it as a rule:

auth/:
  risk: high
  requires_review: true

Now the Control Deck enforces it. The model doesn't need to remember—the structure remembers for it.

Implementation: lexmap.policy.json

In Lex 1.0.0, the policy surface is encoded in lexmap.policy.json. This file defines module boundaries, ownership, and allowed edges—the architectural contracts that runners and tools can depend on.

See also: lex.yaml contracts for workflow-level policy declarations.

Related Concepts

Modes Gates Scope & Blast Radius Epistemic Guardrails Control Deck Overview