diff --git a/packages/core/src/policy/config.test.ts b/packages/core/src/policy/config.test.ts
index a9fae7a1fa..61a8c9036c 100644
--- a/packages/core/src/policy/config.test.ts
+++ b/packages/core/src/policy/config.test.ts
@@ -169,7 +169,7 @@ describe('createPolicyEngineConfig', () => {
         r.decision === PolicyDecision.ALLOW,
     );
     expect(rule).toBeDefined();
-    expect(rule?.priority).toBeCloseTo(3.3, 5); // Command line allow
+    expect(rule?.priority).toBeCloseTo(4.3, 5); // Command line allow
   });
 
   it('should deny tools in tools.exclude', async () => {
@@ -188,7 +188,7 @@ describe('createPolicyEngineConfig', () => {
         r.decision === PolicyDecision.DENY,
     );
     expect(rule).toBeDefined();
-    expect(rule?.priority).toBeCloseTo(3.4, 5); // Command line exclude
+    expect(rule?.priority).toBeCloseTo(4.4, 5); // Command line exclude
   });
 
   it('should allow tools from allowed MCP servers', async () => {
@@ -206,7 +206,7 @@ describe('createPolicyEngineConfig', () => {
         r.toolName === 'my-server__*' && r.decision === PolicyDecision.ALLOW,
     );
     expect(rule).toBeDefined();
-    expect(rule?.priority).toBe(3.1); // MCP allowed server
+    expect(rule?.priority).toBe(4.1); // MCP allowed server
   });
 
   it('should deny tools from excluded MCP servers', async () => {
@@ -224,7 +224,7 @@ describe('createPolicyEngineConfig', () => {
         r.toolName === 'my-server__*' && r.decision === PolicyDecision.DENY,
     );
     expect(rule).toBeDefined();
-    expect(rule?.priority).toBe(3.9); // MCP excluded server
+    expect(rule?.priority).toBe(4.9); // MCP excluded server
   });
 
   it('should allow tools from trusted MCP servers', async () => {
@@ -251,7 +251,7 @@ describe('createPolicyEngineConfig', () => {
         r.decision === PolicyDecision.ALLOW,
     );
     expect(trustedRule).toBeDefined();
-    expect(trustedRule?.priority).toBe(3.2); // MCP trusted server
+    expect(trustedRule?.priority).toBe(4.2); // MCP trusted server
 
     // Untrusted server should not have an allow rule
     const untrustedRule = config.rules?.find(
@@ -288,7 +288,7 @@ describe('createPolicyEngineConfig', () => {
         r.decision === PolicyDecision.ALLOW,
     );
     expect(allowedRule).toBeDefined();
-    expect(allowedRule?.priority).toBe(3.1); // MCP allowed server
+    expect(allowedRule?.priority).toBe(4.1); // MCP allowed server
 
     // Check trusted server
     const trustedRule = config.rules?.find(
@@ -297,7 +297,7 @@ describe('createPolicyEngineConfig', () => {
         r.decision === PolicyDecision.ALLOW,
     );
     expect(trustedRule).toBeDefined();
-    expect(trustedRule?.priority).toBe(3.2); // MCP trusted server
+    expect(trustedRule?.priority).toBe(4.2); // MCP trusted server
 
     // Check excluded server
     const excludedRule = config.rules?.find(
@@ -306,7 +306,7 @@ describe('createPolicyEngineConfig', () => {
         r.decision === PolicyDecision.DENY,
     );
     expect(excludedRule).toBeDefined();
-    expect(excludedRule?.priority).toBe(3.9); // MCP excluded server
+    expect(excludedRule?.priority).toBe(4.9); // MCP excluded server
   });
 
   it('should allow all tools in YOLO mode', async () => {
@@ -387,11 +387,11 @@ describe('createPolicyEngineConfig', () => {
     );
 
     expect(serverDenyRule).toBeDefined();
-    expect(serverDenyRule?.priority).toBe(3.9); // MCP excluded server
+    expect(serverDenyRule?.priority).toBe(4.9); // MCP excluded server
     expect(toolAllowRule).toBeDefined();
-    expect(toolAllowRule?.priority).toBeCloseTo(3.3, 5); // Command line allow
+    expect(toolAllowRule?.priority).toBeCloseTo(4.3, 5); // Command line allow
 
-    // Server deny (3.9) has higher priority than tool allow (3.3),
+    // Server deny (4.9) has higher priority than tool allow (4.3),
     // so server deny wins (this is expected behavior - server-level blocks are security critical)
   });
 
