Policy Engine

The policy engine provides rule-based access control with RBAC, pattern matching on DIDs, actions, and resources.

Rules

Rules match requests by subject (DID pattern), action, and resource, with priorities for conflict resolution.

from trusthub import PolicyRule, PolicySet, PolicyEngine
from trusthub.constants import PolicyEffect

rule = PolicyRule(
    name="allow_search",
    subject="role:analyst",
    action="search",
    resource="*",
    effect=PolicyEffect.ALLOW,
    priority=100,
)

Subject Patterns

• did:trusthub:acme:abc... — Exact DID match
• did:trusthub:acme:* — Org-level wildcard
• role:admin — Role-based match
• entity:agent — Entity type match