Guides

Policy Cookbook

Common authorization policy patterns.

Policy Cookbook

Read-only Browsing

{ id: 'browse', tool: 'catalog.*', minTrust: 'detected', allowedClasses: [], decision: 'allow' }

Verified Checkout

{ id: 'checkout', tool: 'cart.checkout', minTrust: 'verified', allowedClasses: [], decision: 'allow' }

Linked Account Actions

{ id: 'account', tool: 'account.*', minTrust: 'linked', allowedClasses: [], decision: 'allow' }

Internal Agent Allowlist

{ id: 'internal', tool: 'admin.*', minTrust: 'verified', allowedClasses: ['webmcp'], decision: 'allow' }

Tiered Rate Limits

{ id: 'cart-rate', tool: 'cart.*', minTrust: 'declared', allowedClasses: [], decision: 'allow', rateLimit: { max: 20, windowSeconds: 60 } }

Previous

Tool management

Next

Site memory cookbook

On this page

Policy Cookbook Read-only Browsing Verified Checkout Linked Account Actions Internal Agent Allowlist Tiered Rate Limits