Papers
Topics
Authors
Recent
Search
2000 character limit reached

PolicyBank: Evolving Policy Understanding for LLM Agents

Published 16 Apr 2026 in cs.CL and cs.AI | (2604.15505v1)

Abstract: LLM agents operating under organizational policies must comply with authorization constraints typically specified in natural language. In practice, such specifications inevitably contain ambiguities and logical or semantic gaps that cause the agent's behavior to systematically diverge from the true requirements. We ask: by letting an agent evolve its policy understanding through interaction and corrective feedback from pre-deployment testing, can it autonomously refine its interpretation to close specification gaps? We propose PolicyBank, a memory mechanism that maintains structured, tool-level policy insights and iteratively refines them -- unlike existing memory mechanisms that treat the policy as immutable ground truth, reinforcing "compliant but wrong" behaviors. We also contribute a systematic testbed by extending a popular tool-calling benchmark with controlled policy gaps that isolate alignment failures from execution failures. While existing memory mechanisms achieve near-zero success on policy-gap scenarios, PolicyBank closes up to 82% of the gap toward a human oracle.

Summary

  • The paper introduces PolicyBank, a framework that iteratively refines LLM agents' policy understanding by bridging gaps between written rules and true requirements.
  • It formalizes the specification–requirement gap by distinguishing execution and alignment failures and extends benchmarks to evaluate policy repair techniques.
  • Empirical results show that PolicyBank reduces the policy gap by up to 82% while maintaining high performance and pass@k consistency in dynamic environments.

PolicyBank: Evolving Policy Understanding in LLM Agents

Motivation: Policy Gaps in Tool-Calling LLM Agents

LLM agents are increasingly deployed in production environments where their operation is constrained by organizational policies encoded in natural language (NL). In realistic enterprise or regulatory settings, these rules are inherently ambiguous, incomplete, or contradictory. Existing memory and compliance frameworks assume the written specification is correct, but in practice, LLM agents frequently encounter divergences between policy documents and the implicit requirements of the environment. These discrepancies induce two distinct classes of failure: execution failures (inability to follow even the written rules) and alignment failures (faithful compliance with incorrectly specified policies), the latter arising directly from policy gaps between specification and requirement. Figure 1

Figure 1: Evolving policy understanding—unlike prior agents that treat written specifications as immutable, PolicyBank iteratively refines interpretations in response to trajectory data and feedback, closing specification gaps via continuous adaptation.

Formalization: The Specification–Requirement Gap

PolicyBank formalizes the policy update problem by extending classical access control literature into the domain of LLM tool-calling agents with NL policies. An agent operates under two policy functions: one induced by explicit NL artifacts (specification) and another defined by the true (often unstated or evolving) requirements. The policy gap is the set of state-action pairs on which these functions disagree.

The paper distinguishes:

  • Type I (Execution) failures: Reasoning incapacity results in violation of the written specification.
  • Type II (Alignment) failures: Trace is compliant, but the specification itself encodes the wrong behavior.

Correcting alignment failures necessitates mechanisms that evolve the agent's understanding of policies through observed discrepancies and developer feedback, ultimately reducing the policy gap over time.

Benchmark: Extending Ï„-Bench with Controlled Policy Gaps

Existing tool-agent and compliance benchmarks do not isolate the impact of specification gaps. PolicyBank addresses this by systematically extending τ-Bench to include tasks with annotated divergences between policy documents (specification) and ground truth (requirement). Discrepancies are classified into three structural gap types—ambiguous scope, under-specified exceptions, and logical contradictions. Each identified gap is linked with "sister tasks" that probe generalization and robustness of agent adaptations post-policy update.

This extension enables granular assessment of an agent’s capacity for on-the-fly policy repair, decoupled from core execution difficulty.

PolicyBank Architecture and Memory Design

Structured, Evolving Policy Memory

PolicyBank introduces a structured memory, M\mathcal{M}, where each entry corresponds to a tool-level capability and encapsulates both the initial NL policy fragment and iteratively refined logical preconditions, eligibility constraints, and action descriptions. Crucially, every update records the delta—the minimal modification bridging the gap between prior and newly clarified authorization regimes. Entries both disambiguate NL policy and provide actionable, auditable justifications for tool use.

