Policy Schema
The public policy schema tells CLI clients how a project is allowed to behave. It is intentionally small: enough for local clients to understand telemetry, guardrails, routing intent, and trace boundaries without exposing private deployment internals.
Across cloud deployments, provider secrets remain in the customer environment. Olyx Cloud may retain public or anonymized telemetry according to project policy. For Enterprise private deployments, Olyx Cloud does not store private payloads unless the deployment is explicitly configured to allow that boundary.
Schema Shape
{
"version": "2026-05-27",
"project_id": 123,
"distribution": {},
"runtime_failover": {},
"guardrails": {},
"routing": {},
"telemetry": {}
}Policy snapshots are read-only from the CLI. Change project settings in the dashboard or through authenticated API endpoints.
Reading The Schema In Order
A practical client usually reads policy in this order:
distributionto decide what data can leave the environment.guardrailsto decide what should be blocked, redacted, or alerted.routingto attach tier or intent metadata.telemetryto decide which fields are safe to emit.
Versioning
Policies include a date-based version. Clients should support the versions they were built for and fail closed when a required field has an unknown value.
Recommended client behavior:
| Change type | Client behavior |
|---|---|
| New optional field | Ignore the field. |
| Missing required field | Fail with a configuration error. |
| Unknown enum value | Fail closed and ask the operator to upgrade. |
| New policy version | Continue only if required fields are understood. |
The public schema is intentionally additive. Existing fields should remain stable once published.
Distribution
{
"distribution": {
"distribution_channel": "cli",
"telemetry_mode": "anonymized",
"payload_storage_mode": "cloud_anonymized",
"payload_retained": true,
"replay_execution_mode": "cloud",
"secrets_boundary": "customer_environment",
"cloud_payloads": true,
"local_ref_required": false
}
}| Field | Values | Meaning |
|---|---|---|
distribution_channel | cli | Public clients should use the Olyx CLI route. Private deployment policy packs may use an agent channel. |
telemetry_mode | public, anonymized, customer_managed | What telemetry Olyx Cloud may retain for the project. Private deployments may receive customer_managed. |
payload_storage_mode | cloud_full, cloud_anonymized | Whether payload data is retained fully or anonymized. Private deployments may receive customer_managed. |
payload_retained | boolean | Whether Olyx Cloud expects retained trace payloads. |
replay_execution_mode | cloud, disabled | Whether replay is run by Olyx Cloud or unavailable. Private deployments may receive local replay modes. |
secrets_boundary | customer_environment | Provider secrets stay in the customer environment. |
local_ref_required | boolean | Whether a trace must include an opaque customer-side reference. |
For Enterprise private deployments, customer_managed values indicate that the
private runtime or outbound/on-prem agent owns the payload boundary by default,
with cloud retention enabled only when explicitly configured.
Distribution Decision Matrix
payload_storage_mode | payload_retained | local_ref_required | Client behavior |
|---|---|---|---|
cloud_full | true | false | Trace payloads may be retained by Olyx Cloud. |
cloud_anonymized | true | false | Send only anonymized payloads or anonymized summaries. |
cloud_anonymized | false | true | Send an opaque local reference and avoid raw payloads. |
If the combination is unknown, the client should stop before creating traces.
Example fail-closed decision:
{
"distribution": {
"telemetry_mode": "customer_managed",
"payload_storage_mode": "customer_managed",
"local_ref_required": true
}
}Guardrails
{
"guardrails": {
"max_input_length": 10000,
"pii_threshold": 0.7,
"injection_block": true,
"secret_action": "alert"
}
}| Field | Meaning |
|---|---|
max_input_length | Maximum accepted request input length before the client should reject or truncate. |
pii_threshold | Sensitivity score that triggers PII handling. |
injection_block | Whether prompt-injection findings should block execution. |
secret_action | alert, block, or redact, depending on project policy. |
Secret actions mean:
| Action | Client behavior |
|---|---|
alert | Record the finding and continue if no other check blocks. |
redact | Replace detected values before forwarding or storing payload material. |
block | Stop the request before model execution. |
Guardrail Evaluation Order
Clients should apply lightweight local validation before creating trace work:
- Confirm the input length is less than or equal to
max_input_length. - Run local scrubbing or redaction when available.
- Block prompt-injection patterns if
injection_blockis enabled. - Decide whether detected secrets should block or only alert.
- Create or update the trace with the final policy decision.
Example local policy decision:
{
"policy_decision": {
"allowed": false,
"reason": "input_length_exceeded",
"max_input_length": 10000,
"observed_input_length": 12488
}
}Public clients should include policy outcomes as metadata or structured trace fields, not as raw hidden prompts.
Example allowed-but-flagged decision:
{
"policy_decision": {
"allowed": true,
"reason": "secret_detected_alert_only",
"secret_action": "alert"
}
}Example blocked decision emitted as trace metadata:
{
"metadata": {
"policy_decision": "blocked",
"policy_reason": "secret_detected_blocked",
"secret_action": "block"
}
}Routing
{
"routing": {
"tiers": {
"simple": "economy-model",
"medium": "standard-model",
"complex": "frontier-model"
},
"fallbacks": ["standard-model", "economy-model"]
}
}Routing tiers are project-defined model identifiers. The CLI should pass model intent and trace metadata to Olyx rather than hardcoding provider-specific routing logic.
