Get Policy

curl -X GET "https://api-production-56df.up.railway.app/policies/cust_8f2e4a91-bb3c-4d17-a1e0-6c9f3d5b7e82" \
  -H "X-API-Key: your-api-key"

{
  "customer_id": "cust_8f2e4a91-bb3c-4d17-a1e0-6c9f3d5b7e82",
  "policies": {
    "sensitive_fields": ["ssn", "credit_card", "api_key", "password", "date_of_birth", "bank_account"],
    "allowed_tools": ["read_file", "search_code", "create_pull_request", "list_issues", "send_message"],
    "blocked_actions": ["database:table:drop", "filesystem:file:delete", "cloud:iam:modify", "cloud:secrets:read"],
    "custom_rules": {
      "max_sensitivity_for_batch": {
        "condition": "batch_size > 100 AND target.sensitivity_level >= 3",
        "score_impact": 30,
        "description": "Flag large batch operations on sensitive resources"
      },
      "after_hours_penalty": {
        "condition": "hour(timestamp) < 6 OR hour(timestamp) > 22",
        "score_impact": 15,
        "description": "Elevate risk for actions outside business hours"
      }
    },
    "allowed_action_patterns": ["github:pull_request:*", "slack:message:send", "jira:issue:*"],
    "blocked_action_patterns": ["*:*:delete", "cloud:iam:*", "database:schema:*"],
    "sensitive_classifications": ["PII", "PHI", "financial", "secret", "restricted"]
  },
  "updated_at": "2026-02-26T15:00:00Z"
}

GET

https://api-production-56df.up.railway.app

policies

{customer_id}

curl -X GET "https://api-production-56df.up.railway.app/policies/cust_8f2e4a91-bb3c-4d17-a1e0-6c9f3d5b7e82" \
  -H "X-API-Key: your-api-key"

{
  "customer_id": "cust_8f2e4a91-bb3c-4d17-a1e0-6c9f3d5b7e82",
  "policies": {
    "sensitive_fields": ["ssn", "credit_card", "api_key", "password", "date_of_birth", "bank_account"],
    "allowed_tools": ["read_file", "search_code", "create_pull_request", "list_issues", "send_message"],
    "blocked_actions": ["database:table:drop", "filesystem:file:delete", "cloud:iam:modify", "cloud:secrets:read"],
    "custom_rules": {
      "max_sensitivity_for_batch": {
        "condition": "batch_size > 100 AND target.sensitivity_level >= 3",
        "score_impact": 30,
        "description": "Flag large batch operations on sensitive resources"
      },
      "after_hours_penalty": {
        "condition": "hour(timestamp) < 6 OR hour(timestamp) > 22",
        "score_impact": 15,
        "description": "Elevate risk for actions outside business hours"
      }
    },
    "allowed_action_patterns": ["github:pull_request:*", "slack:message:send", "jira:issue:*"],
    "blocked_action_patterns": ["*:*:delete", "cloud:iam:*", "database:schema:*"],
    "sensitive_classifications": ["PII", "PHI", "financial", "secret", "restricted"]
  },
  "updated_at": "2026-02-26T15:00:00Z"
}

Requires X-API-Key header for authentication.

Path Parameters

customer_id

string

required

UUID of the customer whose policy to retrieve.

Response

customer_id

string

The customer UUID.

policies

object

The complete policy configuration.

Show policies properties

sensitive_fields

array

List of field names treated as sensitive during scoring.

allowed_tools

array

List of MCP tool names that agents are permitted to use.

blocked_actions

array

List of domain:scope:verb action strings that are explicitly prohibited.

custom_rules

object

Custom scoring rules defined by the customer.

allowed_action_patterns

array

Glob patterns for pre-approved actions.

blocked_action_patterns

array

Glob patterns for prohibited actions.

sensitive_classifications

array

Data classification labels that trigger elevated scoring.

updated_at

datetime

ISO 8601 timestamp of the last policy update.

curl -X GET "https://api-production-56df.up.railway.app/policies/cust_8f2e4a91-bb3c-4d17-a1e0-6c9f3d5b7e82" \
  -H "X-API-Key: your-api-key"

{
  "customer_id": "cust_8f2e4a91-bb3c-4d17-a1e0-6c9f3d5b7e82",
  "policies": {
    "sensitive_fields": ["ssn", "credit_card", "api_key", "password", "date_of_birth", "bank_account"],
    "allowed_tools": ["read_file", "search_code", "create_pull_request", "list_issues", "send_message"],
    "blocked_actions": ["database:table:drop", "filesystem:file:delete", "cloud:iam:modify", "cloud:secrets:read"],
    "custom_rules": {
      "max_sensitivity_for_batch": {
        "condition": "batch_size > 100 AND target.sensitivity_level >= 3",
        "score_impact": 30,
        "description": "Flag large batch operations on sensitive resources"
      },
      "after_hours_penalty": {
        "condition": "hour(timestamp) < 6 OR hour(timestamp) > 22",
        "score_impact": 15,
        "description": "Elevate risk for actions outside business hours"
      }
    },
    "allowed_action_patterns": ["github:pull_request:*", "slack:message:send", "jira:issue:*"],
    "blocked_action_patterns": ["*:*:delete", "cloud:iam:*", "database:schema:*"],
    "sensitive_classifications": ["PII", "PHI", "financial", "secret", "restricted"]
  },
  "updated_at": "2026-02-26T15:00:00Z"
}

Create Policy Update Policy

⌘I

API Reference

Endpoints

Path Parameters

Response

API Reference

Endpoints

​Path Parameters

​Response

Path Parameters

Response