Policy Engine
How the Policy Engine governs all actions in Blockstream Enterprise Custody - evaluation order, decisions, and review workflows.
The Policy Engine is the governance brain of Blockstream Enterprise Custody. Every action - whether a transaction, a user invitation, or a configuration change - passes through the Policy Engine before execution.
What policies govern
Policies apply to all resources, not only transactions:
- Spend requests (transactions)
- User creation and modification
- Wallet configuration changes
- Role and group management
- Asset restrictions
- Any other resource action
How evaluation works
Policies are evaluated in priority order (highest priority number first). The first policy whose expression matches the incoming request determines the outcome. Remaining policies are not evaluated.
Request comes in
|
v
[Policy A, priority 100]
expression: amount > 100000
decision: REVIEW
result: no match, continue
|
v
[Policy B, priority 90]
expression: recipient in whitelist
decision: ALLOW
result: match
|
v
Action executes immediately (ALLOW)If no policy matches, the default behavior is ALLOW. To require explicit approval for everything, create a low-priority catch-all REVIEW policy.
Policy decisions
| Decision | Effect |
|---|---|
ALLOW | Action executes immediately, no approval required |
DENY | Action is rejected; for spend requests, locked UTXOs are released |
REVIEW | A proposal is created; designated reviewers must approve or reject |
The REVIEW flow
When a policy decision is REVIEW, the system creates a proposal and returns status: "pending" to the caller. The review_expression on the policy defines who can approve and how many approvals are needed:
review_expression: "2 OF finance-team"This means 2 members of the finance-team group must approve before the action executes.
Reviewers act on proposals via POST /proposals/:id/review. Once the threshold is met, the action executes automatically.
Policy structure
Each policy has the following fields:
| Field | Description |
|---|---|
name | Human-readable label |
resource | The API resource path this policy applies to (supports wildcards) |
action | The action type: add, edit, get, delete |
priority | Evaluation order - higher is evaluated first |
expression | CEL expression evaluated against the incoming request |
decision_on_true | ALLOW, DENY, or REVIEW - applied when expression is true |
review_expression | Required when decision is REVIEW - defines approval threshold |
For configuration examples and CEL expression syntax, see Policy Configuration.
Roles and groups
The review_expression references named groups (e.g., "1 OF admins"). Groups are collections of users assigned specific roles. See Roles & Rules for how to configure groups and assign users.