Browse starter Rego policies with replayable proof.
Clavenar ships a curated catalog of starter Open Policy Agent rules. Each template is a plain Rego file with structured frontmatter: domain, severity, frameworks, tier, tool surface, and purpose. Filter the catalog, preview the rule, replay chaos cases, install with an Admin action, then verify the policy.installed_from_template ledger row.
Search industry, framework, severity, tier, or tool surface before opening the live library.
framework=SOC2
Preview
Read real Rego
Split frontmatter, deny rules, review rules, test input, and expected verdict into copyable tabs.
rego.v1
Replay
Run chaos cases
Replay starter policies against known bad requests before you promote them to enforcement.
policy eval
Verify
Install with evidence
Each template install writes a lifecycle row that can be replayed and chain-verified.
/verify
Filter by industry, framework, severity, or tier.
These are the curated policy families exposed in the marketing catalog. Open a card for the live console library with the matching domain filter already applied.
6 policies. PHI egress gating, breach‑notification channels, prescription renewal review, clinical‑decision‑support override defense. HIPAA + HITRUST + HITECH.
- Severity
- High
- Tier
- Mixed
- Frameworks
- HIPAA HITRUST HITECH
5 policies. Wire‑transfer review, bulk‑money deny, ACH batch volume, vendor‑payment redirect review, account‑freeze lift, treasury thresholds. PCI‑DSS + SOX + OFAC.
- Severity
- Critical
- Tier
- Mixed
- Frameworks
- PCI-DSS SOX OFAC
4 policies. Card‑data storage gating, KYC/AML bypass deny, payout‑route & beneficiary changes, chargeback dispute review. PCI‑DSS + BSA + AML + KYC.
- Severity
- Critical
- Tier
- Deny
- Frameworks
- PCI-DSS BSA AML KYC
4 policies. Trade‑execution deny, pre‑trade compliance override, surveillance‑alert dismiss block, client‑position disclosure. SEC + FINRA + MAR + MiFID‑II.
- Severity
- Critical
- Tier
- Deny
- Frameworks
- SEC FINRA MAR MiFID-II
6 policies. Privileged‑document forwarding, litigation‑hold release deny, e‑discovery bulk export, contract redline external, attorney log preservation. FRCP + attorney‑client‑privilege.
- Severity
- High
- Tier
- Mixed
- Frameworks
- FRCP privilege
6 policies. Package‑install registry allowlist, repo‑scope gating, credentials‑in‑diff deny, force‑push to main, branch‑protection deny, unpinned‑dep review. SOC2 + supply‑chain.
- Severity
- High
- Tier
- Mixed
- Frameworks
- SOC2 supply-chain
6 policies. Infra‑apply prod review, secret‑rotation window, RDS‑snapshot public share, Terraform‑state delete, DNS apex modify, IAM wildcard. SOC2 + ISO‑27001.
- Severity
- Critical
- Tier
- Mixed
- Frameworks
- SOC2 ISO-27001
2 policies. Employee‑data export tiered review (team / dept / all‑employees / SSN‑in‑fields), recruiter‑PII egress. GDPR + CCPA + employment law.
- Severity
- High
- Tier
- Review
- Frameworks
- GDPR CCPA employment
2 policies. PLC safety‑interlock enforcement, OT change‑window gating. IEC‑62443 + NIST‑CSF.
- Severity
- Critical
- Tier
- Deny
- Frameworks
- IEC-62443 NIST-CSF
4 policies. SCADA writes deny, load‑shed and blackout‑initiation hard‑deny, AMI meter bulk export review, regulatory‑filing submit. NERC‑CIP + FERC.
- Severity
- Critical
- Tier
- Mixed
- Frameworks
- NERC-CIP FERC
6 policies. Model‑deploy provenance, dataset egress allowlist, training‑data PII review, inference‑endpoint auth gate, model‑card publish, embedding‑corpus external. NIST‑AI‑RMF.
- Severity
- High
- Tier
- Mixed
- Frameworks
- NIST-AI-RMF
2 policies. Order‑refund tiered limits ($500 review, $5k deny, stale‑order deny), price‑changes egress + off‑hours. PCI‑DSS + consumer protection.
- Severity
- High
- Tier
- Mixed
- Frameworks
- PCI-DSS consumer
6 policies. Classified‑access tiering, FOIA bulk‑export, foreign‑address PII deny, clearance grant / blanket revoke, CUI marking changes. FedRAMP + ITAR + NIST‑CSF.
