Policy Packs
Use policy packs to formalize what is allowed, blocked, or approval-gated for your agent workflows.
bash
curl -X POST https://app.sepurux.dev/api/backend/v1/policy-packs \
-H "Content-Type: application/json" \
-H "X-API-Key: $SEPURUX_API_KEY" \
-H "X-Project-Id: $SEPURUX_PROJECT_ID" \
-d '{
"name": "payments_approval_policy",
"engine": "builtin",
"policy": {
"version": "0.1",
"defaults": { "unknown_tools": "allow" },
"irreversible": {
"tools": ["payments.refund", "wire.transfer"]
},
"approval": {
"token_field": "confirmation_token"
}
}
}'Security Zones
Assign tool zones to control how Sepurux interprets trust boundaries during execution and analysis.
bash
curl -X POST https://app.sepurux.dev/api/backend/v1/tools \
-H "Content-Type: application/json" \
-H "X-API-Key: $SEPURUX_API_KEY" \
-H "X-Project-Id: $SEPURUX_PROJECT_ID" \
-d '{
"name": "payments.refund",
"zone": "untrusted"
}'Rollout Checklist
Use this baseline checklist when moving from pilot policy mode to production enforcement.
- Classify irreversible tools (payments, account deletion, data export).
- Require approval tokens for commit-level actions.
- Assign security zones by risk and trust boundary.
- Review policy and security events in run postmortems.
- Tune defaults before widening policy enforcement.