Skip to main content

Policies

Catalyst expresses runtime behaviour declaratively through policies. Policies bind to App IDs and are enforced by the Catalyst data plane — no application code changes required.

Catalyst exposes three policy types:

  • Resiliency policies — configure how the data plane handles failures on outbound calls to other applications and to backing infrastructure (components), including retries, timeouts, and circuit breakers.
  • Configurations — configure runtime settings on an App ID, such as tracing, mTLS, and service invocation access control lists.
  • Workflow access policies (coming soon) — control which App IDs can invoke a workflow or an activity.

MCP access policies are a fourth policy primitive that controls which App IDs can call which MCP servers and their downstream tools. See MCP.

For the policy expression syntax see Policies reference. For an end-to-end MCP example see MCP access policies.

Last updated on