Policy Bundles

A policy bundle is a JSON document that defines selectors, rules, optional kill switches, and optional runtime override blocks.

Lifecycle

1. Load from local file or SaaS response
2. Validate and compile through runtime loader and algorithm validators
3. Apply as current in-memory bundle
4. Reload when standalone file is re-read or SaaS update is pulled

Minimal shape

{
  "bundle_version": 1,
  "policies": [
    {
      "id": "api-default",
      "spec": {
        "selector": { "pathPrefix": "/api/" },
        "rules": [
          {
            "name": "global-rps",
            "limit_keys": ["ip:address"],
            "algorithm": "token_bucket",
            "algorithm_config": { "tokens_per_second": 100, "burst": 200 }
          }
        ]
      }
    }
  ]
}

Versioning

bundle_version must be positive and monotonic for update flows that compare current vs incoming versions.

Matching behavior

Multiple policies may match the same request. Policy evaluation is deterministic and depends on selector match plus rule evaluation in runtime order.

For full field-level semantics, use Bundle Structure.