> ## Documentation Index
> Fetch the complete documentation index at: https://docs.meibel.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Update Execution Policy



## OpenAPI

````yaml /api-v2.json put /execution-policies/{policy_id}
openapi: 3.1.0
info:
  title: Meibel AI API
  summary: Meibel Gateway Service
  description: >-
    Our API allows you to interact with our services. Read the
    [docs](https://docs.meibel.ai) to learn how to use it.
  version: 0.6.4
servers:
  - url: https://api.meibel.ai/v2
    description: Meibel API (v2)
  - url: https://api.dev.meibel.ai/v2
    description: Meibel Dev API (v2)
  - url: http://localhost:8000/v2
    description: Local Development
security: []
tags:
  - name: Datasources
    description: v2 datasource management
  - name: Data Elements
    description: v2 data element CRUD and search
  - name: File Upload
    description: Upload files to a datasource and track upload progress
  - name: Ingest
    description: Trigger and monitor datasource ingestion
  - name: Datasource Downloads
    description: Export all datasource content as a zip archive
  - name: Table Descriptions
    description: v2 table and column descriptions
  - name: Metadata Model Catalog
    description: v2 metadata model catalog
  - name: Confidence Scoring
    description: v2 confidence scoring jobs and summaries
  - name: Documents
    description: Parse and transform documents into structured data
  - name: Agents
    description: Agent definition management
  - name: Sessions
    description: Agent session (execution) management and chat
  - name: Execution Policies
    description: Data access and tool usage constraints scoped to agent sessions
  - name: Artifact Schemas
    description: Agent artifact schema management
paths:
  /execution-policies/{policy_id}:
    put:
      tags:
        - Execution Policies
      summary: Update Execution Policy
      operationId: updateExecutionPolicy
      parameters:
        - name: policy_id
          in: path
          required: true
          schema:
            type: string
            title: Policy Id
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateExecutionPolicyRequest'
            examples:
              update_policy:
                summary: Update policy constraints
                value:
                  name: eu-restricted-read-only-v2
                  description: Updated EU restriction with additional tool block
                  execution_policy:
                    datasources:
                      ds_abc123:
                        tables:
                          filter:
                            table.__name__:
                              $in:
                                - orders
                                - customers
                            orders.region:
                              $eq: EU
                          hidden_columns:
                            customers:
                              - ssn
                              - credit_card
                        documents:
                          filter:
                            data_element.__id__:
                              $in:
                                - de_abc
                                - de_def
                      ds_xyz789:
                        disabled: true
                    tools:
                      send_email:
                        variables:
                          to:
                            $eq: support@acme.com
                          max_attachments:
                            $lte: 3
                      web_search:
                        disabled: true
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ExecutionPolicyResponse'
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
      security:
        - APIKeyHeader: []
      x-codeSamples:
        - lang: Python
          label: Python
          source: >-
            from meibel import MeibelClient


            client = MeibelClient(api_key="your-api-key")


            # Create request body

            body = UpdateExecutionPolicyRequest(name="Example")


            result = client.execution_policies.update("policy_id_value",
            body=body)

            print(result)
        - lang: TypeScript
          label: TypeScript
          source: >-
            import { MeibelClient } from 'meibel';


            const client = new MeibelClient({ apiKey: 'your-api-key' });


            // Create request body

            const body = { name: 'Example' };


            const result = await
            client.executionPolicies.update('policy_id_value', body);

            console.log(result);
        - lang: Go
          label: Go
          source: >-
            import v2 "github.com/meibel-ai/meibel-go/v2"


            client := v2.NewClient(v2.WithAPIKey("your-api-key"))

            ctx := context.Background()


            // Create request body

            body := v2.UpdateExecutionPolicyRequest{
                Name: "Example",
            }


            result, err := client.ExecutionPolicies.Update(ctx,
            "policy_id_value", body)

            if err != nil {