- Severity
- Critical
- Tier
- Mixed
- Frameworks
- FedRAMP ITAR NIST-CSF
2 policies. Student‑record bulk‑access tiering, FERPA consent‑on‑file enforcement for external email. FERPA.
- Severity
- High
- Tier
- Review
- Frameworks
- FERPA
2 policies. Claim‑approval thresholds ($10k review, $5k fast‑track deny, missing claim_id deny), underwriting PHI bulk export. NAIC + state insurance.
- Severity
- High
- Tier
- Mixed
- Frameworks
- NAIC state-insurance
6 policies. Account‑reset ATO combo‑deny, support velocity review, PII lookup without ticket, 2FA‑skipped unlock, refund without proof, external‑partner handoff. SOC2 + ATO prevention.
- Severity
- High
- Tier
- Mixed
- Frameworks
- SOC2 ATO
2 policies. Brand‑publishing tiered (social, asset, crisis‑reply, competitor disparagement), marketing PII egress with list‑source provenance. GDPR + CAN‑SPAM.
- Severity
- Medium
- Tier
- Review
- Frameworks
- GDPR CAN-SPAM
2 policies. Shipment‑routing fraud detection (in‑flight address change, non‑contracted reroute), customs declaration edit deny + bill‑of‑lading override. C‑TPAT + customs + ITAR + EAR.
- Severity
- High
- Tier
- Mixed
- Frameworks
- C-TPAT customs ITAR EAR
2 policies. SIM swap / number port‑out / lawful‑intercept / E911 address hard‑deny + voicemail‑reset review, CDR bulk egress review. TCPA + CPNI + FCC + E911.
- Severity
- Critical
- Tier
- Mixed
- Frameworks
- TCPA CPNI FCC E911
4 policies. SIEM alert‑mute / detection‑disable deny, forensic evidence preservation, incident‑close severity gating, red‑team simulation against prod. SOC2 + ISO‑27001 + NIST‑CSF.
- Severity
- Critical
- Tier
- Mixed
- Frameworks
- SOC2 ISO-27001 NIST-CSF
No policy families match that filter.
Counts that buyers and auditors can scan.
The hero count is the curated release claim. The matrices below explain how the visible families map to major frameworks, severity, and enforcement posture.
- Deny floors
- 34
- Review gates
- 21
- Mixed deny/review
- 30
- Critical
- 18
- High
- 39
- Medium + low
- 28
- Critical families
- 8
- High families
- 10
- Review-led families
- 3
| Framework cluster | Primary verticals | Common tool surface | Default posture | Proof to inspect |
|---|---|---|---|---|
| HIPAA / HITRUST / HITECH | Healthcare, insurance, support | PHI export, email, clinical override | Mixed: deny missing attestation, review scoped export | policy.evaluated + HIL decision rows |
| PCI-DSS / BSA / AML / KYC | Finance, payments, e-commerce | Money movement, card data, beneficiary changes | Deny hard floors, review thresholded operations | Correlation replay and /verify |
| SOC2 / ISO-27001 / supply chain | Coding, DevOps, cybersecurity, support | Repo writes, package installs, IAM, detection changes | Mixed: block destructive bypasses, review prod changes | Template install row plus policy verdict row |
| FedRAMP / ITAR / NIST-CSF | Government, logistics, energy, manufacturing | CUI, export controls, SCADA, OT change windows | Critical deny for unsafe release paths | Operator identity, reason, and chain hash |
| GDPR / CCPA / FERPA / CAN-SPAM | HR, education, marketing, support | PII export, student record access, list provenance | Review consent paths, deny missing provenance | Frontmatter framework mapping and replay case |
Split the policy into the parts operators actually edit.
The PHI egress starter is a representative template: frontmatter powers catalog filtering, deny rules define hard floors, review rules park risky but valid requests, and test inputs prove the expected verdict.
# Template: phi_egress # Domain: healthcare # Severity: high # Frameworks: HIPAA, HITRUST # Tags: phi, pii, egress, attestation # Tier: mixed # Tool surface: phi_export, send_email # Summary: Deny unattested PHI export; review attested; flag PHI fields in send_email. # Purpose: Gate PHI-bearing exports before agent data leaves the trust boundary.
package clavenar.authz
import rego.v1
phi_field_needles := {"mrn", "dob", "ssn", "dx_code", "icd10", "medication", "patient_name"}
deny contains msg if {
input.tool_type == "phi_export"
not is_object(input.attestation)
msg := "Violation: PHI export requires an attested agent."
