Enterprise deployments can publish org base policies that tenant overlays extend. Each business unit keeps a local paybond.policy.yaml overlay while inheriting shared side-effecting tool definitions, evidence presets, and spend caps from the platform operator.
Tenant isolation remains absolute: overlays never merge policies from another org, and tenants cannot widen org allowed_tools or raise org spend caps.
Inheritance model
Org base policy (platform-published) + Tenant overlay (paybond.policy.yaml) ↓ Effective policy (per tenant, Gateway-resolved)
Gateway resolves the merged effective policy so tenants cannot bypass org constraints by editing local files alone. Kit middleware consumes the effective policy the same way as a flat v1 policy file.
Schema v2
Org base policies use version: 2 without an extends block:
version: 2 name: acme-agent-spend-v1 default_deny: true tools: travel.book_hotel: side_effecting: true max_spend_cents: 20000 evidence_preset: cost_and_completion intent: policy_binding: template_id: completion_budget_v1 allowed_tools: - travel.book_hotel
Tenant overlays declare what they extend and what they override:
version: 2 name: acme-travel-tenant-east extends: org_policy_id: acme-agent-spend-v1 org_id: org_acme_corp default_deny: true overrides: tools: travel.book_hotel: max_spend_cents: 15000 # stricter than org default intent: budget: max_spend_usd: 150 tools: acme.internal.approve_po: side_effecting: true evidence_preset: cost_and_completion
Merge rules (deterministic):
| Field | Rule |
|---|---|
tools | Union; tenant wins on spend/evidence conflicts; cannot remove org-required side-effecting tools |
default_deny | Tenant may only make stricter (true wins) |
intent.allowed_tools | Intersection when org defines an allowlist; tenant may narrow, not widen |
evidence_preset | Tenant may swap only within org-approved catalog subset |
For offline CI, add extends.base_policy pointing at a checked-in org base file. Production should use Gateway effective resolution.
CLI workflow
Platform operator: scaffold org base
paybond policy init-org \ --policy-id acme-agent-spend-v1 \ --out org-agent-spend-v1.yaml \ --operation travel.book_hotel \ --evidence-preset cost_and_completion \ --max-spend-cents 20000
Review the file, then publish via Gateway (requires platform operator credentials or PAYBOND_ORG_POLICY_PUBLISH_SECRET):
curl -X PUT \ "https://api.paybond.ai/v1/admin/org-policies/acme-agent-spend-v1?org_id=org_acme_corp" \ -H "Authorization: Bearer $PAYBOND_ORG_POLICY_PUBLISH_SECRET" \ -H "Content-Type: application/json" \ --data-binary @org-agent-spend-v1.json
See Gateway API — org policy inheritance.
Tenant: scaffold overlay
paybond policy extend \ --extends org_acme_corp/acme-agent-spend-v1 \ --out paybond.policy.yaml
Optional tenant-only tool:
paybond policy extend \ --extends org_acme_corp/acme-agent-spend-v1 \ --operation acme.internal.approve_po \ --evidence-preset cost_and_completion \ --out paybond.policy.yaml
For local merge in CI, pin the org base file:
paybond policy extend \ --extends org_acme_corp/acme-agent-spend-v1 \ --base-policy ./org-agent-spend-v1.yaml \ --out paybond.policy.yaml
Validate merged policy (server)
paybond login paybond policy validate-tools \ --file paybond.policy.yaml \ --remote \ --resolve-inheritance \ --format json
The response includes effective_policy_digest and merge_report when inheritance resolves successfully.
Kit API
TypeScript:
import { PaybondPolicy } from "@paybond/kit/policy"; const { policy, report, effectivePolicyDigest } = await PaybondPolicy.loadEffective({ overlay: "./paybond.policy.yaml", gateway: paybond.harbor, }); const registry = policy.toToolRegistry();
Offline merge (best-effort CI):
const { policy } = await PaybondPolicy.mergeLocal({ base: "./org-agent-spend-v1.yaml", overlay: "./paybond.policy.yaml", });
Python parity:
from paybond_kit.policy import PaybondPolicy, resolve_policy_effective_remote result = await resolve_policy_effective_remote(overlay_doc, gateway_client) policy = PaybondPolicy.from_document(result.effective_policy)
Examples
Repository examples under kit/policy/examples/:
org-base-acme-agent-spend-v1.json— org basetenant-overlay-acme-travel-east.json— tenant overlay with overrides
Related
- Agent policy-as-code — flat v1 policies and registry workflow
- Agent policy validate — local and remote validation
- Gateway API — org policy CRUD and effective resolution endpoints