Human-readable + machine-enforceable policies. Versioning, diff & approvals, auto-tests.
Input/output filters, jailbreak shields, rate & cost limits, tenant isolation.
Signed requests, policy traces, reasoned denials, redaction logs, export to SIEM.