Skip to main content
PUT
https://api-production-56df.up.railway.app
/
policies
/
{customer_id}
curl -X PUT "https://api-production-56df.up.railway.app/policies/cust_8f2e4a91-bb3c-4d17-a1e0-6c9f3d5b7e82" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your-api-key" \
  -d '{
    "sensitive_fields": [
      "ssn",
      "credit_card",
      "api_key",
      "password",
      "date_of_birth",
      "bank_account",
      "passport_number"
    ],
    "allowed_tools": [
      "read_file",
      "search_code",
      "create_pull_request",
      "list_issues",
      "send_message",
      "run_tests"
    ],
    "blocked_actions": [
      "database:table:drop",
      "filesystem:file:delete",
      "cloud:iam:modify",
      "cloud:secrets:read",
      "cloud:billing:modify"
    ],
    "custom_rules": {
      "max_sensitivity_for_batch": {
        "condition": "batch_size > 50 AND target.sensitivity_level >= 3",
        "score_impact": 35,
        "description": "Flag batch operations on sensitive resources (lowered threshold)"
      },
      "after_hours_penalty": {
        "condition": "hour(timestamp) < 6 OR hour(timestamp) > 22",
        "score_impact": 15,
        "description": "Elevate risk for actions outside business hours"
      },
      "unverified_mcp_penalty": {
        "condition": "mcp_context.is_verified == false",
        "score_impact": 25,
        "description": "Penalize actions through unverified MCP servers"
      }
    },
    "allowed_action_patterns": [
      "github:pull_request:*",
      "slack:message:send",
      "jira:issue:*",
      "github:issue:*"
    ],
    "blocked_action_patterns": [
      "*:*:delete",
      "cloud:iam:*",
      "database:schema:*"
    ],
    "sensitive_classifications": [
      "PII",
      "PHI",
      "financial",
      "secret",
      "restricted",
      "confidential"
    ]
  }'

{
  "customer_id": "cust_8f2e4a91-bb3c-4d17-a1e0-6c9f3d5b7e82",
  "policies": {
    "sensitive_fields": ["ssn", "credit_card", "api_key", "password", "date_of_birth", "bank_account", "passport_number"],
    "allowed_tools": ["read_file", "search_code", "create_pull_request", "list_issues", "send_message", "run_tests"],
    "blocked_actions": ["database:table:drop", "filesystem:file:delete", "cloud:iam:modify", "cloud:secrets:read", "cloud:billing:modify"],
    "custom_rules": {
      "max_sensitivity_for_batch": {
        "condition": "batch_size > 50 AND target.sensitivity_level >= 3",
        "score_impact": 35,
        "description": "Flag batch operations on sensitive resources (lowered threshold)"
      },
      "after_hours_penalty": {
        "condition": "hour(timestamp) < 6 OR hour(timestamp) > 22",
        "score_impact": 15,
        "description": "Elevate risk for actions outside business hours"
      },
      "unverified_mcp_penalty": {
        "condition": "mcp_context.is_verified == false",
        "score_impact": 25,
        "description": "Penalize actions through unverified MCP servers"
      }
    },
    "allowed_action_patterns": ["github:pull_request:*", "slack:message:send", "jira:issue:*", "github:issue:*"],
    "blocked_action_patterns": ["*:*:delete", "cloud:iam:*", "database:schema:*"],
    "sensitive_classifications": ["PII", "PHI", "financial", "secret", "restricted", "confidential"]
  },
  "updated_at": "2026-02-26T16:30:00Z"
}
Requires X-API-Key header for authentication.
This is a full replacement operation. Any policy fields you omit from the request body will be reset to their defaults (empty arrays/objects). To partially update a policy, first retrieve the current policy with Get Policy, modify the desired fields, and submit the complete object.

Path Parameters

customer_id
string
required
UUID of the customer whose policy to update.

