Skip to main content

Get Policies

GET /api/policies

Authentication

Required. Include a valid session token in the Authorization header.

Request Headers

Authorization
string
required
Bearer token obtained from /api/auth/login. Format: Bearer fn_sess_...

Response

Returns the complete Fishnet configuration object with all security policies.
llm
object
required
LLM proxy configuration including prompt drift detection, size guards, spend tracking, and model settings
http
object
required
HTTP client configuration (timeout, max redirects, etc.)
dashboard
object
required
Dashboard server configuration
alerts
object
required
Alert system configuration
onchain
object
required
On-chain transaction policy configuration
binance
object
required
Binance API proxy configuration including trading limits and blocked endpoints
custom
object
required
Custom service configurations (key-value map of service configs)

Response Example

{
  "llm": {
    "prompt_drift": {
      "enabled": true,
      "mode": "deny"
    },
    "prompt_size_guard": {
      "enabled": true,
      "max_prompt_tokens": 4000,
      "action": "deny"
    },
    "track_spend": true,
    "daily_budget_usd": 20.0,
    "budget_warning_pct": 80,
    "rate_limit_per_minute": 60,
    "allowed_models": [],
    "model_pricing": {
      "gpt-4o": {
        "input_per_million_usd": 2.5,
        "output_per_million_usd": 10.0
      }
    }
  },
  "binance": {
    "enabled": true,
    "max_order_value_usd": 100.0,
    "daily_volume_cap_usd": 1000.0,
    "allow_delete_open_orders": false
  },
  "custom": {
    "github": {
      "base_url": "https://api.github.com",
      "auth_header": "Authorization",
      "auth_value_prefix": "Bearer ",
      "auth_value_env": "GITHUB_TOKEN",
      "blocked_endpoints": ["DELETE /repos/*"],
      "rate_limit": 100,
      "rate_limit_window_seconds": 3600
    }
  }
}

Update Policies

PUT /api/policies

Authentication

Required. Include a valid session token in the Authorization header.

Request Headers

Authorization
string
required
Bearer token obtained from /api/auth/login. Format: Bearer fn_sess_...
Content-Type
string
required
Must be application/json

Request Body

Provide a complete FishnetConfig object. The configuration will be validated before being applied.
llm
object
required
LLM configuration with all required fields
http
object
required
HTTP client configuration
dashboard
object
required
Dashboard configuration
alerts
object
required
Alerts configuration
onchain
object
required
On-chain configuration
binance
object
required
Binance configuration
custom
object
required
Custom services configuration (can be empty object)

Response

saved
boolean
required
Indicates whether the configuration was successfully saved
policy_hash
string
required
Merkle hash of the saved policy version for audit purposes
warning
string
required
Warning message about configuration persistence behavior

Error Responses

error
string
Error message when the update fails

Status Codes

  • 200 OK - Configuration updated and saved successfully
  • 400 Bad Request - Invalid JSON or validation failed
  • 401 Unauthorized - Missing or invalid authentication token
  • 500 Internal Server Error - Failed to activate or persist configuration

Validation

The configuration is validated before being applied:
  • Model pricing must have non-negative finite values
  • Custom service names must be valid
  • Rate limits must be positive numbers
  • All required fields must be present
If validation fails, the request is rejected with a 400 error and the existing configuration remains unchanged.

Persistence

When you update policies:
  1. The configuration is validated
  2. The new config is activated in the running process
  3. The config is persisted to fishnet.toml
  4. If persistence fails, the in-memory config is rolled back
Important: This endpoint overwrites fishnet.toml and does not preserve comments or formatting.

Examples

curl http://localhost:3742/api/policies \
  -H "Authorization: Bearer fn_sess_..."

Hot Reload

Policy updates take effect immediately without restarting Fishnet. All active requests will use the new policies.

Build docs developers (and LLMs) love

Get started for freeTalk to us