Docs/Policy Language

Policy Language

Define what your AI agents can and cannot do. Policies are the core building block of PermitNetworks — they control spending, scope, rate limits, and conditional access.

Policy Structure

Every policy has a name, one or more rules, and optional conditions. Rules are evaluated in priority order — the first matching rule determines the outcome.

{
  "name": "policy-name",
  "priority": 1,          // Lower = evaluated first
  "agents": ["agent-1"], // Optional: target specific agents
  "rules": [{
    "action": "spend",     // The action to match
    "effect": "allow",     // "allow" or "deny"
    "resource": "funds",   // Optional: target resource
    "conditions": { ... }  // Optional: runtime conditions
  }]
}

Spending Limits

Set hard budget constraints per agent, per transaction, or per time period.

{
  "name": "daily-spend-limit",
  "rules": [{
    "action": "spend",
    "effect": "allow",
    "conditions": {
      "maxAmount": 1000,
      "currency": "USD",
      "period": "daily"
    }
  }]
}

Scope Locking

Restrict agent permissions to specific resources and exclude dangerous operations.

{
  "name": "support-agent-scope",
  "scope": {
    "allow": [
      "read:customers",
      "read:orders",
      "update:shipping"
    ],
    "deny": [
      "delete:*",
      "read:payment-info",
      "export:*"
    ]
  }
}

Rate Limits

Prevent agents from overwhelming downstream services with request caps.

{
  "name": "api-rate-limit",
  "rateLimit": {
    "maxRequests": 100,
    "window": "1m",
    "burstLimit": 20,
    "onExceeded": "deny"
  }
}

Conditional Rules

Apply policies based on runtime context like risk scores, time of day, or request metadata.

{
  "name": "high-risk-block",
  "rules": [{
    "action": "spend",
    "effect": "deny",
    "conditions": {
      "context.risk_score": { "$gte": 0.7 },
      "context.amount": { "$gt": 500 }
    }
  }]
}

Condition Operators

Use these operators in policy conditions to create dynamic rules based on runtime context.

Operator	Description	Example
$eq	Equal to	{ "$eq": 100 }
$gt	Greater than	{ "$gt": 500 }
$lt	Less than	{ "$lt": 0.7 }
$gte	Greater or equal	{ "$gte": 1000 }
$in	In array	{ "$in": ["aws", "gcp"] }
$nin	Not in array	{ "$nin": ["delete", "drop"] }
$exists	Field exists	{ "$exists": true }
$regex	Regex match	{ "$regex": "^prod-" }

Examples →

See policies in real-world scenarios

API Reference →

Manage policies via the REST API