CadreenResearch Preview
DocumentationAPI ReferenceGuides & Cookbooks
Back to Guides & Cookbooks
Cookbook

How to set company-wide policies with one message

Write a policy in natural language. Cadreen stores it and enforces it across every surface — opencode, SDK scripts, CLI, dashboard, embedded SaaS. No DSL. No config files.

1

How it works

You describe the behavior you want in plain English. Cadreen stores the policy and enforces it on every tool call across your entire workspace.

Write01Store02Enforce03Audit04

Flow: natural language → store → enforcement → audit trail

2

Create a policy with the SDK

One call. The condition is natural language — Cadreen interprets it and creates a structured policy under the hood.

TypeScript
const policy = await cadreen.policies.create({
  name: "Refund Policy",
  rules: [
    { condition: "Require manager approval for refunds over $500", effect: "require_human_approval" },
    { condition: "Auto-approve refunds of $100 or less", effect: "auto_approve" },
  ],
  domain: "finance",
});

console.log(policy.id);           // "pol_01abc..."
console.log(policy.status);       // "draft"
console.log(policy.interpreted);  // { requires_human: true, match: {...} }
Python
policy = await cadreen.policies.create(
    name="Refund Policy",
    rules=[
        {"condition": "Require manager approval for refunds over $500", "effect": "require_human_approval"},
        {"condition": "Auto-approve refunds of $100 or less", "effect": "auto_approve"},
    ],
)

print(policy.id)           # "pol_01abc..."
print(policy.status)       # "draft"
print(policy.interpreted)  # {"requires_human": true, "match": {...}}
Note
Policies are scoped to your workspace. Every surface that uses the same API key inherits the same policies.
3

See it in the dashboard

The policy appears immediately in the dashboard at /infra/dashboard/policies. Every team member can see what rules are active.

[Dashboard policies page screenshot — shows the policy with status, type, and risk level]

4

Enforcement across every surface

The same policy governs tool calls from opencode, SDK scripts, CLI commands, and embedded SaaS — automatically. No per-surface configuration.

opencode — deploy blocked
> Deploy the staging app to production

I can't do that right now. Your workspace policy says no production deploys
after 5pm on Fridays. It's currently 6:30pm on Friday.

Say "override" to request an exception (requires approval).
SDK — governance decision in response
const result = await cadreen.intent.invoke({
  messages: [{ role: "user", content: "Deploy to production" }],
});

console.log(result.type);       // "blocked"
console.log(result.reason_code); // "policy_violation"
console.log(result.policy_id);   // "pol_01abc"
Note
Governance decisions are recorded as intelligence traces. You can query them from any surface — dashboard, CLI, SDK.
5

What you can govern

Policies can govern any tool call. Cadreen has built-in circuit breakers for sensitive actions:

file_toolFileDelete, FileOverwrite, FileMove
payment_toolPayment, Refund, SubscriptionChange
deploy_toolDeploy, Rollback, Scale
email_toolSendEmail, SendBulkEmail
database_toolDatabaseMutate, DatabaseDelete, DatabaseBackup
Note
You can also create policies for any custom tool you register via OpenAPI or MCP. The governance layer is tool-agnostic.
Note
Next: Swap in Cadreen as your model provider — zero code changes, instant intelligence.