https://blog.catalyst9.ai/tags/policy/Recent content in Policy on Catalyst9 EngineeringHugoen-usThu, 11 Jun 2026 00:00:00 -0600https://blog.catalyst9.ai/posts/part-13-policy-stacking/Thu, 11 Jun 2026 00:00:00 -0600https://blog.catalyst9.ai/posts/part-13-policy-stacking/We built a real ABAC policy engine on top of the identity and step-up work. You can now express ’everything under LLM/* needs a human in the loop’ as a default, while stacking a more specific rule that says only principals with an openai_admin label can write or delete under LLMS/OPENAI. The client (kpm) consumes the policy signals so get forces step-up, env/run warns about high-value paths, and strict mode makes every decrypt a fresh policy-checked round-trip.