Policy evaluate
Evaluate organization policy for a tool name without executing the tool. wrapFetch calls this internally before outbound HTTP.
POST
/v1/aegis/policy/evaluateBearer ingest keyRequest body
| Field | Type | Required | Description |
|---|---|---|---|
organization_id | uuid | Yes | Must match the API key organization |
agent_id | string | Yes | Agent performing the action |
tool_name | string | Yes | Stable tool identifier, e.g. stripe.paymentIntents.create |
payload | object | No | Optional context for conditional rules (amount_usd, etc.) |
json
{
"organization_id": "62a6c75a-41a1-43e2-a01f-87b5ebe374ff",
"agent_id": "agt_e36f62a0e93747679a43a550",
"tool_name": "stripe.paymentIntents.create",
"payload": { "amount_usd": 249, "currency": "USD" }
}Success response (200)
json
{
"decision": "deny",
"policy_id": "pol_…",
"rule_id": "rule_…",
"reason": "matched deny rule for stripe.paymentIntents.create",
"engine": "rules"
}decision is one of: allow, deny, allow_with_obligation. When no active policy exists, default is allow with policy_id: "none".
Errors
| Status | Body |
|---|---|
401 | Invalid ingest API key |
403 | Organization mismatch for API key |
422 | Missing organization_id, agent_id, or tool_name |
cURL
bash
curl -X POST https://api.salanor.com/v1/aegis/policy/evaluate \
-H "Authorization: Bearer $AEGIS_INGEST_API_KEY" \
-H "Content-Type: application/json" \
-d '{"organization_id":"…","agent_id":"…","tool_name":"stripe.paymentIntents.create"}'