Blockstream Enterprise Custody SDK
General Concepts

Policy Engine

How the Policy Engine governs all actions in Blockstream Enterprise Custody - evaluation order, decisions, and review workflows.

The Policy Engine is the governance brain of Blockstream Enterprise Custody. Every action - whether a transaction, a user invitation, or a configuration change - passes through the Policy Engine before execution.

What policies govern

Policies apply to all resources, not only transactions:

  • Spend requests (transactions)
  • User creation and modification
  • Wallet configuration changes
  • Role and group management
  • Asset restrictions
  • Any other resource action

How evaluation works

Policies are evaluated in priority order (highest priority number first). The first policy whose expression matches the incoming request determines the outcome. Remaining policies are not evaluated.

Request comes in
    |
    v
[Policy A, priority 100]
  expression: amount > 100000
  decision: REVIEW
  result: no match, continue
    |
    v
[Policy B, priority 90]
  expression: recipient in whitelist
  decision: ALLOW
  result: match
    |
    v
Action executes immediately (ALLOW)

If no policy matches, the default behavior is ALLOW. To require explicit approval for everything, create a low-priority catch-all REVIEW policy.

Policy decisions

DecisionEffect
ALLOWAction executes immediately, no approval required
DENYAction is rejected; for spend requests, locked UTXOs are released
REVIEWA proposal is created; designated reviewers must approve or reject

The REVIEW flow

When a policy decision is REVIEW, the system creates a proposal and returns status: "pending" to the caller. The review_expression on the policy defines who can approve and how many approvals are needed:

review_expression: "2 OF finance-team"

This means 2 members of the finance-team group must approve before the action executes.

Reviewers act on proposals via POST /proposals/:id/review. Once the threshold is met, the action executes automatically.

Policy structure

Each policy has the following fields:

FieldDescription
nameHuman-readable label
resourceThe API resource path this policy applies to (supports wildcards)
actionThe action type: add, edit, get, delete
priorityEvaluation order - higher is evaluated first
expressionCEL expression evaluated against the incoming request
decision_on_trueALLOW, DENY, or REVIEW - applied when expression is true
review_expressionRequired when decision is REVIEW - defines approval threshold

For configuration examples and CEL expression syntax, see Policy Configuration.

Roles and groups

The review_expression references named groups (e.g., "1 OF admins"). Groups are collections of users assigned specific roles. See Roles & Rules for how to configure groups and assign users.

On this page