Quickstart
In this guide, you will protect a function with Actra and block unsafe execution before it runs.
The example below blocks refunds above 1000.
1) Define a Schema
The schema describes the data Actra understands.
version: 1
actions:
refund:
fields:
amount: number
actor:
fields:
role: string
snapshot:
fields:
fraud_flag: boolean
2) Define a Policy
This policy blocks refunds greater than 1000.
version: 1
rules:
- id: block_large_refund
scope:
action: refund
when:
subject:
domain: action
field: amount
operator: greater_than
value:
literal: 1000
effect: block
3) Compile and Create Runtime
- JavaScript
- Python
import {
Actra,
ActraRuntime,
ActraPolicyError
} from "@getactra/actra";
const policy = await Actra.fromStrings(schemaYaml, policyYaml);
const runtime = new ActraRuntime(policy);
runtime.setActorResolver(() => ({ role: "support" }));
runtime.setSnapshotResolver(() => ({ fraud_flag: false }));
function refund(amount: number) {
console.log("Refund executed:", amount);
return amount;
}
const protectedRefund = runtime.admit("refund", refund);
await protectedRefund(200); // allowed
await protectedRefund(1500); // blocked
from actra import Actra, ActraPolicyError
from actra.runtime import ActraRuntime
policy = Actra.from_strings(schema_yaml, policy_yaml)
runtime = ActraRuntime(policy)
runtime.set_actor_resolver(lambda ctx: {"role": "support"})
runtime.set_snapshot_resolver(lambda ctx: {"fraud_flag": False})
@runtime.admit()
def refund(amount: int):
print("Refund executed:", amount)
refund(amount=200) # allowed
try:
refund(amount=1500) # blocked
except ActraPolicyError as e:
print("Refund blocked by policy")
print("Rule:", e.matched_rule)
Expected Result
Refunds below 1000 execute normally.
Refunds above 1000 are blocked before execution.
Next Steps
- Learn how policies work in First Policy
- Understand DSL blocks in Schema and Policy
- Explore actor and snapshot resolution