Routing Tier Semantics
| Tier | Intended use | Example signal |
|---|---|---|
simple | Low-risk, low-complexity work. | Classification, extraction, summarization. |
medium | Default production work. | Support answer, multi-step rewrite. |
complex | High-value or high-ambiguity work. | Reasoning-heavy workflow or escalation. |
Routing identifiers are project-owned names. They do not need to reveal the provider or model vendor.
Example trace metadata for routing:
{
"metadata": {
"routing_tier": "medium",
"feature": "support-response",
"environment": "production"
}
}Clients should not override routing to a provider-specific model unless the project policy explicitly allows it.
Example local interpretation:
{
"metadata": {
"routing_tier": "complex",
"feature": "claims-escalation",
"policy_decision": "allowed"
}
}Telemetry
{
"telemetry": {
"mode": "anonymized",
"allowed_fields": [
"trace_id",
"created_at",
"latency_ms",
"token_count",
"cost",
"status",
"policy_decision"
]
}
}Public telemetry may include normal trace payloads. Anonymized telemetry and customer-managed telemetry should avoid raw prompts, completions, user identifiers, and tool payload bodies.
Allowed Field Semantics
| Field | Meaning |
|---|---|
trace_id | Opaque Olyx trace identifier. |
created_at | Trace creation timestamp. |
latency_ms | End-to-end or model-call latency. |
token_count | Aggregate token usage. |
cost | Aggregate cost for reporting. |
status | Trace or job status. |
policy_decision | Allow, block, alert, or redact outcome. |
When telemetry.mode is anonymized, avoid customer identifiers and payload bodies even if they appear in local application logs.
Recommended anonymized substitutions:
| Sensitive field | Safer replacement |
|---|---|
customer_email | Internal account hash or omit entirely. |
prompt | Local-only storage plus local_ref. |
completion | Outcome label or short safe summary. |
tool_payload | Tool name, status, and count only. |
Example Policy
{
"version": "2026-05-27",
"project_id": 123,
"distribution": {
"distribution_channel": "cli",
"telemetry_mode": "anonymized",
"payload_storage_mode": "cloud_anonymized",
"payload_retained": true,
"replay_execution_mode": "cloud",
"secrets_boundary": "customer_environment",
"cloud_payloads": true,
"local_ref_required": false
},
"guardrails": {
"max_input_length": 10000,
"pii_threshold": 0.7,
"injection_block": true,
"secret_action": "alert"
},
"routing": {
"tiers": {
"simple": "economy-model",
"medium": "standard-model",
"complex": "frontier-model"
},
"fallbacks": ["standard-model", "economy-model"]
}
}Validation Checklist
Before using a policy snapshot, a client should validate:
| Check | Failure behavior |
|---|---|
version exists | Stop and show config error. |
distribution.distribution_channel is cli | Stop if unknown. |
telemetry_mode is supported | Stop if unknown. |
payload_storage_mode is supported | Stop if unknown. |
runtime_failover.fail_closed is boolean when present | If true, stop rather than crossing the configured data boundary. |
guardrails.max_input_length is numeric when present | Ignore invalid optional value or stop if required locally. |
routing.tiers values are strings | Ignore routing override and use project default. |
Client Validation Example
See the Quick Start guide for the assertSupportedPolicy guard function and integration walkthrough. The checklist above maps directly to the checks that function performs.
Minimal Type Shape
type OlyxPolicy = {
version: string;
project_id: number;
distribution: {
distribution_channel: 'cli' | 'agent';
telemetry_mode: 'public' | 'anonymized' | 'customer_managed';
payload_storage_mode: 'cloud_full' | 'cloud_anonymized' | 'customer_managed';
payload_retained: boolean;
replay_execution_mode: 'cloud' | 'disabled' | 'agent_local';
secrets_boundary: 'customer_environment';
cloud_payloads: boolean;
local_ref_required: boolean;
};
runtime_failover?: {
preferred_runtime: 'cloud' | 'edge';
fallback_order: string[];
data_boundary: 'olyx_cloud' | 'customer_environment';
fail_closed: boolean;
cloud_fallback: {
enabled: boolean;
mode: 'cloud-primary' | 'redacted-envelope' | 'redacted-summary-only';
requires_redaction: boolean;
raw_payloads_allowed: boolean;
provider_secrets_allowed: false;
};
edge_fallback: {
enabled: boolean;
targets: string[];
fail_closed: boolean;
};
};
guardrails?: {
max_input_length?: number;
pii_threshold?: number;
injection_block?: boolean;
secret_action?: 'alert' | 'block' | 'redact';
};
routing?: {
tiers?: Record<string, string>;
fallbacks?: string[];
};
telemetry?: {
mode: 'public' | 'anonymized' | 'customer_managed';
allowed_fields?: string[];
};
};What To Read Next
- Quick Start —
assertSupportedPolicyguard and first-trace walkthrough. - Protocol — how a client fetches and caches config at startup.
- Privacy And Security — how telemetry mode and payload boundaries affect data handling.
- Routing — how routing tier fields in policy translate to model selection.