Policy
A Yebo policy is a single JSON file — yebo.policy.json — that defines the rules Yebo uses to authorize actions. No code changes needed to adjust thresholds. Edit the file, and every subsequent action is evaluated against the new rules.
Default policy
When you run npx create-yebo, this policy is created automatically:
{
"auto_approve_below": 500,
"deny_above": 10000,
"currency": "USD",
"version": "sandbox-v1"
}
This means:
| Amount | Decision |
|--------|----------|
| Under $500 | ALLOW — executes immediately |
| $500 to $10,000 | REQUIRE_APPROVAL — pauses, requires human sign-off |
| Over $10,000 | DENY — blocked, never executes |
Fields
auto_approve_below
Any action with an amount strictly below this value is automatically authorized.
{ "auto_approve_below": 500 }
A payment of $499.99 → ALLOW.
A payment of $500.00 → REQUIRE_APPROVAL.
deny_above
Any action with an amount at or above this value is blocked outright.
{ "deny_above": 10000 }
A payment of $10,000 → DENY.
A payment of $9,999.99 → REQUIRE_APPROVAL.
currency
The currency for the policy thresholds. Defaults to "USD".
{ "currency": "USD" }
Currently used for display and context in decision reasons. Multi-currency enforcement is on the roadmap.
version
A string label for tracking policy changes over time. Used in audit receipts.
{ "version": "v1.2" }
The version appears in the MANDATE stage of the authorization pipeline and in every policy_rule field on decisions.
How to change thresholds
Edit yebo.policy.json directly:
# Tighten limits for production
cat > yebo.policy.json << 'EOF'
{
"auto_approve_below": 100,
"deny_above": 5000,
"currency": "USD",
"version": "production-v1"
}
EOF
The change takes effect on the next protectPayment() call. No restart needed.
Policy templates
The yebo-protect package includes ready-made templates for common use cases:
import { POLICY_TEMPLATES, applyTemplate } from "yebo-protect";
// Available templates
console.log(Object.keys(POLICY_TEMPLATES));
// ["conservative", "standard", "enterprise", "ai-agent"]
// Apply a template to your policy file
applyTemplate("conservative");
// Writes yebo.policy.json with: auto_approve_below: 100, deny_above: 1000
| Template | auto_approve_below | deny_above | Best for |
|----------|--------------------|------------|---------|
| conservative | $100 | $1,000 | High-security environments |
| standard | $500 | $10,000 | Most use cases (default) |
| enterprise | $2,500 | $50,000 | Enterprise procurement workflows |
| ai-agent | $50 | $500 | Fully autonomous agents with minimal human trust |
Where Yebo looks for the policy file
By default, Yebo looks for yebo.policy.json in the current working directory. Override the path:
const result = await protectPayment(request, {
policy_path: "/etc/yebo/policy.json",
});
How the policy evaluates
The policy engine is a pure function — no side effects, no network:
amount < auto_approve_below → ALLOW
amount >= deny_above → DENY
anything in between → REQUIRE_APPROVAL
Every decision includes which rule triggered:
result.policy_rule // "auto_approve_below" | "deny_above" | "require_approval_range"
result.reason // "Amount $200 is below auto_approve threshold of $500"
Preview a decision without executing
Use preview() to test what Yebo would decide — without creating any pending records or calling Stripe:
import { preview } from "yebo-protect";
const decision = preview({
type: "payment",
amount: 5000,
vendor: "Acme Corp",
currency: "USD",
});
// decision.decision → "REQUIRE_APPROVAL"
// decision.reason → "Amount $5,000 requires human authorization"
// decision.without_yebo → "Payment would execute immediately — no control"
// decision.fix → "Lower amount below $500, or increase auto_approve_below"
preview() is synchronous. Use it to show users what will happen before they confirm.
Get Started
npx create-yebo # creates yebo.policy.json automatically