Agent-Triggered Policy Retrieval (Framework Overview)

LLM agents interface with PolicyBank memory through a retrieval API (retrieve_policy), invoked during multi-turn interactions as emerging user intent exposes latent policy ambiguity. This contrasts with conventional memory schemes that provide static, full-document retrievals, enabling efficiency and minimizing context window overhead. Figure 2

Figure 2: PolicyBank framework—memory initialized from policies and schema, agent-triggered retrieval during execution, post-hoc feedback-based trajectory analysis, and iterative memory refinement.

Feedback-Driven Memory Evolution

Post-task, a dedicated Policy Agent analyzes the full trajectory and developer feedback (both scalar reward and optional NL explanation). It distinguishes whether failure stems from execution or alignment, and then performs one of: adding a new entry, revising an existing one, or omitting changes if no new insight is gained. This iteration biases refinement toward actionable, capability-level rules, efficiently accumulating precise exceptions and clarifications over streaming tasks.

Empirical Results: Closing the Policy Gap

Main Benchmark Findings

On the extended τ-Bench, traditional memory frameworks (e.g., Synapse, AWM, ReasoningBank) exhibit near-zero adaptation on policy-gap scenarios, regardless of retrieval frequency. In contrast, PolicyBank closes up to 82% of the performance gap to a human oracle, maintaining near-optimal accuracy and—critically—high pass@k consistency for production deployment. Figure 3

Figure 3

Figure 3: Pass rate across task families. PolicyBank achieves substantial adaptation and maintains performance across variants designed to isolate alignment errors.

  • Gemini-3-Pro and Claude-4.5-Opus, Airline domain, sister tasks: PolicyBank: $0.74/0.72$ (pass1pass_1), Baselines: ≤0.45\leq 0.45
  • Retail domain: Similar trends are observed with substantial deltas over No Memory and SOTA baselines.

Memory with only binary feedback is insufficient for robust alignment; natural language explanations as part of corrective feedback are vital for deducing which clauses or conditions require update and avoiding oscillation or misgeneralization.

Policy Evolution and Generalization Dynamics

Ablation and trajectory analyses reveal that aligning to evolving requirements is not one-shot but an incremental, evidence-driven process. PolicyBank’s design allows iterative corrections (learning, over-generalization, further partition/refinement) as more edge cases are encountered, unlike static or trajectory-memorization-based schemes. Figure 4

Figure 4: Evolutionary trajectory of a policy entry—an initial over-broad revision is refined by subsequent conflicting cases, converging on the true requirement.

Performance remains robust to task complexity and variant generalization, confirming that the system neither overfits on individual corrections nor regresses under confounding complexity.

Theoretical and Practical Implications

PolicyBank demonstrates that:

  • Agent memory, when explicitly structured and coupled to a principled feedback-driven refinement mechanism, enables autonomous evolution of policy understanding, rather than rote compliance or brittle instruction following.
  • Specification repair is feasible without explicit manual re-editing—effectively, agents automate a core bottleneck in the deployment of trustworthy AI in policy-intensive settings.
  • PolicyBank’s architecture is orthogonal and complementary to runtime guardrails and verification agents (e.g., ShieldAgent (Chen et al., 26 Mar 2025), VeriGuard (Miculicich et al., 3 Oct 2025)), jointly supporting robust, adaptive, and provable compliance.

This work opens avenues for:

  • Scaling testbeds to broader domains, richer policy grammars, and adversarial feedback scenarios,
  • Integrating with formal methods (logic-based or statistical policy auditing (Hooda et al., 2024)) for end-to-end safety and robustness,
  • Extending to continual post-deployment evolution, including dynamic regulatory update adaptation.

Conclusion

PolicyBank advances the study of agent alignment by demonstrating that evolving policy understanding is both measurable and achievable under dynamic, interactive, real-world conditions. The framework not only advances agent robustness in the face of ambiguous or faulty specifications but provides a systemic solution for autonomous policy repair, a critical step for the deployment of safe and compliant LLM agents at scale (2604.15505).

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 7 likes about this paper.