Open Standard · MIT Licensed

Agent Policy Language

APL is an open, deterministic policy language for autonomous AI agents. Write policies once. Enforce everywhere. Prove compliance to any regulator.

View on GitHubTry live demo

Why APL?

Existing policy engines (OPA, Cedar, Permit.io) were designed for API access control — not for financial transactions, not for crypto rails, not for MiCA compliance.

APL is purpose-built for AI agents that move money. It is deterministic (no LLM in the enforcement path), human-readable (auditors can read it), and produces cryptographic proof of every decision.

Syntax

Basic payment policy
policy "payment-agent-v1" {

  rule auto_approve {
    when input.amount <= 500 and input.currency == "USDC"
    then APPROVE
  }

  rule require_review {
    when input.amount > 500 and input.amount <= 10000
    then REQUIRE_APPROVAL
  }

  rule hard_block {
    when input.amount > 10000
    then DENY
    reason "Exceeds operator daily limit"
  }

}
With OFAC screening + allowlist
policy "regulated-agent-v2" {

  rule ofac_check {
    when is_sanctioned(input.destination)
    then DENY
    reason "OFAC SDN list match"
  }

  rule allowlist_only {
    when input.destination not in ["9WzDXw...", "AaBbCc..."]
    then DENY
    reason "Destination not in operator allowlist"
  }

  rule mica_threshold {
    when input.amount > 1000
    then REQUIRE_APPROVAL
    reason "MiCA Art.68 — human oversight required"
  }

  rule auto_approve {
    when input.amount <= 1000
    then APPROVE
  }

}

Decision Outcomes

APPROVE
Action is within policy. Agent may proceed immediately.
DENY
Action violates policy. Agent must not execute.
REQUIRE_APPROVAL
Action needs human sign-off before execution.

Regulatory Alignment

MiCA Art.68
Audit trail for automated financial decisions
SHA-256 hash chain + Solana anchor
EU AI Act Art.12
Human oversight for high-risk AI systems
REQUIRE_APPROVAL rule outcome
OFAC compliance
Sanctions screening on outgoing transfers
is_sanctioned() built-in function
SOC2 Type II
Audit log export for security review
HTML/CSV/JSON export endpoint

Start enforcing policies today

MiCA Art.68 enforcement begins July 1, 2026.

Open dashboardLive demo