Rules
Rules define what is allowed, restricted, or blocked in your system and give you full control over how Averment behaves.
What is a rule?
A rule is a set of conditions that evaluate an action and influence the final decision. Each rule can increase or decrease risk, override decisions, or directly enforce an action (block, allow, etc.).
Rule structure
json
Rule anatomy
Each rule has three parts:
1. Condition (
when)Defines when the rule applies.
json
2. Effect (
effect)Controls risk scoring.
| Effect | Meaning |
|---|---|
| increase | Increase risk |
| decrease | Reduce risk |
| override | Override scoring |
3. Decision Effect (
decision_effect)Directly controls enforcement.
| Action | Behavior |
|---|---|
| allow | Execute |
| caution | Soft gate; proceed with awareness |
| review | Require active attention |
| block | Stop action |
| escalate_one_level | Increase severity |
| deescalate_one_level | Reduce severity |
decision_effect overrides everything else when set.Writing policies
Simple Rule (Recommended)
Full DSL (Advanced)
json
Supported operators
| Operator | What it does | Works with | Example |
|---|---|---|---|
| eq | equals | string, number, boolean | context.role eq "admin" |
| neq | not equal | string, number, boolean | context.country neq "US" |
| gt | greater than | number | numbers.requests gt 100 |
| gte | greater than or equal | number | numbers.age gte 18 |
| lt | less than | number | numbers.score lt 50 |
| lte | less than or equal | number | numbers.attempts lte 3 |
| contains | text includes value | string / array | context.command contains "rm -rf" |
| starts_with | starts with value | string | context.email starts_with "admin" |
| ends_with | ends with value | string | context.email ends_with "@temp.com" |
| in | matches one of values | array | context.role in ["admin","moderator"] |
| exists | field is present | any | context.device exists |
Available fields
Decision fields (system info)
| Field | What it means |
|---|---|
| decision.type | Type of action |
| decision.action | Action category |
| decision.summary | Human-readable description |
Context fields (your data)
The most flexible part. You pass this data when calling
decide().js
Then reference it in policies:
Typed fields (structured access)
| Type | Prefix | Example |
|---|---|---|
| Numbers | numbers.* | numbers.requests |
| Booleans | booleans.* | booleans.is_external_api |
| Strings | strings.* | strings.email |
Important notes
- Missing fields don't match: If a field isn't provided, the rule doesn't trigger.
- Use the right prefix: numbers use
Numbers.*, booleans usebooleans.*, everything else usescontext.*. - Context is your control layer: You decide what data to send, and more context means better decisions.
Priority & weight
Weight (0–100)
Controls how strongly a rule affects the decision. Higher weight = stronger influence.
Priority
Determines which rule runs first. Higher priority = executes first.
Next steps
Now that you understand policies, learn how to plug in your own LLM for semantic interpretation.
Bring Your Own LLM (BYOLLM)
Replace Averment's default semantic backend with your own LLM (OpenAI, Anthropic, Gemini, or any custom endpoint.)