Skip to main content
POST
/
rules
Create a policy rule
curl --request POST \
  --url https://api.onecli.sh/v1/rules \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "Block destructive GitHub API calls",
  "hostPattern": "api.github.com",
  "enabled": true,
  "pathPattern": "/repos/*/delete",
  "agentId": "<string>",
  "rateLimit": 500000,
  "conditions": [
    {
      "target": "body",
      "operator": "contains",
      "value": "<string>",
      "key": "<string>"
    }
  ]
}
'
{
  "id": "<string>",
  "name": "<string>",
  "hostPattern": "<string>",
  "pathPattern": "<string>",
  "enabled": true,
  "agentId": "<string>",
  "rateLimit": 123,
  "metadata": {},
  "conditions": [
    {
      "target": "body",
      "operator": "contains",
      "value": "<string>",
      "key": "<string>"
    }
  ],
  "createdAt": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization
string
header
required

API key obtained from the dashboard or GET /user/api-key

Body

application/json
name
string
required
Required string length: 1 - 255
Example:

"Block destructive GitHub API calls"

hostPattern
string
required
Required string length: 1 - 1000
Example:

"api.github.com"

action
enum<string>
required
Available options:
block,
rate_limit,
manual_approval,
allow
enabled
boolean
required
pathPattern
string
Maximum string length: 1000
Example:

"/repos/*/delete"

method
enum<string>
Available options:
GET,
POST,
PUT,
PATCH,
DELETE
agentId
string

Scope rule to a specific agent (omit for all agents)

rateLimit
integer

Required when action is rate_limit

Required range: 1 <= x <= 1000000
rateLimitWindow
enum<string>

Required when action is rate_limit

Available options:
minute,
hour,
day
conditions
object[]
Maximum array length: 10

Response

Rule created

A policy rule. Custom (user-authored) rules carry their endpoint fields (hostPattern/pathPattern/method); app-permission rules (metadata.source: app_permission) omit them and are identified by metadata.provider + metadata.toolId.

id
string
name
string
hostPattern
string

Custom rules only; absent on app-permission rules.

pathPattern
string | null

Custom rules only; absent on app-permission rules.

method
enum<string> | null

Custom rules only; absent on app-permission rules.

Available options:
GET,
POST,
PUT,
PATCH,
DELETE,
null
action
enum<string>
Available options:
block,
rate_limit,
manual_approval,
allow
enabled
boolean
agentId
string | null
rateLimit
integer | null
rateLimitWindow
enum<string> | null
Available options:
minute,
hour,
day,
null
scope
enum<string>

Project lists include inherited organization rules; use this to tell them apart.

Available options:
project,
organization
metadata
object | null

Set on rules generated by app permissions (source: app_permission, plus provider and toolId). Null for custom rules.

conditions
object[]
createdAt
string<date-time>