Configure Policies
Your Progress
Step 3 of 4 — Define governance rules for your DVE
Step 3: Configure Policy Rules
Policies define how your DVE governs workloads — what it accepts, how it validates execution, and what triggers a blockchain commit. Every policy change is versioned and committed to KNIRVCHAIN automatically.
Core Policy Types
Admission Policy
Controls which workloads your DVE accepts. Define allowlists, rate limits, and authentication requirements.
admission:
max_payload_kb: 512
require_auth: true
allowlist: ["*"]
Execution Policy
Defines resource limits and execution constraints for workloads running inside the DVE.
execution:
max_memory_mb: 512
timeout_seconds: 30
sandbox: strict
Commit Policy
Specifies which events trigger a blockchain commit — creating an immutable entry in the KNIRVCHAIN audit trail.
commit:
on: [execution_complete, policy_change]
include_hash: true
Example: Minimal DVE Policy
knirv dve policy apply --dve-id YOUR_DVE_ID --file policy.yaml
# policy.yaml
version: "1.0"
dve_id: "YOUR_DVE_ID"
admission:
require_auth: true
max_payload_kb: 512
execution:
max_memory_mb: 512
timeout_seconds: 30
sandbox: strict
commit:
on: [execution_complete, policy_change, error]
include_hash: true
chain: knirvchain
Cognitive Engine — Automated Policy Tuning (Pro)
Upgrade to Professional to enable the Cognitive Engine — it automatically tunes your admission and execution policies based on observed workload patterns and flags anomalies before they hit your commit log.