@@ -424,7 +424,7 @@ describe('createPolicyEngineConfig', () => {
 
     expect(serverAllowRule).toBeDefined();
     expect(toolDenyRule).toBeDefined();
-    // Command line exclude (3.4) has higher priority than MCP server trust (3.2)
+    // Command line exclude (4.4) has higher priority than MCP server trust (4.2)
     // This is the correct behavior - specific exclusions should beat general server trust
     expect(toolDenyRule!.priority).toBeGreaterThan(serverAllowRule!.priority!);
   });
@@ -432,16 +432,16 @@ describe('createPolicyEngineConfig', () => {
   it('should handle complex priority scenarios correctly', async () => {
     const settings: PolicySettings = {
       tools: {
-        allowed: ['my-server__tool1', 'other-tool'], // Priority 3.3
-        exclude: ['my-server__tool2', 'glob'], // Priority 3.4
+        allowed: ['my-server__tool1', 'other-tool'], // Priority 4.3
+        exclude: ['my-server__tool2', 'glob'], // Priority 4.4
       },
       mcp: {
-        allowed: ['allowed-server'], // Priority 3.1
-        excluded: ['excluded-server'], // Priority 3.9
+        allowed: ['allowed-server'], // Priority 4.1
+        excluded: ['excluded-server'], // Priority 4.9
       },
       mcpServers: {
         'trusted-server': {
-          trust: true, // Priority 90 -> 3.2
+          trust: true, // Priority 90 -> 4.2
         },
       },
     };
@@ -517,7 +517,7 @@ describe('createPolicyEngineConfig', () => {
     expect(globDenyRule).toBeDefined();
     expect(globAllowRule).toBeDefined();
     // Deny from settings (user tier)
-    expect(globDenyRule!.priority).toBeCloseTo(3.4, 5); // Command line exclude
+    expect(globDenyRule!.priority).toBeCloseTo(4.4, 5); // Command line exclude
     // Allow from default TOML: 1 + 50/1000 = 1.05
     expect(globAllowRule!.priority).toBeCloseTo(1.05, 5);
 
@@ -530,11 +530,11 @@ describe('createPolicyEngineConfig', () => {
       }))
       .sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
 
-    // Check that the highest priority items are the excludes (user tier: 3.4 and 3.9)
+    // Check that the highest priority items are the excludes (user tier: 4.4 and 4.9)
     const highestPriorityExcludes = priorities?.filter(
       (p) =>
-        Math.abs(p.priority! - 3.4) < 0.01 ||
-        Math.abs(p.priority! - 3.9) < 0.01,
+        Math.abs(p.priority! - 4.4) < 0.01 ||
+        Math.abs(p.priority! - 4.9) < 0.01,
     );
     expect(
       highestPriorityExcludes?.every((p) => p.decision === PolicyDecision.DENY),
@@ -626,7 +626,7 @@ describe('createPolicyEngineConfig', () => {
         r.toolName === 'dangerous-tool' && r.decision === PolicyDecision.DENY,
     );
     expect(excludeRule).toBeDefined();
-    expect(excludeRule?.priority).toBeCloseTo(3.4, 5); // Command line exclude
+    expect(excludeRule?.priority).toBeCloseTo(4.4, 5); // Command line exclude
   });
 
   it('should support argsPattern in policy rules', async () => {
@@ -733,8 +733,8 @@ priority = 150
         r.decision === PolicyDecision.ALLOW,
     );
     expect(rule).toBeDefined();
-    // Priority 150 in user tier → 3.150
-    expect(rule?.priority).toBeCloseTo(3.15, 5);
+    // Priority 150 in user tier → 4.150
+    expect(rule?.priority).toBeCloseTo(4.15, 5);
     expect(rule?.argsPattern).toBeInstanceOf(RegExp);
     expect(rule?.argsPattern?.test('{"command":"git status"}')).toBe(true);
     expect(rule?.argsPattern?.test('{"command":"git diff"}')).toBe(true);
diff --git a/packages/core/src/policy/workspace-policy.test.ts b/packages/core/src/policy/workspace-policy.test.ts
index 999dae6f0d..1fc86f74ef 100644
--- a/packages/core/src/policy/workspace-policy.test.ts
+++ b/packages/core/src/policy/workspace-policy.test.ts
@@ -98,21 +98,21 @@ priority = 10
 toolName = "test_tool"
 decision = "deny"
 priority = 10
-`; // Tier 3 -> 3.010
+`; // Tier 4 -> 4.010
       }
       if (path.includes('workspace.toml')) {
         return `[[rule]]
 toolName = "test_tool"
 decision = "allow"
 priority = 10
-`; // Tier 2 -> 2.010
+`; // Tier 3 -> 3.010
       }
       if (path.includes('admin.toml')) {
         return `[[rule]]
 toolName = "test_tool"
 decision = "deny"
 priority = 10
-`; // Tier 4 -> 4.010
+`; // Tier 5 -> 5.010
       }
       return '';
     });
@@ -144,9 +144,9 @@ priority = 10
 
     // Check for all 4 rules
     const defaultRule = rules?.find((r) => r.priority === 1.01);
-    const workspaceRule = rules?.find((r) => r.priority === 2.01);
-    const userRule = rules?.find((r) => r.priority === 3.01);
-    const adminRule = rules?.find((r) => r.priority === 4.01);
+    const workspaceRule = rules?.find((r) => r.priority === 3.01);
+    const userRule = rules?.find((r) => r.priority === 4.01);
+    const adminRule = rules?.find((r) => r.priority === 5.01);
 
     expect(defaultRule).toBeDefined();
     expect(userRule).toBeDefined();
@@ -224,7 +224,7 @@ priority=10`,
     expect(rules![0].priority).toBe(1.01);
   });
 
-  it('should load workspace policies and correctly transform to Tier 2', async () => {
+  it('should load workspace policies and correctly transform to Tier 3', async () => {
     const workspacePoliciesDir = '/mock/workspace/policies';
 
     // Mock FS
@@ -284,7 +284,7 @@ priority=500`,
 
     const rule = config.rules?.find((r) => r.toolName === 'p_tool');
     expect(rule).toBeDefined();
-    // Workspace Tier (2) + 500/1000 = 2.5
-    expect(rule?.priority).toBe(2.5);
+    // Workspace Tier (3) + 500/1000 = 3.5
+    expect(rule?.priority).toBe(3.5);
   });
 });