                log.Fatal(err)
            }

            fmt.Println(result)
components:
  schemas:
    UpdateExecutionPolicyRequest:
      properties:
        name:
          anyOf:
            - type: string
            - type: 'null'
          title: Name
          description: Updated policy name
        description:
          anyOf:
            - type: string
            - type: 'null'
          title: Description
          description: Updated description
        execution_policy:
          anyOf:
            - $ref: '#/components/schemas/ExecutionPolicy'
            - type: 'null'
          description: Updated ExecutionPolicy payload
      type: object
      title: UpdateExecutionPolicyRequest
      description: UpdateExecutionPolicyRequest
    ExecutionPolicyResponse:
      properties:
        id:
          type: string
          title: Id
        customer_id:
          type: string
          title: Customer Id
        project_id:
          type: string
          title: Project Id
        name:
          type: string
          title: Name
        description:
          anyOf:
            - type: string
            - type: 'null'
          title: Description
        execution_policy:
          $ref: '#/components/schemas/ExecutionPolicy'
        created_at:
          type: string
          format: date-time
          title: Created At
        updated_at:
          type: string
          format: date-time
          title: Updated At
      type: object
      required:
        - id
        - customer_id
        - project_id
        - name
        - execution_policy
        - created_at
        - updated_at
      title: ExecutionPolicyResponse
      description: ExecutionPolicyResponse
    HTTPValidationError:
      properties:
        detail:
          items:
            $ref: '#/components/schemas/ValidationError'
          type: array
          title: Detail
      type: object
      title: HTTPValidationError
    ExecutionPolicy:
      properties:
        datasources:
          anyOf:
            - additionalProperties:
                $ref: '#/components/schemas/DatasourceView'
              type: object
            - type: 'null'
          title: Datasources
          description: >-
            Per-datasource access controls, keyed by datasource_id. Each entry
            can disable the datasource entirely or apply TAG/RAG filters to
            restrict which data is accessible.
        tools:
          anyOf:
            - additionalProperties:
                $ref: '#/components/schemas/ToolConfig'
              type: object
            - type: 'null'
          title: Tools
          description: >-
            Per-tool access controls, keyed by tool instance name. Each entry
            can disable the tool entirely or constrain its parameters to
            specific values or ranges.
      type: object
      title: ExecutionPolicy
      description: >-
        Session-level access constraints (hardrails) for data and tools. 
        Controls what data an agent session can access and what tools it can
        use. Constraints are enforced by the platform at runtime — the agent
        cannot bypass them.  Multiple policies can be composed: stored policies
        (by ID) and/or an inline policy are structurally merged. Overlapping
        datasource or tool entries are combined with ``$and`` (intersection
        semantics).  All filter fields use MongoDB-style constraint operators.
        Plain values are automatically normalized to ``{"$eq": value}``.
    ValidationError:
      properties:
        loc:
          items:
            anyOf:
              - type: string
              - type: integer
          type: array
          title: Location
        msg:
          type: string
          title: Message
        type:
          type: string
          title: Error Type
        input:
          title: Input
        ctx:
          type: object
          title: Context
      type: object
      required:
        - loc
        - msg
        - type
      title: ValidationError
    DatasourceView:
      properties:
        disabled:
          anyOf:
            - type: boolean
            - type: 'null'
          title: Disabled
          description: >-
            When true, the datasource is entirely inaccessible for this session.
            All queries against it will be blocked.
        tables:
          anyOf:
            - $ref: '#/components/schemas/TagConstraints'
            - type: 'null'
          description: >-
            TAG (SQL/database) constraints. Controls table/row access and column
            redaction.
        documents:
          anyOf:
            - $ref: '#/components/schemas/RagConstraints'
            - type: 'null'
          description: >-
            RAG (vector search) constraints. Controls which documents can be
            retrieved.
      type: object
      title: DatasourceView
      description: >-
        Access controls for a single datasource.  Each datasource can be
        entirely disabled, or selectively constrained via TAG (SQL) and/or RAG
        (vector search) filters. Keyed by datasource_id in
        ``ExecutionPolicy.datasources``.
