Skip to content

Aegis

Policy

Policy¶

Policy¶

from aegis import Policy

`Policy.from_yaml(path) -> Policy`¶

Load a policy from a YAML file.

`Policy.from_dict(data) -> Policy`¶

Load a policy from a Python dictionary.

`policy.evaluate(action) -> PolicyDecision`¶

Evaluate a single action against the rules. Returns a PolicyDecision.

PolicyDecision¶

@dataclass(frozen=True)
class PolicyDecision:
    action: Action
    risk_level: RiskLevel
    approval: Approval
    matched_rule: str

Property	Type	Description
`is_allowed`	`bool`	`True` unless the action is blocked

Approval¶

class Approval(StrEnum):
    AUTO = "auto"
    APPROVE = "approve"
    BLOCK = "block"

RiskLevel¶

class RiskLevel(IntEnum):
    LOW = 1
    MEDIUM = 2
    HIGH = 3
    CRITICAL = 4

PolicyRule¶

@dataclass
class PolicyRule:
    match_type: str = "*"        # Glob pattern
    match_target: str = "*"      # Glob pattern
    risk_level: RiskLevel = RiskLevel.MEDIUM
    approval: Approval = Approval.APPROVE
    name: str = ""
    conditions: dict = {}        # Optional conditions

Conditions¶

Rules can include conditions that must all pass for the rule to match:

PolicyRule(
    match_type="update*",
    conditions={"param_gt": {"count": 100}},
    risk_level=RiskLevel.HIGH,
    approval=Approval.APPROVE,
)

See Writing Policies for the full conditions reference.

ExecutionPlan¶

plan = runtime.plan(actions)
plan.summary()          # Human-readable plan
plan.has_blocked        # Any actions blocked?
plan.requires_approval  # Any actions need human approval?
len(plan)               # Number of actions