Policy Examples

Common OPA policies for governing agents.

Data Access Control

Prevent standard agents from accessing sensitive PII.

rego

package consonant.authz

default allow = false

allow {
    input.agent.role == "data-processor"
    input.resource.tag == "pii"
}

allow {
    input.resource.tag != "pii"
}

Budget Enforcement

Prevent agents from consuming too many tokens.

rego

package consonant.budget

deny[msg] {
    daily_spend := input.metrics.daily_spend
    limit := 50.00
    daily_spend > limit
    msg = sprintf("Daily spend limit %.2f exceeded", [limit])
}

On This Page

The Problem
The Solution
Implementation