MAPL Schema Reference
Complete syntax reference for MAPL (MACAW Access Policy Language). Hierarchical, composable policies with pattern matching and fine-grained constraints.
Policy Structure
Core policy fields. Only policy_id is required.
json
{
"policy_id": "scope:name",
"name": "Human-readable name",
"extends": "parent:policy_id",
"scope": "user",
"resources": [...],
"denied_resources": [...],
"constraints": {
"rate_limit": 100,
"parameters": {...},
"denied_parameters": {...}
},
"attestations": {...}
}Fields Reference
| Field | Required | Description |
|---|---|---|
policy_id | Yes | Unique ID with scope prefix: global:, company:, bu:, team:, user:, app: |
extends | No | Parent policy to inherit from. Child can only restrict, not expand. |
resources | No | Array of allowed resource patterns. Supports wildcards. |
denied_resources | No | Array of denied patterns. Overrides resources. |
constraints | No | Operational constraints (rate_limit, parameters, denied_parameters). |
attestations | No | Boolean capabilities granted to this principal. |
Pattern Matching
| Pattern | Matches | Example |
|---|---|---|
* | Any characters except / | tool:* matches tool:search |
** | Any characters including / | llm:** matches llm:openai/gpt-4 |
*text* | Contains substring | *sales* matches quarterly_sales.txt |
Resource Types
| Type | Description | Examples |
|---|---|---|
llm: | LLM operations | llm:openai/gpt-4*, llm:anthropic/* |
tool: | Tool invocations | tool:query_*, tool:database/query |
data: | Data access | data:analytics/**, data:sales/** |
service: | External services | service:database, service:api/* |
Parameter Constraints
Allowed Parameters
Per-operation parameter validation with enumeration, range, and pattern constraints.
json
"parameters": {
"llm:openai/*": {
"model": ["gpt-4", "gpt-4-turbo"],
"max_tokens": {"max": 4000},
"temperature": {"min": 0, "max": 1.0}
},
"tool:*": {
"query": {"max_length": 1000}
}
}Denied Parameters
Block specific parameter values. Pattern matching supported.
json
"denied_parameters": {
"tool:*": {
"include_credentials": [true],
"output_path": ["*/etc/*", "*.key"]
},
"llm:*": {
"system_prompt": ["*ignore instructions*"]
}
}Constraint Types
["a", "b", "c"]→EnumerationValue must be in the list. Pattern matching for strings.
{"max": 4000}→MaximumNumeric value must be <= max.
{"min": 0, "max": 1}→RangeNumeric value must be in range [min, max].
{"pattern": "^[a-z]+$"}→RegexString must match regex pattern.
{"max_length": 1000}→String lengthString length must be <= max.
Policy Inheritance
When a policy extends another, fields are merged using monotonic restriction:
| Field | Merge Behavior |
|---|---|
resources | Intersection - both parent and child must allow |
denied_resources | Union - either parent or child denial applies |
rate_limit | Minimum - most restrictive rate applies |
parameters | Most restrictive constraint wins |
attestations | AND - both parent and child attestations required |
Scope Resolution: Policies resolve in order: global → company → bu → team → user → app. Each level restricts the previous. Deny always overrides allow.
Complete Example
json
{
"policy_id": "team:analytics",
"name": "Analytics Team Policy",
"extends": "bu:data",
"scope": "team",
"resources": [
"llm:openai/gpt-4*",
"llm:anthropic/claude-3*",
"tool:query_*",
"data:analytics/**"
],
"denied_resources": [
"data:hr/**",
"*.credentials"
],
"constraints": {
"rate_limit": 500,
"parameters": {
"llm:*": {
"max_tokens": {"max": 4000}
}
},
"denied_parameters": {
"tool:*": {
"include_pii": [true]
}
}
},
"attestations": {
"can_export_reports": true
}
}