Rules Library

Suvra ships a built-in Rules Library — a set of curated, reusable rules that policies reference by rule_id. Policies do not inline rule logic; they attach references from the library and toggle them on or off.

Scope

The Rules Library currently ships 17 category YAML files with 64 reusable rules:

filesystem
http
shell
secrets
email
database
api
pii
document
transaction
notification
compliance
crm
storage
calendar
workflow
code

Library files live under suvra/resources/rules/ and are shipped inside the installed wheel. You can browse the merged catalog from the dashboard at /dashboard/rules and filter by category.

How policies reference rules

A policy is an ordered list of rule references:

policy_id: suvra-policy
rules:
  - { rule_id: fs.write_workspace_allow, enabled: true }
  - { rule_id: http.external_request_needs_approval, enabled: true }
  - { rule_id: fs.delete_production_deny, enabled: true }
  - { rule_id: secrets.read_audit_allow, enabled: true }

At evaluation time Suvra hydrates each rule reference from the library, yielding a fully materialized rule with id, effect, type, and constraints.

Rule shape

Every library rule has:

id — stable identifier referenced from policies
type — the action type it applies to (fs.write_file, http.request, shell.exec, etc.)
effect — allow | deny | needs_approval
constraints — optional constraint map (see Policy Model)

Browsing from the dashboard

/dashboard/rules shows the full library with:

Category tabs and search
Per-rule detail (type, effect, constraints, description)
Membership — which policies currently reference each rule

Building on the library

For most deployments you will:

Start with the shipped library
Enable the rules appropriate to each category you use
Write per-agent policies for agent-specific overrides
Add custom rules only when a library rule does not cover your need

See Policy Model for authoring custom rules and reviewing the effective merged policy for any agent.