Edictum
Rulesets ReferencePatterns

Rule Patterns

This section contains reusable rule recipes organized by enforcement concern.

AI Assistance

Right page if: you want to browse reusable rule recipes organized by concern (access control, data protection, change control, rate limiting, compliance, advanced). Wrong page if: you need the YAML schema reference -- see https://docs.edictum.ai/docs/rulesets/yaml-reference. For a conceptual overview of rule types, see https://docs.edictum.ai/docs/concepts/rules. Gotcha: every pattern page includes both YAML and Python decorator versions. All YAML examples use `Edictum.from_yaml()` and all Python examples use the `@precondition`/`@postcondition`/`@session_contract` decorator APIs.

This section contains reusable rule recipes organized by enforcement concern. Each pattern includes both a YAML ruleset and the equivalent Python decorator version, an explanation of when and why to use it, and common gotchas. Use the tabs on each code block to switch between YAML and Python.

All YAML examples use the edictum/v1 Ruleset format and compile with Edictum.from_yaml(). All Python examples use the @precondition, @postcondition, and @session_contract decorator APIs.

Patterns

PatternDescription
Access ControlRole-based gates, environment restrictions, attribute-based access, and role escalation prevention.
Data ProtectionPII detection, secret scanning, sensitive file denial, and output size monitoring.
Change ControlTicket requirements, approval gates, blast radius limits, dry-run enforcement, and SQL safety.
Rate LimitingSession-wide limits, per-tool caps, burst protection, and failure escalation detection.
Compliance and AuditRegulatory tags, ruleset versioning, dual-mode deployment, and tag-based filtering.
Advanced PatternsNested boolean logic, regex composition, principal claims, template composition, wildcards, and dynamic messages.

How to Use These Patterns

Each pattern page provides one or more complete YAML rulesets. To use a pattern:

  1. Copy the YAML block into a .yaml file.
  2. Adjust the metadata.name, rule id values, and selectors to match your tools.
  3. Load with Edictum.from_yaml("your-file.yaml").

Patterns can be combined by merging rulesets from multiple bundles into a single file under one rules: array, or by loading multiple bundles into separate Edictum instances.

For the full YAML schema, see the YAML Rule Reference. For operator details, see the Operator Reference.

Last updated on

Templates

Edictum ships four built-in rule templates for common agent patterns, and you can create your own.

Access Control Patterns

Access control rulesets determine **who** can use **which tools** in **which environments**.

On this page

PatternsHow to Use These Patterns