Policy-as-Code

Define AI governance rules as code and enforce them consistently across all your agents.

Policy Types

AxonFlow provides two types of policies:

Static Policies (Built-in)

Pre-configured security patterns managed by AxonFlow:

Category	Description	Example
`sql_injection`	Detects SQL injection attempts	`SELECT * FROM; DROP TABLE`
`pii_detection`	Identifies personally identifiable information	SSN, email, phone patterns
`dangerous_queries`	Blocks potentially harmful operations	Mass deletions, schema changes
`admin_access`	Restricts administrative operations	System configuration changes

Static policies are always enabled and cannot be modified.

Dynamic Policies (Custom)

Customer-managed rules created through the API or Customer Portal:

Type	Use Case
`access-control`	Role-based access control
`rate-limit`	Token limits and cost controls
`content`	Filter/modify LLM responses
`pii`	Custom PII detection rules

Policy Structure

All AxonFlow policies use declarative YAML:

apiVersion: axonflow.io/v1
kind: Policy
metadata:
  name: restrict-customer-data
  description: Limit access to customer records
spec:
  type: access-control
  priority: 100
  enabled: true
  rules:
    - action: deny
      conditions:
        resource: "database:customers:*"
        user_role: "not:admin"
      message: "Customer data access requires admin role"

API Endpoints

Static Policies (Agent)

# List all static policies
GET http://localhost:8081/api/v1/static-policies
X-Client-Secret: your-secret

Dynamic Policies (Orchestrator)

# List dynamic policies
GET http://localhost:8082/api/v1/policies

# Create a policy
POST http://localhost:8082/api/v1/policies
Content-Type: application/json

{
  "name": "block-pii-in-responses",
  "type": "content",
  "priority": 100,
  "enabled": true
}

Documentation

Guide	Description
Unified Policies	Policy architecture and concepts
Policy Syntax	Complete YAML syntax reference
Policy Examples	Ready-to-use policy templates
Testing Policies	Test and validate policies

Policy Evaluation

Request → Static Policies → Dynamic Policies → [Pass] → LLM
              ↓                    ↓
           [Block]             [Block/Mask]

Policies are evaluated in priority order. Higher priority policies run first.

Next Steps

Learn the Policy Syntax for writing custom policies
Review Policy Examples for templates
Understand Unified Policies architecture
Set up Testing for your policies

Policy Types​

Static Policies (Built-in)​

Dynamic Policies (Custom)​

Policy Structure​

API Endpoints​

Static Policies (Agent)​

Dynamic Policies (Orchestrator)​

Documentation​

Policy Evaluation​

Next Steps​