FlowGuard API - v1.2.0-rc.2
    Preparing search index...

    Interface FlowGuardPolicy

    Full FlowGuard policy configuration.

    Determines:

    • Whether human gates require explicit human decisions
    • Max iterations for independent plan and implementation review loops
    • Whether the session initiator can approve their own work (four-eyes)
    • Which audit events are emitted and how
    • How actors are classified in the audit trail
    interface FlowGuardPolicy {
        mode: PolicyMode;
        requireHumanGates: boolean;
        maxSelfReviewIterations: number;
        maxImplReviewIterations: number;
        allowSelfApproval: boolean;
        selfReview: SelfReviewConfig;
        reviewOutputPolicy: ReviewOutputPolicy;
        reviewInvocationPolicy: ReviewInvocationPolicy;
        audit: AuditPolicy;
        actorClassification: Readonly<Record<string, string>>;
        minimumActorAssuranceForApproval:
            | "best_effort"
            | "claim_validated"
            | "idp_verified";
        requireVerifiedActorsForApproval: boolean;
        identityProvider?: | {
            issuer: string;
            audience: string[];
            claimMapping: {
                subjectClaim: string;
                emailClaim: string;
                nameClaim: string;
            };
            mode: "static";
            signingKeys: (
                | {
                    kind: "jwk";
                    kid: string;
                    alg: "RS256"
                    | "ES256";
                    jwk:
                        | { kty: "RSA"; n: string; e: string }
                        | { kty: "EC"; x: string; y: string; crv: string };
                }
                | { kind: "pem"; kid: string; alg: "RS256"
                | "ES256"; pem: string }
            )[];
        }
        | {
            issuer: string;
            audience: string[];
            claimMapping: {
                subjectClaim: string;
                emailClaim: string;
                nameClaim: string;
            };
            mode: "jwks";
            jwksPath?: string;
            jwksUri?: string;
            cacheTtlSeconds: number;
        };
        identityProviderMode: "optional"
        | "required";
    }
    Index

    Properties

    mode requireHumanGates maxSelfReviewIterations maxImplReviewIterations allowSelfApproval selfReview reviewOutputPolicy reviewInvocationPolicy audit actorClassification minimumActorAssuranceForApproval requireVerifiedActorsForApproval identityProvider? identityProviderMode

    Properties

    mode: PolicyMode

    Policy mode identifier.

    requireHumanGates: boolean

    Whether User Gate phases require explicit human decisions. false → auto-approve at gates (solo mode). true → machine waits for /review-decision (team/regulated).

    maxSelfReviewIterations: number

    Max independent review iterations in PLAN phase before force-convergence.

    maxImplReviewIterations: number

    Max impl-review iterations in IMPL_REVIEW phase before force-convergence.

    allowSelfApproval: boolean

    Whether the session initiator can approve at User Gates. false → four-eyes principle enforced (regulated). Session initiator !== review decision maker. true → self-approval allowed (solo/team).

    selfReview: SelfReviewConfig

    Independent review configuration.

    reviewOutputPolicy: ReviewOutputPolicy

    Whether lower-assurance text-compatible review output may satisfy evidence.

    reviewInvocationPolicy: ReviewInvocationPolicy

    How reviewer invocation must occur: host-visible Task tool, SDK, or policy-gated.

    audit: AuditPolicy

    Audit event emission controls.

    actorClassification: Readonly<Record<string, string>>

    Actor classification per tool name. Maps FlowGuard tool names to actor labels for the audit trail. Tools not listed default to "system".

    minimumActorAssuranceForApproval:
        | "best_effort"
        | "claim_validated"
        | "idp_verified"

    P34: Minimum required actor assurance for regulated approval decisions.

    • 'best_effort' → any actor may approve (default, backward-compat with P33 v0)
    • 'claim_validated' → only actors with validated local claims may approve
    • 'idp_verified' → only IdP-verified actors may approve (future P35 enterprise target)

    Applies at User Gates in regulated mode. Actors below the threshold are blocked with reason ACTOR_ASSURANCE_INSUFFICIENT.

    Migration from P33 v0: requireVerifiedActorsForApproval: true → minimumActorAssuranceForApproval: 'claim_validated' requireVerifiedActorsForApproval: false → minimumActorAssuranceForApproval: 'best_effort'

    P34 design doc: docs/actor-assurance-architecture.md

    requireVerifiedActorsForApproval: boolean

    P33 (deprecated): Whether regulated approvals require verified actor identity. Ignored if minimumActorAssuranceForApproval is set. Translated to minimumActorAssuranceForApproval at resolution time: true → 'claim_validated' false → 'best_effort'

    identityProvider?:
        | {
            issuer: string;
            audience: string[];
            claimMapping: {
                subjectClaim: string;
                emailClaim: string;
                nameClaim: string;
            };
            mode: "static";
            signingKeys: (
                | {
                    kind: "jwk";
                    kid: string;
                    alg: "RS256"
                    | "ES256";
                    jwk:
                        | { kty: "RSA"; n: string; e: string }
                        | { kty: "EC"; x: string; y: string; crv: string };
                }
                | { kind: "pem"; kid: string; alg: "RS256"
                | "ES256"; pem: string }
            )[];
        }
        | {
            issuer: string;
            audience: string[];
            claimMapping: {
                subjectClaim: string;
                emailClaim: string;
                nameClaim: string;
            };
            mode: "jwks";
            jwksPath?: string;
            jwksUri?: string;
            cacheTtlSeconds: number;
        }

    P35a/P35b1/P35b2: IdP configuration for static keys or JWKS authority. Defines issuer, audience, claim mapping, and key source details. When set, allows idp_verified actors via FLOWGUARD_ACTOR_TOKEN_PATH.

    identityProviderMode: "optional" | "required"

    P35a: Controls IdP verification behavior when identityProvider is set.

    • 'optional': Token verification is attempted but failure doesn't block hydration
    • 'required': IdP verification must succeed at hydration time

    Note: Approval gates respect minimumActorAssuranceForApproval regardless of this mode. This mode only controls whether IdP failure blocks session creation.

    Settings

    Member Visibility

    On This Page

    Properties