AI makes mistakes! Undisk makes recovery instant: every write is versioned, every file is reversible.
See it heal →

Policy Engine

Control what agents can do with path-based ACLs, file size limits, rate caps, and extension rules. Available on Pro plans and above.
⚠️ Plan gate: policy write/validate actions require Pro or above. On Free, these calls fail with a tier-limit response that includes an upgrade hint.
Replace mode — set the entire policy at once: 
policy({ "action": "write",
  "mode": "replace",
  "pathAcls": [
    { "pattern": "production/**", "permission": "read" },
    { "pattern": "drafts/**", "permission": "read-write" },
    { "pattern": "secrets/**", "permission": "none" }
  ],
  "sizeLimits": [{ "maxBytes": 10485760 }],
  "rateLimits": [{ "maxOps": 1000, "windowSeconds": 60, "scope": "workspace" }],
  "extensionRules": [{ "denied": [".exe", ".sh"] }],
  "secretScanning": { "enabled": true, "block": true }
})
Merge mode — add or remove individual rules without replacing the rest: 
policy({ "action": "write",
  "mode": "merge",
  "add": {
    "pathAcls": [{ "pattern": "logs/**", "permission": "read" }]
  },
  "remove": {
    "pathAcls": [{ "pattern": "drafts/**" }]
  }
})
All top-level fields (pathAcls, sizeLimits, rateLimits, extensionRules, secretScanning, add, remove) are optional — include only what you need. Permission denials return explanatory errors: the agent is told which policy blocked the action and why.
ACL default behavior: When no pathAcls rules exist, all paths are accessible (default-allow). Once any ACL rule is added, behavior switches to default-deny: paths not matched by any rule are blocked. Agent-scoped rules (with agentId) take priority over global rules. Among matching rules, more specific patterns (longer glob) win. Permissions: "read" allows reads/lists/searches only, "read-write" allows all operations, "none" blocks everything. Path convention: MCP tools use paths without a leading slash (e.g., docs/readme.md). Both file paths and ACL patterns are normalized — production/** and /production/** are equivalent. The web file browser uses URL paths with a leading slash; this is handled automatically.