§ 06 · PDP — The policy engine
7 policies, evaluated automatically
Should this person do this?
Every decision is logged with who, what, which policy, the verdict, and why — a complete audit trail for regulators and compliance.
| Policy | What it checks | Verdict on fail |
|---|---|---|
| Cross-Node Trading | A NY trader cannot access Tokyo's trading ledger. | Deny |
| Role-Based Access | You can only use systems your role is authorized for. | Deny |
| Trading Hours | Trades execute only during business hours · 08:00 – 18:00 local. | Deny |
| Clearance Level | Sensitive actions require a minimum clearance level. | Deny |
| Risk Threshold | Employees with high risk scores are blocked from trading. | Monitor |
| Ombudsman Bypass | Hidden auditors can read any system for investigations. | Allow |
| Device Posture | Unencrypted or unmanaged devices are blocked. | Deny |
What a policy looks like
Policies are not buried in code. Each one is a JSON file that a security officer can read, review, and version-control.
If an FX Trader tries to execute a trade or view a ledger whose node does not match their home node — deny the action and provide the remediation path.
Supported Operations
drag_handle
equals
Exact attribute match
close
not_equals
Attribute does not match
block
not_in
Value excluded from set
chevron_left
less_than
Numeric less-than
chevron_right
greater_equal
Numeric greater or equal
timer_off
outside_hours
Outside time window (timezone-aware)
admin_panel_settings
is_ombudsman
Hidden auditor role check
merge
and
All conditions must pass
alt_route
or
Any one condition passes