- The paper introduces PolicyBank, a framework that iteratively refines LLM agents' policy understanding by bridging gaps between written rules and true requirements.
- It formalizes the specification–requirement gap by distinguishing execution and alignment failures and extends benchmarks to evaluate policy repair techniques.
- Empirical results show that PolicyBank reduces the policy gap by up to 82% while maintaining high performance and pass@k consistency in dynamic environments.
PolicyBank: Evolving Policy Understanding in LLM Agents
LLM agents are increasingly deployed in production environments where their operation is constrained by organizational policies encoded in natural language (NL). In realistic enterprise or regulatory settings, these rules are inherently ambiguous, incomplete, or contradictory. Existing memory and compliance frameworks assume the written specification is correct, but in practice, LLM agents frequently encounter divergences between policy documents and the implicit requirements of the environment. These discrepancies induce two distinct classes of failure: execution failures (inability to follow even the written rules) and alignment failures (faithful compliance with incorrectly specified policies), the latter arising directly from policy gaps between specification and requirement.
Figure 1: Evolving policy understanding—unlike prior agents that treat written specifications as immutable, PolicyBank iteratively refines interpretations in response to trajectory data and feedback, closing specification gaps via continuous adaptation.
PolicyBank formalizes the policy update problem by extending classical access control literature into the domain of LLM tool-calling agents with NL policies. An agent operates under two policy functions: one induced by explicit NL artifacts (specification) and another defined by the true (often unstated or evolving) requirements. The policy gap is the set of state-action pairs on which these functions disagree.
The paper distinguishes:
- Type I (Execution) failures: Reasoning incapacity results in violation of the written specification.
- Type II (Alignment) failures: Trace is compliant, but the specification itself encodes the wrong behavior.
Correcting alignment failures necessitates mechanisms that evolve the agent's understanding of policies through observed discrepancies and developer feedback, ultimately reducing the policy gap over time.
Benchmark: Extending Ï„-Bench with Controlled Policy Gaps
Existing tool-agent and compliance benchmarks do not isolate the impact of specification gaps. PolicyBank addresses this by systematically extending τ-Bench to include tasks with annotated divergences between policy documents (specification) and ground truth (requirement). Discrepancies are classified into three structural gap types—ambiguous scope, under-specified exceptions, and logical contradictions. Each identified gap is linked with "sister tasks" that probe generalization and robustness of agent adaptations post-policy update.
This extension enables granular assessment of an agent’s capacity for on-the-fly policy repair, decoupled from core execution difficulty.
PolicyBank Architecture and Memory Design
Structured, Evolving Policy Memory
PolicyBank introduces a structured memory, M, where each entry corresponds to a tool-level capability and encapsulates both the initial NL policy fragment and iteratively refined logical preconditions, eligibility constraints, and action descriptions. Crucially, every update records the delta—the minimal modification bridging the gap between prior and newly clarified authorization regimes. Entries both disambiguate NL policy and provide actionable, auditable justifications for tool use.
Agent-Triggered Policy Retrieval (Framework Overview)
LLM agents interface with PolicyBank memory through a retrieval API (retrieve_policy), invoked during multi-turn interactions as emerging user intent exposes latent policy ambiguity. This contrasts with conventional memory schemes that provide static, full-document retrievals, enabling efficiency and minimizing context window overhead.
Figure 2: PolicyBank framework—memory initialized from policies and schema, agent-triggered retrieval during execution, post-hoc feedback-based trajectory analysis, and iterative memory refinement.
Feedback-Driven Memory Evolution
Post-task, a dedicated Policy Agent analyzes the full trajectory and developer feedback (both scalar reward and optional NL explanation). It distinguishes whether failure stems from execution or alignment, and then performs one of: adding a new entry, revising an existing one, or omitting changes if no new insight is gained. This iteration biases refinement toward actionable, capability-level rules, efficiently accumulating precise exceptions and clarifications over streaming tasks.
Empirical Results: Closing the Policy Gap
Main Benchmark Findings
On the extended τ-Bench, traditional memory frameworks (e.g., Synapse, AWM, ReasoningBank) exhibit near-zero adaptation on policy-gap scenarios, regardless of retrieval frequency. In contrast, PolicyBank closes up to 82% of the performance gap to a human oracle, maintaining near-optimal accuracy and—critically—high pass@k consistency for production deployment.

Figure 3: Pass rate across task families. PolicyBank achieves substantial adaptation and maintains performance across variants designed to isolate alignment errors.
- Gemini-3-Pro and Claude-4.5-Opus, Airline domain, sister tasks: PolicyBank: $0.74/0.72$ (pass1​), Baselines: ≤0.45
- Retail domain: Similar trends are observed with substantial deltas over No Memory and SOTA baselines.
Memory with only binary feedback is insufficient for robust alignment; natural language explanations as part of corrective feedback are vital for deducing which clauses or conditions require update and avoiding oscillation or misgeneralization.
Policy Evolution and Generalization Dynamics
Ablation and trajectory analyses reveal that aligning to evolving requirements is not one-shot but an incremental, evidence-driven process. PolicyBank’s design allows iterative corrections (learning, over-generalization, further partition/refinement) as more edge cases are encountered, unlike static or trajectory-memorization-based schemes.
Figure 4: Evolutionary trajectory of a policy entry—an initial over-broad revision is refined by subsequent conflicting cases, converging on the true requirement.
Performance remains robust to task complexity and variant generalization, confirming that the system neither overfits on individual corrections nor regresses under confounding complexity.
Theoretical and Practical Implications
PolicyBank demonstrates that:
- Agent memory, when explicitly structured and coupled to a principled feedback-driven refinement mechanism, enables autonomous evolution of policy understanding, rather than rote compliance or brittle instruction following.
- Specification repair is feasible without explicit manual re-editing—effectively, agents automate a core bottleneck in the deployment of trustworthy AI in policy-intensive settings.
- PolicyBank’s architecture is orthogonal and complementary to runtime guardrails and verification agents (e.g., ShieldAgent (Chen et al., 26 Mar 2025), VeriGuard (Miculicich et al., 3 Oct 2025)), jointly supporting robust, adaptive, and provable compliance.
This work opens avenues for:
- Scaling testbeds to broader domains, richer policy grammars, and adversarial feedback scenarios,
- Integrating with formal methods (logic-based or statistical policy auditing (Hooda et al., 2024)) for end-to-end safety and robustness,
- Extending to continual post-deployment evolution, including dynamic regulatory update adaptation.
Conclusion
PolicyBank advances the study of agent alignment by demonstrating that evolving policy understanding is both measurable and achievable under dynamic, interactive, real-world conditions. The framework not only advances agent robustness in the face of ambiguous or faulty specifications but provides a systemic solution for autonomous policy repair, a critical step for the deployment of safe and compliant LLM agents at scale (2604.15505).