PolicyBench

Leaderboard

All entries are evaluated against the same fixture corpus by the same harness. LLMs are run at Tier 3 (full context: schema + worked examples); purpose-built tools are run via their own API. New entries from any provider are welcome - see Submit your tool for the process.

Compilation tools

Purpose-built natural-language → policy compilers.

Frontier LLMs

The strongest models each provider currently ships.

Cost-tier LLMs

Smaller / cheaper variants of the frontier models, same Tier 3 prompt.

See methodology for definitions of each metric and the source repository for raw verdict data.

What PolicyBench measures

Every entry in the corpus is a natural-language policy statement (e.g. "Reject pods that run as root", "S3 buckets must have versioning enabled", "Only admins can delete production resources") paired with hand-crafted fixtures that exercise its intent.

For each tool, the harness compiles the NL into Rego, runs opa parse, runs opa eval against every fixture, and records both what the tool self-reported and what the harness independently verified. Divergence between the two is itself a measurement.

All compile checks and fixture evaluations use the same OPA binary, the same extraction logic, and the same package/rule discovery - so any tool that emits valid Rego with a recognisable decision rule is evaluated on equal footing.

Reproducibility

The repository at github.com/jbeaven/policybench contains the full evaluator, every runner script, the prompts used for each tier, and the published verdicts. Anyone can clone the repo, populate .env for one runner, and reproduce that runner's numbers.

Test fixtures are private in v1.0 (see methodology). The harness itself is open and reviewers can supply their own fixtures via $PB_FIXTURES_PATH.