NPL Reference Policies

Bundled policies and hardalion:// URI pins

NPL Reference Policies

Shipped with @hardalion/npl-policy-engine (Apache 2.0). Source YAML in npl-spec/examples.

Canonical policy IDs

Policy IDUse case
nato-prou-strict-financialFinancial agent controls: blocks destructive tools, flags high-value transfers
eu-ai-act-art5-prohibitedThin EU AI Act Art. 5 prohibited-practices gate (example)

Do not use legacy alias NATO_PRoU_Strict_Financial in new integrations. It resolves for backward compatibility only.

Federated URI (version-pinned)

hardalion://nato-prou-strict-financial@1.0.0

Requires semver pin. Evaluator resolves from local bundled catalog offline; remote registry fetch is optional and fail-closed.

Spec: hardalion URI scheme

Try in CLI

npx @hardalion/npl-policy-engine \
  --policy nato-prou-strict-financial \
  --tool delete_user --json

npx @hardalion/npl-policy-engine \
  --policy-uri hardalion://nato-prou-strict-financial@1.0.0 \
  --tool drop_table --json

Author your own

See deterministic evaluation spec and policy schema.

Minimal example:

version: "1.0.0"
policyName: my-team-guardrails
targetAgents: ["*"]
rules:
  - ruleId: block_shell
    action: BLOCK
    condition: "tool.name in ['run_shell', 'exec']"
    alertSeverity: CRITICAL