NPL Reference Policies
Bundled policies and hardalion:// URI pins
NPL Reference Policies
Shipped with @hardalion/npl-policy-engine (Apache 2.0). Source YAML in npl-spec/examples.
Canonical policy IDs
| Policy ID | Use case |
|---|---|
nato-prou-strict-financial | Financial agent controls: blocks destructive tools, flags high-value transfers |
eu-ai-act-art5-prohibited | Thin EU AI Act Art. 5 prohibited-practices gate (example) |
Do not use legacy alias NATO_PRoU_Strict_Financial in new integrations. It resolves for backward compatibility only.
Federated URI (version-pinned)
hardalion://nato-prou-strict-financial@1.0.0Requires semver pin. Evaluator resolves from local bundled catalog offline; remote registry fetch is optional and fail-closed.
Spec: hardalion URI scheme
Try in CLI
npx @hardalion/npl-policy-engine \
--policy nato-prou-strict-financial \
--tool delete_user --json
npx @hardalion/npl-policy-engine \
--policy-uri hardalion://nato-prou-strict-financial@1.0.0 \
--tool drop_table --jsonAuthor your own
See deterministic evaluation spec and policy schema.
Minimal example:
version: "1.0.0"
policyName: my-team-guardrails
targetAgents: ["*"]
rules:
- ruleId: block_shell
action: BLOCK
condition: "tool.name in ['run_shell', 'exec']"
alertSeverity: CRITICAL