Writing policies

Policies are JSON. You can write them by hand, generate them from code, or build them visually in the dashboard. Whichever path, they all compile to the same shape.

Start from a recipe

We ship policy templates for the situations you'll hit first:

• Transaction limits — cap amounts, recipients, frequency.
• Data access control — limit which records an agent can read.
• Approval workflows — pause specific actions for human review.
• Off-hours restrictions — only allow certain actions during business hours.

Test before you ship

Always dry-run a new policy against your real history before enabling it.

In the dashboard: the policy builder shows a live preview — "this policy would have blocked 4 of the last 1,000 actions".

From the CLI:

detecte policies test ./my-policy.json --sample 5000

From the SDK:

const result = await detecte.policies.dryRun({
  policy: { when: ..., decision: "block" },
  sample_size: 5000,
});
console.log(result.would_have_blocked, "/", result.sample_size);

Tips

• Be specific about agents. If a policy applies only to one agent, list it. Empty agents array means "all agents in workspace".
• Use escalate before block. Roll out new policies as escalate for a week, watch the dashboard, then promote to block.
• Layer policies. It's normal to have ten small policies instead of one huge one. The strictest match wins.
• Pair with anomaly detection. Static policies catch what you know about. The anomaly engine catches the rest.