# Policies
Policies define access rules. SolonGate uses default-deny - all calls are blocked unless explicitly allowed.
Policy Structure
json
1{2 "id": "production-policy",3 "name": "Production Security Policy",4 "rules": [5 {6 "id": "allow-file-read",7 "description": "Allow reading files in /data",8 "toolPattern": "file_*",9 "permission": "READ",10 "effect": "ALLOW",11 "minimumTrustLevel": "VERIFIED",12 "priority": 100,13 "pathPatterns": ["/data/**"]14 },15 {16 "id": "deny-shell-exec",17 "description": "Block all shell execution",18 "toolPattern": "shell_*",19 "permission": "EXECUTE",20 "effect": "DENY",21 "minimumTrustLevel": "UNTRUSTED",22 "priority": 5023 }24 ]25}
Trust Levels
UNTRUSTEDUnknown source. Most restrictive.VERIFIEDAuthenticated but limited trust.TRUSTEDFully trusted internal source.API Management
typescript
1// List all policies2const policies = await api.policies.list();34// Get a specific policy5const policy = await api.policies.get('production-policy');67// Create a new policy8const newPolicy = await api.policies.create({9 id: 'my-policy',10 name: 'My Custom Policy',11 rules: [{12 id: 'allow-read',13 toolPattern: '*_read',14 permission: 'READ',15 effect: 'ALLOW',16 minimumTrustLevel: 'VERIFIED',17 priority: 100,18 }],19});2021// Update a policy22const updated = await api.policies.update('my-policy', {23 ...policy,24 rules: [...policy.rules, newRule],25});
Local Policy Evaluation
typescript
1import { PolicyEngine, TrustLevel, Permission } from '@solongate/sdk';23const engine = new PolicyEngine();45// Load policy6engine.loadPolicy({7 id: 'local-policy',8 name: 'Local Policy',9 rules: [10 {11 id: 'allow-read',12 toolPattern: 'file_*',13 permission: 'READ',14 effect: 'ALLOW',15 minimumTrustLevel: 'VERIFIED',16 priority: 100,17 }18 ]19});2021// Evaluate22const decision = engine.evaluate({23 tool: 'file_read',24 arguments: { path: '/data/file.txt' },25 trustLevel: TrustLevel.VERIFIED,26 permission: Permission.READ,27});2829console.log(decision.effect); // 'ALLOW' or 'DENY'