Policy Management Guide

from trusthub import PolicyRule, PolicySet, PolicyEngine, Role, RoleBinding
from trusthub.constants import PolicyEffect

# Define roles
analyst = Role(name="analyst", capabilities=["search", "read"])
admin = Role(name="admin", capabilities=["*"])

# Create rules
rules = [
    PolicyRule(name="allow_analysts", subject="role:analyst",
              action="search", effect=PolicyEffect.ALLOW, priority=100),
    PolicyRule(name="deny_default", subject="*",
              effect=PolicyEffect.DENY, priority=0),
]

# Create policy set
policy = PolicySet(
    roles={"analyst": analyst, "admin": admin},
    bindings=[RoleBinding(role="analyst", subjects=[agent.did])],
    rules=rules,
)

# Evaluate
engine = PolicyEngine(policy)
decision = engine.evaluate(agent.did, action="search")
print(f"Effect: {decision.effect}")  # ALLOW