Policies

curl -X GET "https://api.trusec.io/v1/policies" \
  -H "Authorization: Bearer trusec_sk_your_api_key"

{
  "data": [
    {
      "id": "pol_abc123",
      "name": "admin-full-access",
      "effect": "allow",
      "principals": ["role:admin"],
      "actions": ["*"],
      "resources": ["*"],
      "createdAt": "2024-01-10T10:00:00Z"
    }
  ],
  "pagination": {
    "hasMore": false
  }
}

curl -X GET "https://api.trusec.io/v1/policies/pol_abc123" \
  -H "Authorization: Bearer trusec_sk_your_api_key"

{
  "data": {
    "id": "pol_abc123",
    "name": "admin-full-access",
    "description": "Grants full access to administrators",
    "effect": "allow",
    "principals": ["role:admin"],
    "actions": ["*"],
    "resources": ["*"],
    "conditions": {},
    "createdAt": "2024-01-10T10:00:00Z",
    "updatedAt": "2024-01-15T12:00:00Z"
  }
}

curl -X POST "https://api.trusec.io/v1/policies" \
  -H "Authorization: Bearer trusec_sk_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "user-read-own-data",
    "effect": "allow",
    "principals": ["user:${self}"],
    "actions": ["read"],
    "resources": ["users/${self}/*"]
  }'

{
  "data": {
    "id": "pol_def456",
    "name": "user-read-own-data",
    "effect": "allow",
    "principals": ["user:${self}"],
    "actions": ["read"],
    "resources": ["users/${self}/*"],
    "createdAt": "2024-01-20T10:00:00Z"
  }
}

curl -X PATCH "https://api.trusec.io/v1/policies/pol_abc123" \
  -H "Authorization: Bearer trusec_sk_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "conditions": {
      "ip": {
        "allowlist": ["10.0.0.0/8"]
      }
    }
  }'

{
  "data": {
    "id": "pol_abc123",
    "name": "admin-full-access",
    "effect": "allow",
    "principals": ["role:admin"],
    "actions": ["*"],
    "resources": ["*"],
    "conditions": {
      "ip": {
        "allowlist": ["10.0.0.0/8"]
      }
    },
    "updatedAt": "2024-01-20T16:00:00Z"
  }
}

curl -X DELETE "https://api.trusec.io/v1/policies/pol_abc123" \
  -H "Authorization: Bearer trusec_sk_your_api_key"

curl -X POST "https://api.trusec.io/v1/policies/simulate" \
  -H "Authorization: Bearer trusec_sk_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "principal": "user:user_123",
    "action": "delete",
    "resource": "documents/confidential/report.pdf",
    "context": {
      "ip": "192.168.1.100"
    }
  }'

{
  "data": {
    "allowed": false,
    "effect": "deny",
    "matchedPolicies": [
      {
        "id": "pol_xyz789",
        "name": "deny-confidential-delete",
        "effect": "deny"
      }
    ],
    "evaluationTimeMs": 2
  }
}