Policy Library

Ready-to-use Rego policies

Authevo uses Open Policy Agent (OPA) and the Rego language for policy enforcement. Below are production-ready policy templates you can adapt for your agent workflows.

Refund Policy

package authevo.refund

# Default deny
default allow = false

# Refund policy: allow if amount <= threshold
allow if {
  input.action == "refund"
  input.payload.amount <= 100
}

# Provide reason for decision
decision_reason := msg if {
  input.action == "refund"
  input.payload.amount <= 100
  msg := sprintf("Refund of $%v is within threshold ($100)", [input.payload.amount])
}

decision_reason := msg if {
  input.action == "refund"
  input.payload.amount > 100
  msg := sprintf("Refund of $%v exceeds threshold ($100)", [input.payload.amount])
}

Dispute Resolution Policy

package authevo.dispute

default allow = false

# Allow auto-resolution for low-value first-time disputes
allow if {
  input.action == "resolve_dispute"
  input.payload.order_value <= 50
  input.payload.customer_dispute_count == 0
  input.payload.dispute_type == "shipping_delay"
}

# Allow auto-resolution for quality issues with proof
allow if {
  input.action == "resolve_dispute"
  input.payload.order_value <= 100
  input.payload.dispute_type == "quality_issue"
  input.payload.photo_evidence == true
}

# Escalate high-value disputes
escalate if {
  input.payload.order_value > 200
}

# Escalate repeat customers
escalate if {
  input.payload.customer_dispute_count >= 3
}

decision_reason := "Auto-resolved: low-value first-time dispute" if allow
decision_reason := "Escalated: requires human review" if escalate

Escalation Policy

package authevo.escalation

default allow = false
default requires_approval = false

# Approval thresholds by role
approval_limit["agent"] := 100
approval_limit["supervisor"] := 500
approval_limit["manager"] := 5000
approval_limit["director"] := 50000

# Allow if within role's limit
allow if {
  limit := approval_limit[input.approver_role]
  input.payload.amount <= limit
}

# Flag actions beyond any role's limit
requires_approval if {
  input.payload.amount > 50000
}

# Track approval chain
approval_chain := chain if {
  chain := [approval | 
    approval := {
      "role": input.approvers[i].role,
      "approved_at": input.approvers[i].timestamp,
      "amount": input.payload.amount
    }
  ]
}

decision_reason := sprintf("Approved by %s (limit: $%v)", [input.approver_role, approval_limit[input.approver_role]]) if allow
decision_reason := "Requires board approval" if requires_approval

Rate Limiting Policy

package authevo.ratelimit

default allow = false

# Rate limits by action type (per minute)
rate_limits := {
  "refund": 10,
  "transfer": 5,
  "query": 100,
  "default": 30
}

# Get limit for action type
limit := rate_limits[input.action] if rate_limits[input.action]
limit := rate_limits["default"] if not rate_limits[input.action]

# Allow if under rate limit
allow if {
  input.recent_action_count < limit
}

# Daily volume caps
daily_limit := 1000

allow if {
  input.recent_action_count < limit
  input.daily_action_count < daily_limit
}

decision_reason := sprintf("Allowed: %v/%v actions this minute", [input.recent_action_count, limit]) if allow
decision_reason := sprintf("Rate limit exceeded: %v/%v actions", [input.recent_action_count, limit]) if not allow

Using These Policies

1. Copy the policy code into a .rego file in your policies/ directory
2. Register the policy with the API when deploying your agent
3. The policy will be evaluated on every action execution
4. Decision reasons are logged for audit purposes

Testing Policies Locally

# Test with OPA CLI
opa eval -i input.json -d policies/ "data.authevo.refund.allow"

# Run unit tests
opa test policies/ -v

Need a Custom Policy?

Contact us to discuss your specific compliance and governance requirements. We can help design policies for your unique agent workflows.