Create a policy rule
Creates a new policy rule. Rules control how agents interact with external services:
- block — reject matching requests outright.
- rate_limit — allow up to N requests per time window. Requires
rateLimitandrateLimitWindow. - manual_approval — hold matching requests for human approval before forwarding.
- allow — explicitly allow matching requests (used to carve exceptions in deny mode or shadow a broader rule).
Authorizations
API key obtained from the dashboard or GET /user/api-key
Body
1 - 255"Block destructive GitHub API calls"
1 - 1000"api.github.com"
block, rate_limit, manual_approval, allow 1000"/repos/*/delete"
GET, POST, PUT, PATCH, DELETE Scope rule to a specific agent (omit for all agents)
Required when action is rate_limit
1 <= x <= 1000000Required when action is rate_limit
minute, hour, day 10Response
Rule created
A policy rule. Custom (user-authored) rules carry their endpoint fields (hostPattern/pathPattern/method); app-permission rules (metadata.source: app_permission) omit them and are identified by metadata.provider + metadata.toolId.
Custom rules only; absent on app-permission rules.
Custom rules only; absent on app-permission rules.
Custom rules only; absent on app-permission rules.
GET, POST, PUT, PATCH, DELETE, null block, rate_limit, manual_approval, allow minute, hour, day, null Project lists include inherited organization rules; use this to tell them apart.
project, organization Set on rules generated by app permissions (source: app_permission, plus provider and toolId). Null for custom rules.