PolicyGuard:一种基于对话的子智能体验证器,用于LLM智能体的策略遵循
阅读原文· arxiv.orgPolicyGuard是一种与LLM智能体共享对话视图的子智能体验证器,能在上下文中推理策略并提供下一轮可操作反馈,解决多轮对话需完整上下文、自我推理和对话特定补救的问题。在tau^2-BENCH航空基准上对GPT-5.4、Claude Sonnet 4.6和Gemini 2.5 Pro进行每设置四次试验,PolicyGuard将PASS4分别提升+12.0、+6.0和+12.0个百分点。每次调用分析显示,其实现更高策略违规召回率,而阻塞频率约为参数级守卫的一半。
LLM agents handle user requests on behalf of organizations through tool calls and must follow the company policies stated in their system prompts. Prior work approaches this as a safeguarding problem -- external checks that block non-compliant agent actions. We argue that policy adherence is a broader problem: real workflows unfold across many turns, require explicit user confirmation and prerequisite reads, and hinge on the content of the dialogue rather than on any single argument value. Meeting this bar requires (i) full conversation context, (ii) self-reasoning over the policy and the current dialogue, and (iii) conversation-specific remediation that guides the agent's next turn -- three capabilities that prior safeguard work has often underestimated. We introduce POLICYGUARD, a sub-agent verifier that shares the agent's view of the dialogue, reasons over the policy in context, and provides actionable feedback for the agent's next turn. On tau^2-BENCH airline across three vendors (GPT-5.4, Claude Sonnet 4.6, Gemini 2.5 Pro) with four trials per setting, POLICYGUARD improves PASS4 by +12.0 / +6.0 / +12.0 pp. Per-call analyses show POLICYGUARD achieves higher policy-violation recall while blocking roughly half as often as argument-level guards.