Policy Templates from Enrichment
Audience: Control authors Time: ~5 min read Prerequisites: A resource that has been enriched.
After you save enrichment, the Resource detail panel surfaces suggested controls — pre-mapped templates that match the metadata you just entered. Clicking one opens the Policy Builder pre-filled with ?template=<id>&resource_id=<n> so you can author the control with the right scaffolding in two clicks.
How the suggestion list is built
The mapping is deterministic and lives in GET /resources/{id}/suggested-controls. Each row in the table below is a rule: when any of the inputs is set, the listed template is suggested.
| Trigger inputs | Suggested template ID | What the template gives you |
|---|---|---|
data_classification ∈ {confidential, restricted} ∨ pii_categories non-empty | EGRESS_PII_MASKING | Mask PII fields on response egress |
compliance_tags ∋ {GDPR, HIPAA, PCI-DSS, SOX} | REGULATED_DATA_EGRESS | Strict outbound controls keyed to compliance frameworks |
resource_kind ∈ {llm_endpoint, agent} ∨ ai_provider set | AI_INGRESS_GUARDRAIL | Block known prompt-injection patterns and untrusted control tokens at ingress |
resource_kind ∈ {llm_endpoint, agent} ∨ ai_provider set | AI_PROMPT_INJECTION_DEFENSE | Stronger pattern-matching rules layered on top of the ingress guardrail |
resource_kind ∈ {llm_endpoint, agent} ∨ ai_provider set | AI_TOKEN_RATE_LIMIT | Per-tenant token spend cap (input + output) |
resource_kind = mcp_server | MCP_TOOL_AUTH | Per-tool authorization for MCP servers |
resource_kind = mcp_server | MCP_DESTRUCTIVE_ACTION_GUARD | Elevated approval for destructive MCP actions |
agent_capabilities ∋ tool_use | AGENT_TOOL_USE_CONSENT | Require user/operator consent before tool calls |
agent_capabilities ∋ code_exec | AGENT_CODE_EXEC_QUARANTINE | Sandbox + audit code execution |
egress_destinations non-empty | EGRESS_ALLOWLIST | Restrict outbound calls to the declared allowlist |
audit_level ∈ {detailed, comprehensive} | DETAILED_AUDIT_TRAIL | Capture full request/response context for compliance |
sla_tier = gold ∨ data_residency ∈ {eu, asia-pacific} | REGIONAL_ACCESS_LOCK | Region-bound enforcement keyed to residency / SLA |
Troubleshooting: Expected a template to surface but it didn't?
curl https://<control-plane>/api/resources/<id>/suggested-controlsand check theenrichment_summaryblock — it shows exactly the inputs the rule engine saw. If a field showsnull, fill it via the Enrich modal.
What the Policy Builder reads from the URL
When you click a suggestion, the URL becomes /policies/new?template=<TEMPLATE_ID>&resource_id=<N>. The Policy Builder reads both query params and:
- Fetches the template's Rego payload from the control templates catalog.
- Pre-selects
<N>as the resource for the new control. - Lands you on the Visual Builder by default — switch to the Code Editor (Rego) tab if you want to customise.
Smart suggestions inside a control
The same enrichment also drives GET /resources/{id}/smart-suggestions — the per-control attribute hints the Visual Builder shows in the right rail. Examples:
pii_categoriesnon-empty → "Mask PII categories" condition referencingdata.resources[input.resource.id].pii_categories[_].agent_capabilities ∋ tool_use ∨ code_exec→ "Gate agent capability" condition.resource_kind = mcp_server→ "Match MCP server kind" condition.ai_providerset → "Bind AI provider in PIP" condition referencingdata.resources[input.resource.id].ai_provider.
Hints reference either input.resource.* (the runtime request shape) or data.resources[input.resource.id].* (the enriched PIP feed) so you can pick the form your team prefers.
Where templates physically live
The shipped control templates catalog carries one folder per template ID with the canonical Rego files. The suggestion mapping above only resolves the id; if a template id surfaces but the catalog doesn't have a matching folder, the Policy Builder falls back to a blank Rego shell — file a request to add the template.