> For the complete documentation index, see [llms.txt](https://docs.maetra.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.maetra.io/govern-api/policies.md).

# Policies

**Policies** decide what happens when a [checkpoint](/govern-api/checkpoints.md) is created: whether they apply to an action, and how it's handled — auto-approve, auto-block, or route to approvers with a quorum and timeout.

Policies are authored in the dashboard. Over the API they are **read-only** — you list the active set so an agent (or your tooling) can see which controls apply.

### List active policies

`GET /v1/policies/active` — requires scope `govern:policies:read`.

{% tabs %}
{% tab title="cURL" %}

```bash
curl "https://api.maetra.io/v1/policies/active" \
  -H "Authorization: Bearer $MAETRA_API_KEY"
```

{% endtab %}

{% tab title="JavaScript" %}

```javascript
const res = await fetch("https://api.maetra.io/v1/policies/active", {
  method: "GET",
  headers: {
    Authorization: `Bearer ${process.env.MAETRA_API_KEY}`,
  },
});
if (!res.ok) throw new Error(`Maetra API ${res.status}`);
const data = await res.json();
console.log(data);
```

{% endtab %}

{% tab title="TypeScript" %}

```typescript
const res = await fetch("https://api.maetra.io/v1/policies/active", {
  method: "GET",
  headers: {
    Authorization: `Bearer ${process.env.MAETRA_API_KEY}`,
  },
});
if (!res.ok) throw new Error(`Maetra API ${res.status}`);
const data = (await res.json());
```

{% endtab %}

{% tab title="Python" %}

```python
import os, requests

res = requests.get(
    "https://api.maetra.io/v1/policies/active",
    headers={"Authorization": f"Bearer {os.environ['MAETRA_API_KEY']}"},
)
res.raise_for_status()
print(res.json())
```

{% endtab %}

{% tab title="Rust" %}

```rust
use serde_json::json;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let key = std::env::var("MAETRA_API_KEY")?;
    let client = reqwest::Client::new();
    let res = client
        .get("https://api.maetra.io/v1/policies/active")
        .bearer_auth(&key)
        .send()
        .await?;
    let data: serde_json::Value = res.json().await?;
    println!("{data:#}");
    Ok(())
}
```

{% endtab %}

{% tab title="C++" %}

```cpp
#include <curl/curl.h>
#include <cstdlib>
#include <string>

int main() {
    CURL* curl = curl_easy_init();
    std::string auth = "Authorization: Bearer " + std::string(std::getenv("MAETRA_API_KEY"));
    struct curl_slist* headers = nullptr;
    headers = curl_slist_append(headers, auth.c_str());
    curl_easy_setopt(curl, CURLOPT_URL, "https://api.maetra.io/v1/policies/active");
    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
    curl_easy_perform(curl);   // response is written to stdout by default
    curl_slist_free_all(headers);
    curl_easy_cleanup(curl);
    return 0;
}
```

{% endtab %}

{% tab title="Java" %}

```java
import java.net.URI;
import java.net.http.*;

var client = HttpClient.newHttpClient();
var request = HttpRequest.newBuilder()
    .uri(URI.create("https://api.maetra.io/v1/policies/active"))
    .header("Authorization", "Bearer " + System.getenv("MAETRA_API_KEY"))
    .method("GET", HttpRequest.BodyPublishers.noBody())
    .build();
var response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
```

{% endtab %}
{% endtabs %}

#### Response

```json
{
  "policies": [
    {
      "id": "pol_2Kd9",
      "name": "High-value transfers",
      "description": "Route transfers over $1,000 to finance.",
      "is_default": false,
      "autonomy_gate": "L3",
      "match_tree": { "all": [ { "field": "action", "eq": "transfer_funds" } ] },
      "on_match": "require_approval",
      "approver_mode": "any",
      "quorum_required": 1,
      "timeout_seconds": 300,
      "on_timeout": "reject",
      "notifications": { "email": true, "slack_channel": true, "slack_dm": false },
      "version": 4,
      "updated_at": "2026-07-01T09:12:00.000Z"
    }
  ]
}
```

| Field                  | Type    | Description                                                          |
| ---------------------- | ------- | -------------------------------------------------------------------- |
| `id`                   | string  | Policy ID. Pass to `policy_ids` on a checkpoint to scope evaluation. |
| `name` / `description` | string  | Human-facing labels.                                                 |
| `is_default`           | boolean | Whether it's a workspace default.                                    |
| `autonomy_gate`        | string  | Autonomy level (`L0`–`L5`) at/above which it engages.                |
| `match_tree`           | object  | Condition tree deciding whether it applies.                          |
| `on_match`             | string  | What to do when it applies (e.g. `require_approval`, `block`).       |
| `approver_mode`        | string  | How approvers are selected (e.g. `any`).                             |
| `quorum_required`      | integer | Approvals needed to pass.                                            |
| `timeout_seconds`      | integer | How long to wait for the quorum.                                     |
| `on_timeout`           | string  | What to do if the timeout elapses (e.g. `reject`).                   |
| `notifications`        | object  | `email`, `slack_channel`, `slack_dm` booleans.                       |
| `version`              | integer | Increments on every edit.                                            |
| `updated_at`           | string  | ISO 8601 timestamp.                                                  |

### Scoping a checkpoint to specific policies

By default a checkpoint is evaluated against **all** applicable active policies. Pass `policy_ids` (or `policy_group_ids`) to restrict it:

```json
{ "action": "transfer_funds", "policy_ids": ["pol_2Kd9"] }
```
