Skip to main content

System Policies Reference

AxonFlow ships with 83 built-in system policies:

  • 73 pattern-based system policies evaluated by the Agent for low-latency enforcement
  • 10 condition-based system policies evaluated by the Orchestrator for context-aware governance

These policies give engineers a strong production baseline for LLM security, PII protection, code generation governance, and runtime compliance controls.

Overview

CategoryEvaluationCountSeverity Range
Security - SQL InjectionPattern-Based (Agent)37Critical - Medium
Security - Admin AccessPattern-Based (Agent)4High - Medium
PII - GlobalPattern-Based (Agent)7Critical - Low
PII - United StatesPattern-Based (Agent)2Critical
PII - European UnionPattern-Based (Agent)1Critical
PII - IndiaPattern-Based (Agent)2Critical
PII - SingaporePattern-Based (Agent)5Critical - Low
Code SecretsPattern-Based (Agent)8Critical - High
Code SafetyPattern-Based (Agent)7Critical - High
Risk ManagementCondition-Based (Orchestrator)2-
ComplianceCondition-Based (Orchestrator)3-
Security ControlsCondition-Based (Orchestrator)2-
Cost ManagementCondition-Based (Orchestrator)2-
Access ControlCondition-Based (Orchestrator)1-

Pattern-Based System Policies

Security - SQL Injection (security-sqli)

37 patterns covering all major SQL injection techniques.

UNION-Based Injection (2 patterns)

IDNameSeverityAction
sys_sqli_union_selectUNION SELECT DetectionCriticalBlock
sys_sqli_union_injectionUNION Injection After TerminationCriticalBlock

Boolean-Based Blind Injection (3 patterns)

IDNameSeverityAction
sys_sqli_or_trueOR True ConditionHighBlock
sys_sqli_or_stringOR String ConditionHighBlock
sys_sqli_and_falseAND False ConditionHighBlock

Time-Based Blind Injection (4 patterns)

IDNameSeverityAction
sys_sqli_sleepMySQL SLEEP FunctionCriticalBlock
sys_sqli_waitforSQL Server WAITFOR DELAYCriticalBlock
sys_sqli_pg_sleepPostgreSQL pg_sleepCriticalBlock
sys_sqli_benchmarkMySQL BENCHMARK FunctionCriticalBlock

Error-Based Injection (3 patterns)

IDNameSeverityAction
sys_sqli_extractvalueEXTRACTVALUE FunctionHighBlock
sys_sqli_updatexmlUPDATEXML FunctionHighBlock
sys_sqli_convert_intCONVERT INT InjectionHighBlock

Stacked Queries (5 patterns)

IDNameSeverityAction
sys_sqli_stacked_dropStacked DROP StatementCriticalBlock
sys_sqli_stacked_deleteStacked DELETE StatementCriticalBlock
sys_sqli_stacked_updateStacked UPDATE StatementCriticalBlock
sys_sqli_stacked_insertStacked INSERT StatementCriticalBlock
sys_sqli_stacked_execStacked EXEC StatementCriticalBlock

Comment-Based Injection (3 patterns)

IDNameSeverityAction
sys_sqli_inline_commentInline Comment InjectionHighBlock
sys_sqli_line_comment_mysqlMySQL Line Comment InjectionHighBlock
sys_sqli_line_comment_dashDouble-Dash Comment InjectionHighBlock

Generic Patterns (9 patterns)

IDNameSeverityAction
sys_sqli_select_fromSELECT FROM After TerminationCriticalBlock
sys_sqli_admin_bypassAuthentication BypassCriticalBlock
sys_sqli_hex_encodingHex-Encoded PayloadMediumBlock
sys_sqli_char_functionCHAR Function ObfuscationHighBlock
sys_sqli_concat_selectCONCAT with Embedded SELECTHighBlock
sys_sqli_information_schemaINFORMATION_SCHEMA AccessHighBlock
sys_sqli_sys_tablesSystem Tables AccessHighBlock
sys_sqli_load_fileLOAD_FILE FunctionCriticalBlock
sys_sqli_into_outfileINTO OUTFILE/DUMPFILECriticalBlock

Dangerous Query Patterns (8 patterns)

IDNameSeverityAction
sys_sqli_drop_tableDROP TABLE StatementCriticalBlock
sys_sqli_drop_databaseDROP DATABASE StatementCriticalBlock
sys_sqli_truncateTRUNCATE TABLE StatementCriticalBlock
sys_sqli_alter_tableALTER TABLE StatementHighBlock
sys_sqli_delete_no_whereDELETE Without WHERECriticalBlock
sys_sqli_create_userCREATE USER StatementCriticalBlock
sys_sqli_grantGRANT Privileges StatementCriticalBlock
sys_sqli_revokeREVOKE Privileges StatementCriticalBlock

