Update a policy profile

Updates a policy profile. Changes hot-reload to active agent sessions.

Authorization

AuthorizationBearer <token>

JWT issued by Better Auth. Verified via JWKS.

In: header

Path Parameters

project_id*string

Unique project identifier (prefixed, e.g. prj_xxx).

policy_id*string

Unique policy profile identifier (prefixed, e.g. pol_xxx).

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Mutable fields of a policy profile (used for create and update).

name*string

Human-readable name for the policy profile.

access_mode?string

read_only blocks all data and schema mutations.

statement_rules?

Per-statement-kind allow/deny lists. Empty allow means all kinds permitted by the access mode.

table_allowlist?array<>

If non-empty, only these relations are reachable.

table_denylist?array<>

Relations explicitly blocked.

masking_rules?array<>

Column masking rules applied to query results.

budget_queries_per_hour?integer

Max queries per rolling hour window. 0 means unlimited.

budget_queries_per_day?integer

Max queries per day window. 0 means unlimited.

max_rows?integer

Max rows returned per query. 0 means unlimited.

statement_timeout_ms?integer

Upstream statement timeout for agent sessions. 0 uses the project default.

row_filters?array<>

Per-relation row filters ANDed into agent reads.

write_mode?string

How writes are handled. normal commits, rollback auto-rolls back, sandbox routes to an ephemeral branch.

approval_mode?string

Which statement classes require human approval before execution.

approval_auto_max_rows?integer

Statements touching at most this many rows are auto-approved. 0 means none.

approval_timeout_seconds?integer

How long a held statement waits for a decision before expiring.

migration_safety?string

Migration safety mode. warn surfaces findings, block refuses unsafe DDL.

egress_bytes_per_day?integer

Per-day egress budget in bytes. 0 means unlimited.

Response Body

`application/json`

curl -X PUT "https://example.com/v1/projects/string/policies/string" \  -H "Content-Type: application/json" \  -d '{    "name": "string"  }'

{  "id": "pol_01h455vb4pex5vsknk084sn02q",  "project_id": "prj_01h455vb4pex5vsknk084sn02q",  "name": "Read-only analytics",  "access_mode": "read_only",  "statement_rules": {    "allow": [      "string"    ],    "deny": [      "string"    ]  },  "table_allowlist": [    "string"  ],  "table_denylist": [    "string"  ],  "masking_rules": [    {      "table": "users",      "column": "email",      "kind": "redact"    }  ],  "budget_queries_per_hour": 0,  "budget_queries_per_day": 0,  "max_rows": 0,  "statement_timeout_ms": 0,  "row_filters": [    {      "table": "orders",      "predicate": "tenant_id = current_setting('pgbeam.tenant')"    }  ],  "write_mode": "normal",  "approval_mode": "off",  "approval_auto_max_rows": 0,  "approval_timeout_seconds": 300,  "migration_safety": "off",  "egress_bytes_per_day": 0,  "created_at": "2019-08-24T14:15:22Z",  "updated_at": "2019-08-24T14:15:22Z"}

{  "error": {    "code": "string",    "message": "string"  }}

{  "error": {    "code": "string",    "message": "string"  }}

{  "error": {    "code": "string",    "message": "string"  }}

{  "error": {    "code": "string",    "message": "string"  }}

{  "error": {    "code": "string",    "message": "string"  }}

Update a policy profile

Authorization

Path Parameters

Request Body

Response Body

200application/json

400application/json

401application/json

403application/json

404application/json

429application/json

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`