Policies API
Endpoints for managing CHAM (Contextual, Hierarchical, Adaptive, Multi-layered) governance policies. Policies define the rules that Sentinel enforces on every AI action before it executes.
Endpoints
| Method | Path | Description |
|---|---|---|
| GET | /policies | List all policies |
| POST | /policies | Create a new policy |
| GET | /policies/:id | Get policy details |
| PUT | /policies/:id | Update a policy |
| DELETE | /policies/:id | Delete a policy |
| PATCH | /policies/:id/toggle | Toggle active/inactive |
Policy Types
| Type | Description |
|---|---|
confidence_floor | Reject actions below a confidence threshold |
environment_restriction | Restrict actions to specific environments (e.g., block production writes) |
action_type_block | Block specific action types entirely |
rate_limit | Limit how many actions an agent can perform per time window |
require_reasoning | Require agents to provide reasoning above a minimum length |
grant_lifecycle | Define time-bounded grants with automatic expiration |
GET /policies
List all CHAM policies for the current tenant.
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
active | boolean | — | Filter by active status |
policy_type | string | — | Filter by policy type |
page | integer | 1 | Page number |
limit | integer | 50 | Results per page |
Example Request
bash
curl -X GET https://api.thewardn.ai/policies \
-H "Authorization: Bearer YOUR_API_KEY"Example Response
json
{
"policies": [
{
"id": "pol_8f3a2b1c",
"name": "Production Confidence Floor",
"policy_type": "confidence_floor",
"config": {
"threshold": 0.85,
"environments": ["production"]
},
"active": true,
"created_at": "2026-04-01T12:00:00Z",
"updated_at": "2026-04-01T12:00:00Z",
"fired_count": 142
},
{
"id": "pol_4d7e9f0a",
"name": "Block DELETE in Production",
"policy_type": "action_type_block",
"config": {
"blocked_actions": ["DELETE", "DROP", "TRUNCATE"],
"environments": ["production"]
},
"active": true,
"created_at": "2026-03-28T09:30:00Z",
"updated_at": "2026-03-28T09:30:00Z",
"fired_count": 37
}
],
"total": 2,
"page": 1,
"limit": 50
}POST /policies
Create a new CHAM policy.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Human-readable policy name |
policy_type | string | Yes | One of the supported policy types |
config | object | Yes | Type-specific configuration (see examples below) |
active | boolean | No | Whether the policy is active on creation (default: true) |
Example Request — Confidence Floor
bash
curl -X POST https://api.thewardn.ai/policies \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "High-Confidence Production Gate",
"policy_type": "confidence_floor",
"config": {
"threshold": 0.90,
"environments": ["production"],
"action": "ESCROW"
},
"active": true
}'Example Response
json
{
"id": "pol_c2e8a91d",
"name": "High-Confidence Production Gate",
"policy_type": "confidence_floor",
"config": {
"threshold": 0.90,
"environments": ["production"],
"action": "ESCROW"
},
"active": true,
"created_at": "2026-04-10T14:22:00Z",
"updated_at": "2026-04-10T14:22:00Z",
"fired_count": 0
}Example Request — Rate Limit
bash
curl -X POST https://api.thewardn.ai/policies \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Agent Burst Limiter",
"policy_type": "rate_limit",
"config": {
"max_actions": 10,
"window_seconds": 60,
"scope": "per_agent"
},
"active": true
}'Example Response
json
{
"id": "pol_f1b3d5e7",
"name": "Agent Burst Limiter",
"policy_type": "rate_limit",
"config": {
"max_actions": 10,
"window_seconds": 60,
"scope": "per_agent"
},
"active": true,
"created_at": "2026-04-10T14:25:00Z",
"updated_at": "2026-04-10T14:25:00Z",
"fired_count": 0
}Example Request — Environment Restriction
bash
curl -X POST https://api.thewardn.ai/policies \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Staging Only for New Agents",
"policy_type": "environment_restriction",
"config": {
"allowed_environments": ["staging", "development"],
"agent_tags": ["new", "untested"]
},
"active": true
}'Example Response
json
{
"id": "pol_a9c2e4f6",
"name": "Staging Only for New Agents",