}
deny contains msg if {
input.tool_type == "send_email"
some f in input.arguments.fields
some n in phi_field_needles
f == n
msg := sprintf("Violation: PHI field %q detected in send_email payload.", [f])
}
review contains msg if {
input.tool_type == "phi_export"
is_object(input.attestation)
msg := "Review: Attested phi_export - confirm patient scope and downstream recipient before approval."
}
{
"tool_type": "phi_export",
"agent_id": "agent-clinical-summary",
"attestation": {
"spiffe_id": "spiffe://clavenar/prod/agent-clinical-summary"
},
"arguments": {
"patient_count": 42,
"recipient": "billing-review@example.org"
}
}
{
"authorized": false,
"verdict": "review",
"policy": "phi_egress",
"reasoning": [
"Review: Attested phi_export - confirm patient scope and downstream recipient before approval."
],
"correlation_id": "8f1d3a40-7c0e-4d2b-9c9a-3b1d0e6a2c5a"
}
Replay a starter before it blocks production.
Use the source templates as reviewable Rego. Format and test locally, replay known-bad cases, then inspect the ledger after an Admin installs the template.
Clone the templates and pick a starter.
git clone https://github.com/clavenar/clavenar-policy-engine.git cd clavenar-policy-engine export POLICY="policies/templates/healthcare/phi_egress.rego" sed -n '1,80p' "$POLICY"
Format, test, and replay chaos cases.
opa fmt --diff "$POLICY" opa test policies tests clavenarctl policy replay \ --policy "$POLICY" \ --cases chaos/healthcare/phi_egress.jsonl
Inspect install and chain proof.
export CORRELATION_ID="paste-install-correlation-id" curl -s "https://console.clavenar.com/audit/correlation/$CORRELATION_ID" curl -s "https://console.clavenar.com/verify"
Replay should show which chaos cases deny, review, or allow before the policy is active. After install, the audit correlation should include policy.installed_from_template and /verify should return {"valid":true}.
A policy install is a ledger event, not a UI preference.
The install row records the template source, operator identity, reason, and policy hash. Later policy edits do not rewrite this historical install event.
{
"event_type": "policy.installed_from_template",
"template": "healthcare/phi_egress.rego",
"policy_hash": "sha256:4a4f5f2d...",
"operator": "saml:security-admin@example.com",
"reason": "Pilot HIPAA PHI egress starter in observe mode",
"correlation_id": "8f1d3a40-7c0e-4d2b-9c9a-3b1d0e6a2c5a",
"prev_hash": "8a2d...",
"row_hash": "57f9..."
}
- Install
- Admin clicks Install and supplies a reason.
- Ledger
- Chain-v3 row stores template name and policy hash.
- Replay
- Correlation query reconstructs install and first verdict rows.
- Verify
/verifywalks every row hash from genesis to head.
Observe first, tune against real calls, then enforce.
Starter policies are meant to be edited. Land them in shadow, watch would-deny counters and replay results, then promote only the paths that are stable enough to block.
Keep upstream behavior unchanged while the ledger records would_deny and would_review signals.
Adjust allowlists, dollar thresholds, tool names, and frontmatter until replay and live traffic converge.
Turn uncertain side effects into Yellow-tier operator decisions before hard denial.
Only hard-block requests where the side effect is never acceptable for that agent class.
Replay policy edits and inspect ledger deltas whenever a template changes.
Most catalog failures are metadata, authorization, or replay drift.
Debug the template before debugging the agent. A valid Rego file can still fail the catalog if frontmatter is missing, and a successful install can still be invisible if the operator lacks Admin scope.
| Symptom | Likely layer | Fix |
|---|---|---|
| Invalid Rego or format diff | Policy syntax | Run opa fmt --diff and opa test locally before opening a PR or installing a template. |
| Policy does not appear in filters | Frontmatter | Confirm Domain, Severity, Frameworks, Tier, and Tool surface are present and spelled consistently. |
| Framework filter misses a policy | Mapping normalization | Use the canonical label from the catalog, such as PCI-DSS, NIST-CSF, or ISO-27001. |
| Install button is disabled | Operator authorization | Use an Admin-scoped operator session. Library preview is broadly readable; install mutates active policy state. |
| No ledger row after install | Lifecycle write path | Check the install response correlation id, then query /audit/correlation/{id}. Failed installs should not emit active policy rows. |
| Replay case unexpectedly passes | Input shape or threshold | Compare chaos input fields to the rule's input.tool_type and input.arguments paths; update either the fixture or policy threshold. |