Devenex, Antigravity, Notion, Claude, OpenAI, Salesforce - six vendors launched agent enforcement controls in the past month. Every single one gives you the infrastructure to run agents safely. None of them give you the policy files to define what safe actually means.
That's the gap. And it's starting to hurt.
The Problem Nobody's Solving
Agent enforcement works like this: you define a policy - what the agent can access, what it can modify, what decisions it can make autonomously - and the enforcement layer makes sure the agent stays within those bounds. The vendors ship the enforcement. They don't ship the policy.
So every team writes their own. From scratch. With no shared vocabulary, no standard format, no way to audit across systems. One team defines "read-only database access" one way. Another team defines it differently. Both think they're secure. Neither can prove it.
This is where policy-as-code stops being optional. If agents are running in production - and they are, whether you've formally approved them or not - you need a declarative, version-controlled way to say what they're allowed to do. Not documentation. Not Slack threads. Actual code that enforcement layers can parse.
What a Real Policy File Looks Like
The article walks through a practical example: an agent that processes customer support tickets. The policy file defines three things. First, what data the agent can read - specific tables, specific fields, nothing else. Second, what actions the agent can take - create tickets, update status, assign to humans. Third, what triggers human approval - any action involving payment details, any modification to customer billing.
This isn't theoretical. This is the actual policy a team would need if they deployed this agent tomorrow. And right now, most teams are writing this in prose, hoping the agent "understands" the rules through prompt engineering. That's not enforcement. That's a prayer.
The policy file is YAML. Human-readable, machine-parsable, sits in your repo next to the agent code. When the policy changes, it goes through code review. When something breaks, you can see exactly what permission was granted and when. That's the difference between "we think this is safe" and "we can show you why this is safe".
Why This Matters Now
Six vendors shipped enforcement in one month. That's not coincidence. That's the market saying agent governance is essential infrastructure. But enforcement without policy is like having a lock with no key. The mechanism exists. The control doesn't.
The teams figuring this out first aren't waiting for vendors to solve it. They're writing policy files now, treating them as first-class code, versioning them alongside agent logic. When a vendor finally ships a policy standard - and someone will - those teams will be ready to migrate. The teams still doing agent permissions through documentation will be months behind.
Policy-as-code for AI isn't a nice-to-have anymore. It's the foundation everything else sits on. The enforcement controls are here. The policy files are still missing. That's the work.