TailraceTailrace
Reference

Policy schema

Shape of a Tailrace policy document - defaults, entities, boundaries, identities, and the published JSON Schema.

A policy document is what you pass to definePolicy / createTailrace({ policy }). Validate JSON configs against the published schema:

https://tailrace.dev/schema/policy.v1.json

Top-level fields

FieldTypeNotes
defaults.actionactionFallback when no entity rule matches
entitiesmap of entity → ruleDefault actions per entity class
boundariesmap of boundary key → { entities }Glob keys like openai/*, mcp:salesforce/*
identitiesmap of agent id → scopePer-agent overrides (same shape as top-level scope)
dangerouslyAllowSecretsbooleanRequired to relax secret classes away from block

Actions

allow · mask · tokenize · block · review (throws NOT_IMPLEMENTED in v0.1) · detokenize (egress keys only)

A rule is either a bare action string or:

{ "action": "tokenize", "format": "preserve", "dangerouslyAllowSecrets": false }

Minimal example

{
  "$schema": "https://tailrace.dev/schema/policy.v1.json",
  "entities": {
    "api_key": "block",
    "email": "tokenize"
  },
  "boundaries": {
    "mcp:salesforce/*": {
      "entities": { "email": "tokenize" }
    }
  }
}

On this page