> ## Documentation Index
> Fetch the complete documentation index at: https://agentcontrol-abhi-agent-control-auth-contract-docs.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Core concepts behind Agent Control — policies, controls, conditions, selectors, evaluators, and actions.

Understanding these core concepts will help you get the most out of Agent Control. Start with the high-level [architecture](/concepts/architecture) to see how components fit together, then dive into [evaluators](/concepts/evaluators/overview) to understand how checks are implemented.

## Controls

A **[Control](/concepts/controls)** is a single rule that defines what to check and what to do when a condition is met.

```text theme={null}
Control = Scope + Condition + Action
```

Example: "If the output contains an SSN pattern, block the response."

```json theme={null}
{
  "name": "block-ssn-in-output",
  "execution": "server",
  "scope": { "step_types": ["llm"], "stages": ["post"] },
  "condition": {
    "selector": { "path": "output" },
    "evaluator": {
      "name": "regex",
      "config": { "pattern": "\\b\\d{3}-\\d{2}-\\d{4}\\b" }
    }
  },
  "action": { "decision": "deny" }
}
```

Leaf conditions pair a `selector` with an `evaluator`. Composite conditions can use `and`, `or`, and `not` to combine multiple leaf checks.

## Scope

**Scope** defines when a control runs by filtering which steps are evaluated.

Fields:

* `step_types`: Step types to target (e.g., `["tool", "llm"]`). If null, applies to all types.

* `step_names`: Exact step names to target (e.g., `["search_db", "send_email"]`).

* `step_name_regex`: Regex pattern to match step names (e.g., `"^db_.*"`).

* `stages`: When to evaluate — `["pre", "post"]`.

  * `pre`: Check before execution (block bad inputs, prevent prompt injection)

  * `post`: Check after execution (filter bad outputs, redact PII)

Example: apply to all tool steps before execution:

```json theme={null}
{
  "scope": {
    "step_types": ["tool"],
    "stages": ["pre"]
  }
}
```

Example: target specific database operations:

```json theme={null}
{
  "scope": {
    "step_names": ["query_database", "execute_sql", "db_lookup"],
    "stages": ["pre"]
  }
}
```

Example: match multiple steps with regex:

```json theme={null}
{
  "scope": {
    "step_name_regex": "^db_.*",
    "stages": ["pre", "post"]
  }
}
```

## Selectors

A **Selector** defines what data to extract from the payload for evaluation.

| Path              | Description                             | Example Use                |
| ----------------- | --------------------------------------- | -------------------------- |
| `input`           | Step input (tool args or LLM input)     | Check for prompt injection |
| `output`          | Step output                             | Check for PII leakage      |
| `input.query`     | Tool input field                        | Block SQL injection        |
| `name`            | Step name (tool name or model/chain id) | Restrict step usage        |
| `context.user_id` | Context field                           | User-based rules           |
| `*`               | Entire step                             | Full payload analysis      |

Controls can also scope by step type/name/stage:

```json theme={null}
{
  "scope": {
    "step_types": ["tool"],
    "step_names": ["search_database", "execute_sql"],
    "step_name_regex": "^db_.*",
    "stages": ["pre"]
  }
}
```

## Evaluators

An **Evaluator** receives the selected data and checks it against configured rules.

```json theme={null}
{
  "evaluator": {
    "name": "list",
    "config": {
      "values": ["DROP", "DELETE", "TRUNCATE"],
      "case_sensitive": false
    }
  }
}
```

## Actions

An **Action** defines what happens when a control matches.

```json theme={null}
{
  "action": {
    "decision": "deny"
  }
}
```

### Priority Semantics

1. **Deny wins** — if any `deny` control matches, execution is blocked.

2. **Steer second** — if any `steer` control matches (and no deny), steering context is returned.

3. **Observe** — non-blocking observability action that does not affect execution.

## Learn more

* [Architecture](/concepts/architecture)

* [Controls](/concepts/controls)

* [Evaluators](/concepts/evaluators/overview)
