The Problem with Writing Policies in the Dark
You write a governance policy. You deploy it. An agent starts getting blocked on legitimate requests. You roll back, tweak a threshold, redeploy, and wait to see if the next edge case triggers a false positive.
This cycle is slow, stressful, and unnecessary. Governance policies are logic. Logic should be testable before it hits production.
Today we are launching the MeshGuard Policy Playground at meshguard.app/playground, an interactive environment where you can author policies, feed them simulated agent events, and see exactly how they evaluate, all without touching a live environment.
How It Works
The Playground presents a three-panel interface:
Left panel: Policy Editor. Write your policy using MeshGuard's policy syntax. Full autocompletion and inline documentation are built in.
Center panel: Event Simulator. Define the agent events you want to test against. Set the agent identity, action type, target resource, metadata, and context variables.
Right panel: Evaluation Output. See the policy decision in real time: allow, deny, or throttle, along with the full evaluation trace showing which rules matched and why.
Writing and Testing a Policy
Let's walk through a concrete example. Suppose you need a policy that prevents any agent from deleting production database records unless the agent belongs to the data-ops team and the request originates during a scheduled maintenance window.
Start with the policy definition:
name: protect-production-deletes
description: Block production DB deletes outside maintenance windows
rules:
- effect: deny
action: "delete_record"
resource: "db:production:*"
unless:
all:
- agent.labels.team == "data-ops"
- context.maintenance_window == true
In the Event Simulator, create a test event:
{
"agent": {
"id": "ag_92kLmx",
"name": "cleanup-bot",
"labels": { "team": "data-ops" }
},
"action": "delete_record",
"resource": "db:production:orders",
"context": {
"maintenance_window": false
}
}
Click Evaluate. The right panel immediately shows:
Decision: DENY
Matched rule: protect-production-deletes / rule-1
Reason: context.maintenance_window is false (expected true)
Now toggle maintenance_window to true and evaluate again:
Decision: ALLOW
Matched rule: protect-production-deletes / rule-1 (unless conditions satisfied)
You can see exactly which condition caused the deny and confirm the policy behaves correctly before it ever runs in production.
Test Suites
The Playground is not just for one-off experiments. You can save collections of test events as test suites and run them against a policy with a single click. This is especially useful when refining policies over time. Add a new test case for each edge case you discover, and re-run the full suite after every edit.
Test suites can also be exported as JSON and integrated into your CI pipeline using the MeshGuard CLI:
meshguard policy test \
--policy ./policies/protect-production-deletes.yaml \
--suite ./tests/delete-policy-suite.json
No Account Required
You can use the Playground without a MeshGuard account. Open meshguard.app/playground, start writing, and see results instantly. When you are ready to deploy a policy to a live workspace, sign in and push it directly from the Playground interface.
Why This Matters
Governance policies are only as good as their coverage of real-world scenarios. The more you test before deployment, the fewer false positives block legitimate agent work and the fewer false negatives let risky actions slip through. The Playground makes that testing loop instant and frictionless.
Try it now at meshguard.app/playground and see how your policies behave before your agents do.