Security - Admin Access (security-admin)

IDNameSeverityActionDescription
sys_admin_users_tableUsers Table AccessHighBlockAccess to users table
sys_admin_audit_logAudit Log AccessHighBlockAccess to audit logs
sys_admin_config_tableConfiguration Table AccessHighBlockSystem config access
sys_admin_info_schemaInformation Schema AccessMediumBlockSystem schema access

PII - Global (pii-global)

Universal patterns applicable in all regions.

IDNameSeverityActionDescription
sys_pii_credit_cardCredit Card NumberCriticalBlockVisa, MC, Amex, Discover
sys_pii_emailEmail AddressMediumLogStandard email format
sys_pii_phonePhone NumberMediumLogInternational formats
sys_pii_ip_addressIP AddressMediumLogIPv4 addresses
sys_pii_passportPassport NumberHighBlockGeneric passport format
sys_pii_dobDate of BirthHighLogCommon date formats
sys_pii_booking_refBooking ReferenceLowLog6-char alphanumeric

PII - United States (pii-us)

IDNameSeverityActionDescription
sys_pii_ssnSocial Security NumberCriticalBlockXXX-XX-XXXX format
sys_pii_bank_accountBank Account NumberCriticalBlockRouting + account number

PII - European Union (pii-eu)

IDNameSeverityActionDescription
sys_pii_ibanIBANCriticalBlockInternational Bank Account Number

PII - India (pii-india)

IDNameSeverityActionDescription
sys_pii_panPAN (Permanent Account Number)CriticalBlock10-char with entity type validation
sys_pii_aadhaarAadhaar NumberCriticalBlock12-digit UID (DPDP Act 2023)

PII - Singapore (pii-singapore)

Singapore-specific patterns support MAS FEAT-oriented governance and regional privacy controls in Community Edition.

IDNameSeverityActionDescription
sys_pii_singapore_nricSingapore NRIC DetectionCriticalRedactNational Registration Identity Card pattern
sys_pii_singapore_finSingapore FIN DetectionCriticalRedactForeign Identification Number pattern
sys_pii_singapore_uenSingapore UEN DetectionHighRedactUnique Entity Number pattern
sys_pii_singapore_phoneSingapore Phone DetectionMediumRedact+65 phone numbers
sys_pii_singapore_postalSingapore Postal Code DetectionLowWarnSix-digit postal code pattern

Code Secrets (code-secrets)

These policies matter when teams use AxonFlow to govern AI-assisted coding agents, autonomous remediation, and multi-agent software delivery workflows.

IDNameSeverityActionDescription
sys_code_aws_keyAWS Access Key DetectionCriticalBlockDetect hardcoded AWS access keys
sys_code_aws_secretAWS Secret Key DetectionCriticalBlockDetect likely AWS secret values in assignment context
sys_code_github_tokenGitHub Token DetectionCriticalBlockDetect embedded GitHub tokens
sys_code_openai_keyOpenAI API Key DetectionCriticalBlockDetect hardcoded OpenAI API keys
sys_code_anthropic_keyAnthropic API Key DetectionCriticalBlockDetect hardcoded Anthropic API keys
sys_code_jwtJWT Token DetectionHighBlockDetect embedded JWTs and session tokens
sys_code_private_keyPrivate Key DetectionCriticalBlockDetect embedded RSA, EC, or OpenSSH private keys
sys_code_password_assignHardcoded Password DetectionHighBlockDetect password assignments in code

Code Safety (code-unsafe)

These policies help teams keep generated code reviewable and safe before it reaches CI, production, or internal platforms.

IDNameSeverityActionDescription
sys_code_eval_jsJavaScript eval() DetectionHighWarnDetect eval() in JavaScript or TypeScript
sys_code_exec_pythonPython exec() DetectionHighWarnDetect exec() in Python
sys_code_shell_injectionShell Injection Risk DetectionCriticalBlockDetect subprocess execution with shell=True
sys_code_sql_formatSQL String Formatting DetectionHighWarnDetect dynamic SQL built with string interpolation
sys_code_os_systemOS Command Execution DetectionHighWarnDetect os.system() command execution
sys_code_pickleInsecure Deserialization DetectionCriticalWarnDetect pickle.load() or pickle.loads()
sys_code_yaml_unsafeUnsafe YAML Load DetectionHighWarnDetect yaml.load() without a safe loader

Condition-Based System Policies

Condition-based policies use context-aware rules evaluated by the Orchestrator. These provide runtime governance for risk, compliance, cost, and access control.