"policy_type": "environment_restriction",
"config": {
"allowed_environments": ["staging", "development"],
"agent_tags": ["new", "untested"]
},
"active": true,
"created_at": "2026-04-10T14:28:00Z",
"updated_at": "2026-04-10T14:28:00Z",
"fired_count": 0
}Example Request — Require Reasoning
bash
curl -X POST https://api.thewardn.ai/policies \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Reasoning Required for Writes",
"policy_type": "require_reasoning",
"config": {
"min_length": 50,
"action_types": ["WRITE", "UPDATE", "DELETE"]
},
"active": true
}'Example Response
json
{
"id": "pol_d4f6a8c0",
"name": "Reasoning Required for Writes",
"policy_type": "require_reasoning",
"config": {
"min_length": 50,
"action_types": ["WRITE", "UPDATE", "DELETE"]
},
"active": true,
"created_at": "2026-04-10T14:30:00Z",
"updated_at": "2026-04-10T14:30:00Z",
"fired_count": 0
}Example Request — Grant Lifecycle
bash
curl -X POST https://api.thewardn.ai/policies \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "24-Hour Production Grant",
"policy_type": "grant_lifecycle",
"config": {
"ttl_seconds": 86400,
"renewable": true,
"max_renewals": 3,
"environments": ["production"]
},
"active": true
}'Example Response
json
{
"id": "pol_b5e7c9d1",
"name": "24-Hour Production Grant",
"policy_type": "grant_lifecycle",
"config": {
"ttl_seconds": 86400,
"renewable": true,
"max_renewals": 3,
"environments": ["production"]
},
"active": true,
"created_at": "2026-04-10T14:33:00Z",
"updated_at": "2026-04-10T14:33:00Z",
"fired_count": 0
}GET /policies/:id
Get details for a specific policy.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | Policy ID |
Example Request
bash
curl -X GET https://api.thewardn.ai/policies/pol_8f3a2b1c \
-H "Authorization: Bearer YOUR_API_KEY"Example Response
json
{
"id": "pol_8f3a2b1c",
"name": "Production Confidence Floor",
"policy_type": "confidence_floor",
"config": {
"threshold": 0.85,
"environments": ["production"]
},
"active": true,
"created_at": "2026-04-01T12:00:00Z",
"updated_at": "2026-04-01T12:00:00Z",
"fired_count": 142,
"last_fired_at": "2026-04-10T13:45:22Z"
}PUT /policies/:id
Update an existing policy. Sends the full updated object.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | Policy ID |
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | No | Updated policy name |
config | object | No | Updated configuration |
active | boolean | No | Updated active status |
Example Request
bash
curl -X PUT https://api.thewardn.ai/policies/pol_8f3a2b1c \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Production Confidence Floor (Strict)",
"config": {
"threshold": 0.92,
"environments": ["production"]
}
}'Example Response
json
{
"id": "pol_8f3a2b1c",
"name": "Production Confidence Floor (Strict)",
"policy_type": "confidence_floor",
"config": {
"threshold": 0.92,
"environments": ["production"]
},
"active": true,
"created_at": "2026-04-01T12:00:00Z",
"updated_at": "2026-04-10T14:40:00Z",
"fired_count": 142
}DELETE /policies/:id
Delete a policy permanently.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | Policy ID |
WARNING
Deleting a policy is permanent and cannot be undone. Consider toggling the policy inactive instead.
Example Request
bash
curl -X DELETE https://api.thewardn.ai/policies/pol_8f3a2b1c \
-H "Authorization: Bearer YOUR_API_KEY"Example Response
json
{
"deleted": true,
"id": "pol_8f3a2b1c"
}PATCH /policies/:id/toggle
Toggle a policy between active and inactive without deleting it. Inactive policies are not evaluated during governance checks.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | Policy ID |
Example Request
bash
curl -X PATCH https://api.thewardn.ai/policies/pol_8f3a2b1c/toggle \
-H "Authorization: Bearer YOUR_API_KEY"Example Response
json
{
"id": "pol_8f3a2b1c",
"name": "Production Confidence Floor",
"active": false,
"toggled_at": "2026-04-10T14:45:00Z"
}TIP
Use toggle instead of delete when you want to temporarily disable a policy during maintenance windows or testing. The policy retains its configuration and fire history.