The Policies API manages governance rules that fire on request or response. See Security Policies for the full condition and action reference.

GET /api/policies

List all policies for the current tenant

Parameters:

Param	Type	Description
`limit`	number	Max results (default 50)
`offset`	number	Pagination offset
`phase`	string	Filter by phase: `request` or `response`
`enabled`	boolean	Filter by enabled status

Response (200):

{
  "data": [
    {
      "id": "policy_abc123",
      "name": "block-injection",
      "phase": "request",
      "condition": {
        "type": "injection_score",
        "threshold": 0.7
      },
      "action": "block",
      "enabled": true,
      "fireCount": 42,
      "createdAt": "2026-01-20T08:00:00Z",
      "updatedAt": "2026-01-20T08:00:00Z"
    }
  ],
  "total": 6,
  "limit": 50,
  "offset": 0
}

import Rivano from '@rivano/sdk';
const rivano = new Rivano({ apiKey: process.env.RIVANO_API_KEY! });

const policies = await rivano.policies.list({ phase: 'request', enabled: true });

curl "https://api.rivano.ai/api/policies?phase=request&enabled=true" \
  -H "Authorization: Bearer rv_api_..."

POST /api/policies

Create a new policy

Request body:

{
  "name": "redact-pii-in-responses",
  "phase": "response",
  "on": "*",
  "condition": {
    "type": "pii_detected",
    "entities": ["email", "phone", "name"]
  },
  "action": "redact",
  "redactionStrategy": "mask",
  "enabled": true
}

Field	Required	Description
`name`	Yes	Unique policy name
`phase`	Yes	`request` or `response`
`condition`	Yes	Condition object (see Policies docs)
`action`	Yes	`block`, `redact`, or `warn`
`on`	No	Agent name or `*` for all agents
`redactionStrategy`	No	Required when `action` is `redact`
`enabled`	No	Default `true`

Response (201):

{
  "data": {
    "id": "policy_xyz789",
    "name": "redact-pii-in-responses",
    "phase": "response",
    "condition": { "type": "pii_detected", "entities": ["email", "phone", "name"] },
    "action": "redact",
    "redactionStrategy": "mask",
    "enabled": true,
    "fireCount": 0,
    "createdAt": "2026-04-04T10:00:00Z",
    "updatedAt": "2026-04-04T10:00:00Z"
  }
}

const policy = await rivano.policies.create({
  name: 'redact-pii-in-responses',
  phase: 'response',
  condition: { type: 'pii_detected', entities: ['email', 'phone', 'name'] },
  action: 'redact',
  redactionStrategy: 'mask',
  enabled: true,
});

curl -X POST https://api.rivano.ai/api/policies \
  -H "Authorization: Bearer rv_api_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "redact-pii-in-responses",
    "phase": "response",
    "condition": { "type": "pii_detected", "entities": ["email", "phone", "name"] },
    "action": "redact",
    "redactionStrategy": "mask",
    "enabled": true
  }'

PUT /api/policies/:id

Update an existing policy

Request body (all fields optional — send only what you want to change):

{
  "enabled": false,
  "condition": {
    "type": "injection_score",
    "threshold": 0.85
  }
}

Response (200): Updated policy object (same shape as POST response).

await rivano.policies.update('policy_abc123', { enabled: false });

curl -X PUT https://api.rivano.ai/api/policies/policy_abc123 \
  -H "Authorization: Bearer rv_api_..." \
  -H "Content-Type: application/json" \
  -d '{"enabled": false}'

DELETE /api/policies/:id

Delete a policy

Response (200):

{ "success": true }

await rivano.policies.delete('policy_abc123');

curl -X DELETE https://api.rivano.ai/api/policies/policy_abc123 \
  -H "Authorization: Bearer rv_api_..."

GET /api/policies/templates

List available policy templates

Response (200):

{
  "data": [
    {
      "id": "foundational",
      "name": "Foundational Policy Pack",
      "description": "Core injection and PII policies for production agents",
      "policyCount": 4
    },
    {
      "id": "hipaa-pii",
      "name": "HIPAA PII Pack",
      "description": "Extended PHI detection for healthcare applications",
      "policyCount": 6
    },
    {
      "id": "financial-pii",
      "name": "Financial PII Pack",
      "description": "Credit card, account number, and routing number detection",
      "policyCount": 3
    }
  ]
}

const templates = await rivano.policies.listTemplates();
templates.data.forEach(t => console.log(t.id, t.policyCount, 'policies'));

curl https://api.rivano.ai/api/policies/templates \
  -H "Authorization: Bearer rv_api_..."

POST /api/policies/templates/apply

Apply a policy template to the tenant

Request body:

{
  "template": "foundational",
  "agentName": "*",
  "enabled": true
}

Field	Required	Description
`template`	Yes	Template ID from the list endpoint
`agentName`	No	Apply to specific agent or `` for all. Default: ``
`enabled`	No	Whether policies are enabled on creation. Default: `true`

Response (201):

{
  "created": 4,
  "policies": [
    { "id": "policy_001", "name": "block-injection" },
    { "id": "policy_002", "name": "redact-pii-responses" },
    { "id": "policy_003", "name": "warn-high-token-requests" },
    { "id": "policy_004", "name": "block-pii-in-requests" }
  ]
}

const result = await rivano.policies.applyTemplate('foundational', {
  agentName: '*',
  enabled: true,
});
console.log(`Applied ${result.created} policies`);

curl -X POST https://api.rivano.ai/api/policies/templates/apply \
  -H "Authorization: Bearer rv_api_..." \
  -H "Content-Type: application/json" \
  -d '{"template": "foundational", "agentName": "*", "enabled": true}'

Security Policies — Condition types and action reference
Agents API — Associate policies with agents
SDK Policies — Typed SDK wrapper
CLI Policies — Manage policies from the terminal

Policies API

Related