Skip to main content
Unbound has four policy types: Cost, Model, Security, and Tool. Each has its own subcommand for type-specific creation. Generic commands (list, get, delete) work across Cost, Model, and Security; Tool policies use a separate policy tool subcommand.

Reference data

Before creating policies, pull the available user groups, models, guardrails, and tool types: 
unbound policy form-data

Generic commands (Cost / Model / Security)

unbound policy list                    # List all policies
unbound policy list --type COST        # Filter by type: COST, MODEL, SECURITY
unbound policy get <id>                # View a policy's full config
unbound policy delete <id>             # Delete a policy
unbound policy effective <id>          # Effective policies for a user or group

Cost policies

Set a monthly spend limit per user group: 
unbound policy cost create \
  --name "Engineering Budget" \
  --monthly-budget 1000 \
  --group engg
See Cost Policies for all configuration options.

Model policies

Control which AI models are available to a group: 
# Allow all models except one:
unbound policy model create \
  --name "No Opus" \
  --all-models \
  --excluded anthropic/claude-3-opus-20240229

# Allow only a specific model:
unbound policy model create \
  --name "GPT-4o only" \
  --model openai/gpt-4o
See Model Policies for all configuration options.

Security policies

Apply guardrails for PII, secrets detection, and model routing: 
# Block requests containing PII:
unbound policy security create \
  --name "Block PII" \
  --sub-type guardrails \
  --guardrail PII:BLOCK

# Redact secrets before they leave the gateway:
unbound policy security create \
  --name "Redact Secrets" \
  --sub-type guardrails \
  --guardrail SECRETS:REDACT
See Security Policies for all configuration options.

Tool policies

Tool policies control shell commands and MCP tool calls. They use a separate backend and are reached via unbound policy tool.

List and inspect

unbound policy tool list
unbound policy tool get <id>
unbound policy tool delete <id>

Discover available targets

unbound policy tool families      # Terminal command families and the fields they accept
unbound policy tool mcp-servers   # Known MCP servers and their available tools

Create a terminal command policy

unbound policy tool create-terminal \
  --name "Block rm -rf" \
  --command-family filesystem \
  --field command='rm -rf*' \
  --action BLOCK \
  --custom-message "Destructive command blocked by policy."

Create an MCP tool policy

# Match by action type (e.g. all write operations on a server):
unbound policy tool create-mcp \
  --name "Audit Linear writes" \
  --mcp-server Linear \
  --mcp-action-type write \
  --action AUDIT

# Match a specific tool:
unbound policy tool create-mcp \
  --name "Block PR creation" \
  --mcp-server GitHub \
  --mcp-tool create_pull_request \
  --action BLOCK
Available actions: BLOCK, WARN, AUDIT, REQUIRE_SLACK_APPROVAL

Update a tool policy

unbound policy tool update <id> --action WARN
Only the fields you provide are changed.
See Tool Policies for the full list of actions, NL rules, and canonical group targeting. All commands support --json for machine-readable output.

Tool Policies

Dashboard reference for actions, NL rules, and Slack approvals

Cost Policies

Dashboard reference for budget limits and spend controls