Validate a policy
packages/api/src/routes/policies.ts, mounted at /policies in app.ts with the /validate subpath defined on the router. Calls policyRepository.load(policyId, policyVersion) directly — the same FilePolicyRepository.load (packages/policy/src/FilePolicyRepository.ts) used internally when a Business Transaction is executed.
Despite the field name,
policyId is a policy name (e.g. vendor-payment), not a UUID — FilePolicyRepository resolves it to policies/<name>/<version>/policy.json on disk. The monorepo root policies/ directory ships vendor-payment, wire-transfer, fraud-block, payment-release, autonomous-driving, medical-treatment, multi-agent, and custom-policy, each versioned in its own subdirectory (e.g. policies/vendor-payment/1.0.0/ and policies/vendor-payment/2.0.0/).200
400 — missing policyId or policyVersion
404 — policy not found on disk
This route does not use the shared
errorHandler middleware’s error shape at all — it catches Error locally and always responds with { valid, errors }, even for the not-found case that other routes would report as { "error": "..." } with a plain 404. See Error Model for how this compares to other routes.SDK equivalents
TypeScript’s
PolicyApi.validate() (typescript/src/client/PolicyApi.ts) is typed to accept a full Policy object from @parmana/policy — { policyId, policyVersion, schemaVersion, signalsSchema, rules } — and posts it as-is. Note this is a different shape from the PolicyReference ({ name, version, schemaVersion }) used inside a BusinessTransaction’s own policy field (see typescript/src/models/policy.ts). The server route only reads policyId/policyVersion off whatever body it receives and ignores the rest, so in practice only those two fields matter for this call.Related
Policy
The concept behind what’s being validated.
policy package
Policy loading and evaluation internals.
Error Model
Why this route’s error shape doesn’t match the others.
Execute
Where an unvalidated, missing policy fails instead — inside execution, not up front.