Request Body

sensitive_fields
array
List of field names that should be treated as sensitive.
allowed_tools
array
List of MCP tool names that agents are permitted to use.
blocked_actions
array
List of domain:scope:verb action strings that are explicitly prohibited.
custom_rules
object
Key-value pairs defining custom scoring rules.
allowed_action_patterns
array
Glob patterns for actions that are pre-approved.
blocked_action_patterns
array
Glob patterns for actions that are prohibited.
sensitive_classifications
array
List of data classification labels that trigger elevated scoring.

Response

customer_id
string
The customer UUID.
policies
object
The updated policy configuration.
updated_at
datetime
ISO 8601 timestamp of the update.
curl -X PUT "https://api-production-56df.up.railway.app/policies/cust_8f2e4a91-bb3c-4d17-a1e0-6c9f3d5b7e82" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your-api-key" \
  -d '{
    "sensitive_fields": [
      "ssn",
      "credit_card",
      "api_key",
      "password",
      "date_of_birth",
      "bank_account",
      "passport_number"
    ],
    "allowed_tools": [
      "read_file",
      "search_code",
      "create_pull_request",
      "list_issues",
      "send_message",
      "run_tests"
    ],
    "blocked_actions": [
      "database:table:drop",
      "filesystem:file:delete",
      "cloud:iam:modify",
      "cloud:secrets:read",
      "cloud:billing:modify"
    ],
    "custom_rules": {
      "max_sensitivity_for_batch": {
        "condition": "batch_size > 50 AND target.sensitivity_level >= 3",
        "score_impact": 35,
        "description": "Flag batch operations on sensitive resources (lowered threshold)"
      },
      "after_hours_penalty": {
        "condition": "hour(timestamp) < 6 OR hour(timestamp) > 22",
        "score_impact": 15,
        "description": "Elevate risk for actions outside business hours"
      },
      "unverified_mcp_penalty": {
        "condition": "mcp_context.is_verified == false",
        "score_impact": 25,
        "description": "Penalize actions through unverified MCP servers"
      }
    },
    "allowed_action_patterns": [
      "github:pull_request:*",
      "slack:message:send",
      "jira:issue:*",
      "github:issue:*"
    ],
    "blocked_action_patterns": [
      "*:*:delete",
      "cloud:iam:*",
      "database:schema:*"
    ],
    "sensitive_classifications": [
      "PII",
      "PHI",
      "financial",
      "secret",
      "restricted",
      "confidential"
    ]
  }'

{
  "customer_id": "cust_8f2e4a91-bb3c-4d17-a1e0-6c9f3d5b7e82",
  "policies": {
    "sensitive_fields": ["ssn", "credit_card", "api_key", "password", "date_of_birth", "bank_account", "passport_number"],
    "allowed_tools": ["read_file", "search_code", "create_pull_request", "list_issues", "send_message", "run_tests"],
    "blocked_actions": ["database:table:drop", "filesystem:file:delete", "cloud:iam:modify", "cloud:secrets:read", "cloud:billing:modify"],
    "custom_rules": {
      "max_sensitivity_for_batch": {
        "condition": "batch_size > 50 AND target.sensitivity_level >= 3",
        "score_impact": 35,
        "description": "Flag batch operations on sensitive resources (lowered threshold)"
      },
      "after_hours_penalty": {
        "condition": "hour(timestamp) < 6 OR hour(timestamp) > 22",
        "score_impact": 15,
        "description": "Elevate risk for actions outside business hours"
      },
      "unverified_mcp_penalty": {
        "condition": "mcp_context.is_verified == false",
        "score_impact": 25,
        "description": "Penalize actions through unverified MCP servers"
      }
    },
    "allowed_action_patterns": ["github:pull_request:*", "slack:message:send", "jira:issue:*", "github:issue:*"],
    "blocked_action_patterns": ["*:*:delete", "cloud:iam:*", "database:schema:*"],
    "sensitive_classifications": ["PII", "PHI", "financial", "secret", "restricted", "confidential"]
  },
  "updated_at": "2026-02-26T16:30:00Z"
}