Skip to main content

Policy Enforcement Rule Reference

All rule IDs emitted by PolicyEnforcer across the 6 enforcement categories. Each rule produces a PolicyViolationError (or a warning in override mode) with the listed message pattern.

Network Rules

Enforced by enforceNetwork(domain, protocol).

Rule IDTriggerMessage
network.missingNo permissions.network in policyNetwork permissions not configured
network.disablednetwork.enabled is falseNetwork access is disabled
network.tls_requiredrequire_tls is true and protocol is not httpsTLS is required for network requests
network.blockedDomain matches a blocked_domains patternDomain <domain> is blocked by policy
network.not_allowedDomain does not match any allowed_domains patternDomain <domain> is not in the allowlist

Domain matching rules:

  • "*" matches any domain
  • "*.example.com" matches example.com and all subdomains (e.g. api.example.com, deep.nested.example.com)
  • "api.openai.com" matches exactly that domain

Filesystem Rules

Enforced by enforceFilesystem(path, operation).

Rule IDTriggerMessage
fs.missingNo permissions.filesystem in policyFilesystem permissions not configured
fs.disabledfilesystem.enabled is falseFilesystem access is disabled
fs.blockedPath matches a blocked_paths patternPath <path> is blocked
fs.not_allowedPath does not match any allowed_paths patternPath <path> is not in the allowlist
fs.extFile extension is not in allowed_extensionsExtension <ext> is not allowed

Path matching rules:

  • "/tmp/*" matches /tmp/ and everything under it
  • "/workspace/data.json" matches exactly that path
  • Blocked paths are checked before allowed paths

Tool Rules

Enforced by enforceTool(toolName).

Rule IDTriggerMessage
tool.blockedTool name is in blocked_toolsTool <name> is blocked
tool.not_allowedTool name does not match any allowed_tools entryTool <name> is not in the allowlist

Tool matching patterns:

PatternExampleMatches
Exact name"calculator"Only calculator
Wildcard"file_*"file_read, file_write, file_delete, etc.
Category all"files:*"All tools with the file_ prefix
Category ops"files:[read,write]"file_read and file_write only

Built-in category prefixes:

CategoryPrefixExample tools
filesfile_file_read, file_write, file_delete
directoriesdir_dir_list, dir_create, dir_delete
networkhttp_http_request, http_get
datajson_json_parse, json_query
systemenv_env_get, env_set

If no allowed_tools list is configured, all tools are permitted (unless explicitly blocked).

Model Rules

Enforced by enforceModel(model).

Rule IDTriggerMessage
model.not_allowedModel is not in allowed_modelsModel <model> is not allowed
model.blockedModel is in blocked_modelsModel <model> is blocked

If no allowed_models list is configured, all models are permitted. Blocked models are checked even when no allowlist exists.

API Rules

Enforced by enforceApi(service).

Rule IDTriggerMessage
api.missingNo permissions.api in policyAPI permissions not configured
api.disabledapi.enabled is falseAPI access is disabled
api.not_allowedService is not in allowed_servicesAPI service <service> is not in the allowlist

Rate Limit Rules

Enforced by enforceRateLimit(type, count).

Rule IDTriggerMessage
rate_limit.exceededCount exceeds configured limit within windowRate limit exceeded: <key> (<count>/<limit>)

Configurable limits:

Config KeyWindowType
requests_per_minute60 secondsrequest
requests_per_hour3600 secondsrequest
tokens_per_minute60 secondstoken

Rate limits use sliding windows. Windows are reset when the window duration elapses.

Override Mode

All rules support override (warn-only) mode. When enabled:

  • Violations are logged to console.warn instead of throwing
  • The onViolation callback fires with the rule ID and message
  • Execution continues normally

Enable override mode via:

  • Constructor parameter: new PolicyEnforcer(policy, true)
  • Environment variable: SEKUIRE_POLICY_DEV_OVERRIDE=true

Next Steps