Policies API

Alpha

DSAR is currently in alpha. APIs, package surfaces, configuration, and documentation may change as the project evolves.

These endpoints expose the policy catalog plus upgrade and custom-policy workflows.

GET /policies

List policy packs visible to the current request context.

Response (200):

[
	{
		"jurisdiction": "eu",
		"name": "EU GDPR baseline",
		"packId": "gdpr-eu",
		"publishedAt": "2026-01-01T00:00:00.000Z",
		"version": "1.2.0"
	}
]

POST /policies/upgrades/propose

Create a policy-upgrade proposal.

The current OpenAPI contract does not declare a required request body for this endpoint. Treat it as a workflow trigger that creates a new proposal and returns the proposal ID and status.

Response (202):

{
	"proposalId": "proposal-123",
	"status": "pending_approval"
}

POST /policies/upgrades/:proposalId/approve

Approve a pending policy-upgrade proposal.

Response (202):

{
	"proposalId": "proposal-123",
	"status": "approved"
}

POST /policies/upgrades/:proposalId/apply

Apply an approved policy-upgrade proposal.

Response (202):

{
	"proposalId": "proposal-123",
	"status": "applied"
}

POST /policies/custom/register

Request body:

jurisdiction (string, required)
name (string, required)
version (string, required)
pack (unknown, required): policy pack payload
publishedAt (string, optional)
metadata (object, required)
metadata.changelog (string, required)
metadata.compatibilityNotes (string, required)
metadata.releaseType (string, required): "major" | "minor" | "patch"

Response (202):

{
	"jurisdiction": "eu",
	"name": "Internal Policy",
	"status": "registered",
	"version": "1.0.0"
}

POST /policies/custom/activate

Activate a registered custom policy pack for a tenant or workspace scope.

Request body:

jurisdiction (string, required)
tenantId (string, required)
version (string, required)
workspaceId (string, optional)

Response (202):

{
	"jurisdiction": "eu",
	"status": "activated",
	"tenantId": "tenant-1",
	"version": "1.0.0",
	"workspaceId": "workspace-1"
}

POST /policies/custom/deactivate

Deactivate a scoped custom policy assignment.

Request body:

tenantId (string, required)
workspaceId (string, optional)

Response (202):

{
	"status": "deactivated",
	"tenantId": "tenant-1",
	"workspaceId": "workspace-1"
}

Related surfaces:

Node SDK: client.policies.*
CLI: dsar policies list and dsar policies custom ...
Architecture: Policy Versioning and Upgrades