Skip to content
Sylo

Policy Enforcement

Policies control which API calls your agents can make. Set per-session when creating a sandbox token.

Default action

Section titled “Default action”
policies: {
  default: "deny",  // block uncredentialed domains
}

Or:

policies: {
  default: "allow",  // allow everything
}

Important: Domains that have credentials are implicitly allowed even with default: "deny". The default only applies to domains without credentials.

How policy evaluation works

Section titled “How policy evaluation works”
  1. Explicit rules checked first — if a rule matches the domain + method + path, it wins
  2. Credential implicit allow — if no rule matched but the domain has a credential, allow it
  3. Default policy — only applies if no rule AND no credential matches

This means most users just need credentials and default: "deny" — no explicit allow rules required.

Rules

Section titled “Rules”

Rules restrict access — limit methods, paths, or block specific patterns on otherwise-allowed domains:

policies: {
  default: "deny",
  rules: [
    // Allow only GET to specific GitHub repos (restricts the implicit allow)
    { domain: "api.github.com", methods: ["GET"], paths: ["/repos/acme/*"] },


    // Allow POST to a specific Stripe endpoint
    { domain: "api.stripe.com", methods: ["POST"], paths: ["/v1/charges"] },
  ],
}

Rules are evaluated in order. The first match wins. If no rule matches, credentials provide an implicit allow.

Rate limiting

Section titled “Rate limiting”

Limit requests per domain:

policies: {
  default: "allow",
  rateLimit: {
    "api.openai.com": "20/min",
    "api.github.com": "100/hour",
  },
}

Rate limits are enforced per-session. When exceeded, requests are blocked with a 429 response.

Shadow mode

Section titled “Shadow mode”

Test policies without enforcing them:

const session = await sylo.createSandboxToken({
  // ...
  shadowMode: true,
});

In shadow mode, policy violations are logged as "would-block" instead of "deny", but the request is allowed through. Useful for testing new policies in production.

Policy webhook

Section titled “Policy webhook”

For complex authorization logic, delegate decisions to your own endpoint:

policies: {
  policyWebhook: "https://your-api.com/authorize",
}

Sylo sends the request details to your webhook and blocks or allows based on the response.