Policies

Rules that gate agent tool calls — match by tool, operation, data class, body content.

Anatomy of a policy

A policy has a name and one or more rules. Each rule has a match, a condition, an action, and a priority. The first matching rule wins (lowest priority number = evaluated first), but strictness escalates: a DENY rule takes precedence over an ALLOW rule on the same scan.

{
  "name": "Block Slack posts of internal documents",
  "rules": [
    {
      "rule_id": "internal-doc-block",
      "priority": 10,
      "match": {
        "tool_name": "slack",
        "operations": ["post_message"]
      },
      "condition": {
        "body_contains_any": ["internal only", "do not share", "deal #"]
      },
      "action": "DENY"
    }
  ]
}

Available match keys

Key	Type	Example
`tool_name`	string	`"jira"`, `"slack"`, `"salesforce"`, `"hubspot"`
`operations`	string[]	`["create_issue"]`, `["*"]`, `["method:POST"]`, `["category:issues"]`
`verbs`	string[]	`["WRITE", "ADMIN"]`
`org_patterns`	string[]	`["acme/*"]` (GitHub)
`repo_patterns`	string[]	`["my-org/secrets-*"]`
`channel_patterns`	string[]	`["#alerts*"]` (Slack)

Available conditions

Condition	Type	Use case
`is_external_principal`	bool	Catch posts to a personal/external Slack
`has_data_class`	string[]	`["SECRETS"]`, `["PII"]`, `["INTERNAL"]`
`body_contains_any`	string[]	Body has ANY of these substrings (case-insensitive)
`body_contains_all`	string[]	Body has EVERY substring
`new_resource`	bool	First time the agent has touched this resource
`volume_burst`	bool	Sudden spike in calls

Editing in the Console

The Console supports two edit modes:

Form mode — point and click for the common case (one tool + simple condition + action).
Raw JSON mode — full control: multiple rules per policy, body-contains, custom priority, sanitize_fields. Click Edit on a policy → switch to Raw JSON tab.

Policy-as-Code (CI/CD)

Manage policies as YAML/JSON in git. Use @interven/policy-cli to validate, diff, and apply:

npm i -g @interven/policy-cli

interven-policy validate policies/*.yaml
interven-policy diff policies/*.yaml         # show drift vs server
INTERVEN_API_KEY=iv_live_... \
  interven-policy apply policies/*.yaml --env production

Production-grade templates (HIPAA, SOC2, PCI-DSS, GDPR) and the 7 starter packs live at packages/policy-packs/.

Applying via API

POST /v1/policies/apply is an idempotent upsert. Same key auth as /v1/scan:

curl -X POST https://api.intervensecurity.com/v1/policies/apply \
  -H "Authorization: Bearer iv_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "block-secrets-egress",
    "description": "DENY any outbound carrying SECRETS",
    "env_name": "production",
    "rules": [
      {
        "rule_id": "deny-secrets",
        "match": {},
        "condition": { "has_data_class": ["SECRETS"] },
        "action": "DENY",
        "priority": 100
      }
    ]
  }'

The endpoint accepts both the canonical nested shape above AND a legacy flat shape (where match/condition fields are flattened to top level) — flat input is auto-translated.

Default ship-with policies

When you sign up, your tenant gets these starter rules. Edit or disable any of them.

Name	Tool	Action
P3: Deny Slack Secret Egress	slack	DENY when SECRETS detected
P4: Deny Slack Secret Upload	slack	DENY when SECRETS detected
P5: Sanitize Slack PII Egress	slack	SANITIZE PII before posting
P8: Deny Google Drive External Sharing	gdrive	DENY share_file_external
P9: Sanitize Google Drive PII Export	gdrive	SANITIZE on PII export
P1/P2: GitHub external collaborator + PR review	github	DENY / REQUIRE_APPROVAL
P6: Require Approval for IAM User Creation	aws	REQUIRE_APPROVAL
P7: Deny AWS Admin Policy Attachment	aws	DENY

Starter policy packs

In addition to the default tenant policies, Interven ships seven curated YAML policy packs for common use cases. Apply via the policy CLI or the Console.

Pack	Use case
`sre-starter.yaml`	SRE / DevOps agents — destructive ops require approval, prod-tagged resources locked down
`vibe-coder-starter.yaml`	AI coding assistants — block secret commits, gate force-push, scan dependency installs
`hobbyist-starter.yaml`	Solo builders — secret egress + obvious-bad URL blocks; lightweight defaults
`browser-agent-starter.yaml`	Browser Use / Computer Use agents — block card/SSN form submits, threat-intel match on URLs
`enterprise-oem-starter.yaml`	OEM / platform integrators — strict tenant isolation, audit-heavy, opt-in by feature
`healthcare-hipaa.yaml`	HIPAA-aligned — PHI patterns (MRN/NPI/DEA/ICD-10/CPT/MBI/DOB), BAA-friendly defaults
`iso-42001.yaml`	EU AI Act / ISO 42001 alignment — model output classification, human-oversight triggers

Apply via CLI:

npx -y @interven/policy-cli apply \
  --pack sre-starter.yaml \
  --pack healthcare-hipaa.yaml \
  --env production

Source for all packs lives at packages/policy-packs/.

On this page