Policy ID Naming Convention

System policy IDs follow the pattern: sys_ + category abbreviation + specific pattern name.

PrefixMeaningExample
sys_sqli_SQL injection patternsys_sqli_union_select
sys_admin_Admin access controlsys_admin_users_table
sys_pii_PII detection patternsys_pii_ssn
sys_dyn_Dynamic/condition-based policysys_dyn_high_risk_block

Risk Management (dynamic-risk)

IDNameConditionAction
sys_dyn_high_risk_blockBlock High-Risk Queriesrisk_score > 0.8Block
sys_dyn_anomalous_accessAnomalous Access Detectionrisk_score > 0.5Warn

Risk score thresholds:

Risk ScoreActionDescription
> 0.8BlockHigh-risk query immediately rejected
> 0.5WarnElevated-risk query allowed with warning logged
<= 0.5AllowNormal-risk query proceeds without policy match

Condition example (as returned by GET /api/v1/policies):

{
  "id": "sys_dyn_high_risk_block",
  "name": "Block High-Risk Queries",
  "type": "risk",
  "category": "dynamic-risk",
  "tier": "system",
  "conditions": [
    {"field": "risk_score", "operator": "greater_than", "value": 0.8}
  ],
  "actions": [
    {"type": "block", "config": {"reason": "Query blocked due to high risk score."}}
  ],
  "enabled": true
}

Compliance (dynamic-compliance)

IDNameConditionAction
sys_dyn_hipaaHIPAA Compliancedata_category == "healthcare"Block (if PHI detected)
sys_dyn_gdprGDPR Compliancedata_region == "eu" and PII presentBlock
sys_dyn_financialFinancial Data Protectiondata_category == "financial"Block (if PCI data detected)

Condition example (as returned by GET /api/v1/policies):

{
  "id": "sys_dyn_hipaa",
  "name": "HIPAA Compliance",
  "type": "context_aware",
  "category": "dynamic-compliance",
  "tier": "system",
  "conditions": [
    {"field": "context.data_category", "operator": "equals", "value": "healthcare"},
    {"field": "context.contains_phi", "operator": "equals", "value": true}
  ],
  "actions": [
    {"type": "block", "config": {"reason": "Protected Health Information detected. HIPAA compliance requires blocking this query."}}
  ],
  "enabled": true
}

Security Controls (dynamic-security)

IDNameConditionAction
sys_dyn_tenant_isolationTenant Isolationtarget_tenant != request_tenantBlock
sys_dyn_debug_restrictDebug Mode Restrictiondebug == true and environment == "production"Block

Cost Management (dynamic-cost)

IDNameConditionAction
sys_dyn_expensive_queryExpensive Query Limitestimated_cost > cost_thresholdWarn
sys_dyn_llm_costLLM Cost Optimizationmonthly_usage > monthly_limitBlock

Access Control (dynamic-access)

IDNameConditionAction
sys_dyn_sensitive_dataSensitive Data ControlResponse contains salary, SSN, or medical recordsBlock

Querying System Policies

List All System Policies

const policies = await client.listStaticPolicies({
  tier: 'system'
});

console.log(`Total system policies: ${policies.length}`);

Filter by Category

// Get all SQL injection policies
const sqli = await client.listStaticPolicies({
  tier: 'system',
  category: 'security-sqli'
});

// Get all PII policies
const pii = await client.listStaticPolicies({
  tier: 'system',
  category: 'pii-global'
});

REST API

# All system policies
curl "http://localhost:8080/api/v1/static-policies?tier=system"

# Filtered by category
curl "http://localhost:8080/api/v1/static-policies?tier=system&category=security-sqli"

Customizing System Policies (Enterprise)

Enterprise Feature

Policy overrides require an Enterprise license.

You cannot modify system policy patterns, but you can:

  1. Disable a policy for your organization
  2. Change the action (only to more restrictive or disable)
  3. Set an expiration for temporary overrides

Example: Disable Email Detection

await client.createPolicyOverride({
  policyId: 'sys_pii_email',
  enabledOverride: false,
  overrideReason: 'Internal tool - no customer email exposure',
});

Example: Escalate to Block

await client.createPolicyOverride({
  policyId: 'sys_pii_dob',
  actionOverride: 'block',  // Was 'log'
  overrideReason: 'HIPAA requirement - block all DOB exposure',
});
Last updated on