    ToolConfig:
      properties:
        disabled:
          anyOf:
            - type: boolean
            - type: 'null'
          title: Disabled
          description: >-
            When true, the tool is removed from the agent's toolkit for this
            session. The agent will not be able to invoke it.
        variables:
          anyOf:
            - additionalProperties: true
              type: object
            - type: 'null'
          title: Variables
          description: Optional override for the tool's parameters schema
      type: object
      title: ToolConfig
      description: >-
        Access controls for a single tool instance.  Tools can be entirely
        disabled, or have their parameters constrained to specific values or
        ranges. Keyed by tool instance name in ``ExecutionPolicy.tools``. 
        Variable constraints use the same MongoDB-style operators as datasource
        filters. Plain values are automatically normalized to ``{"$eq": value}``
        on construction. All constraints are:   1. Annotated in the tool's
        parameter schema (visible to the LLM)   2. Validated at execution time
        (enforced by the platform)  Supported operators:   - Comparison:
        ``$eq``, ``$ne``, ``$gt``, ``$gte``, ``$lt``, ``$lte``   - Set: ``$in``,
        ``$nin``   - Logical: ``$and``, ``$or``, ``$not``
    TagConstraints:
      properties:
        filter:
          anyOf:
            - additionalProperties: true
              type: object
            - type: 'null'
          title: Filter
          description: Optional override for the tool's parameters schema
        hidden_columns:
          anyOf:
            - additionalProperties:
                items:
                  type: string
                type: array
              type: object
            - type: 'null'
          title: Hidden Columns
          description: >-
            Per-table column names to redact from query output. Keyed by table
            name; values are lists of column names. Columns remain usable in
            WHERE/JOIN — only the final result values are stripped.
        hidden_tables:
          anyOf:
            - items:
                type: string
              type: array
            - type: 'null'
          title: Hidden Tables
          description: >-
            Table names whose columns are fully redacted from query output.
            Tables remain queryable in WHERE/JOIN — only SELECT output is
            stripped.
      type: object
      title: TagConstraints
      description: >-
        Constraints for TAG (SQL/database) queries within a datasource. 
        Controls which tables and rows the agent can access, and which columns
        are redacted from query output.  Filters use MongoDB-style constraint
        dicts. Plain values are automatically normalized to ``{"$eq": value}``
        on construction.  Supported operators:   - Comparison: ``$eq``, ``$ne``,
        ``$gt``, ``$gte``, ``$lt``, ``$lte``   - Set: ``$in``, ``$nin``   -
        Logical: ``$and``, ``$or``, ``$not``
    RagConstraints:
      properties:
        filter:
          anyOf:
            - additionalProperties: true
              type: object
            - type: 'null'
          title: Filter
          description: Optional override for the tool's parameters schema
      type: object
      title: RagConstraints
      description: >-
        Constraints for RAG (vector search) queries within a datasource. 
        Controls which documents the agent can retrieve via vector search. 
        Filters use MongoDB-style constraint dicts. Plain values are
        automatically normalized to ``{"$eq": value}`` on construction. 
        Built-in fields:   - ``data_element.__id__``: scope by data element ID  
        - ``data_element.__name__``: scope by original filename  Custom indexed
        metadata fields (e.g., ``author``, ``document_type``) are also supported
        when configured on the datasource.  Supported operators:   - Comparison:
        ``$eq``, ``$ne``, ``$gt``, ``$gte``, ``$lt``, ``$lte``   - Set: ``$in``,
        ``$nin``   - Logical: ``$and``, ``$or``, ``$not``
  securitySchemes:
    APIKeyHeader:
      type: apiKey
      in: header
      name: Meibel-API-Key

````