Policy Enforcement
Learn how policy enforcement works and how to handle policy denials gracefully. The API automatically enforces policies based on scope and purpose.
Handle Policy Denial
Policy denials are expected in some cases. Always handle them gracefully with fallback behavior.
Handle Policy Denial
from memory_scope import MemoryScopeClient
from memory_scope.exceptions import PolicyDeniedError
client = MemoryScopeClient(api_key="your-api-key")
try:
# Try to read preferences for task execution
result = client.read_memory(
user_id="user123",
scope="preferences",
domain="food",
purpose="execute task to auto-order lunch"
)
preferences = result.summary_struct
except PolicyDeniedError:
# Policy denial is expected - preferences can't be used for task execution
# Use default behavior or ask user for permission
preferences = {
"likes": [],
"dislikes": []
}
print("Using default preferences (policy denied)")
# Continue with your logic
generate_recommendations(preferences)Policy Denials Are Not Errors
Policy denials are a security feature, not errors. They indicate that the requested purpose is not allowed for the scope. Always handle them gracefully.
Valid Purpose Examples
Use clear, descriptive purpose strings that accurately explain why you're accessing the memory. Here are examples of valid purposes for different scopes.
Valid Purpose Examples
# Valid purposes for 'preferences' scope
client.read_memory(
user_id="user123",
scope="preferences",
domain="food",
purpose="generate personalized food recommendations for user dashboard"
)
client.read_memory(
user_id="user123",
scope="preferences",
domain="music",
purpose="display user music preferences in profile settings"
)
# Valid purposes for 'constraints' scope
client.read_memory(
user_id="user123",
scope="constraints",
domain="dietary",
purpose="filter restaurant recommendations based on dietary restrictions"
)
client.read_memory(
user_id="user123",
scope="constraints",
domain="budget",
purpose="apply budget constraints to product recommendations"
)Best Practice
Write clear, descriptive purpose strings. Vague purposes like "read data" may be denied. Be specific about what you're doing with the memory.
Scope Selection Guide
Choose the right scope for your use case. This example shows when to use each scope.
Scope Selection
# Use 'preferences' for user likes/dislikes
client.create_memory(
user_id="user123",
scope="preferences",
domain="food",
value_json={"likes": ["pizza", "sushi"]}
)
# Use 'constraints' for rules and restrictions
client.create_memory(
user_id="user123",
scope="constraints",
domain="dietary",
value_json={"rules": ["vegetarian", "no nuts"]}
)
# Use 'facts' for objective information
client.create_memory(
user_id="user123",
scope="facts",
domain="personal",
value_json={"birthday": "1990-01-15", "location": "San Francisco"}
)
# Use 'communication' for style preferences
client.create_memory(
user_id="user123",
scope="communication",
domain=None,
value_json={"preferred_tone": "friendly", "use_emojis": True}
)Check Policy Before Access
You can check if a purpose is allowed before attempting to read. This helps you provide better user experience.
Check Policy Before Access
def can_access_memory(scope, purpose):
"""Check if a purpose is allowed for a scope"""
try:
# Try a test read (you can use a dummy user_id)
client.read_memory(
user_id="test",
scope=scope,
domain=None,
purpose=purpose
)
return True
except PolicyDeniedError:
return False
# Check before attempting to use
if can_access_memory("preferences", "generate recommendations"):
result = client.read_memory(
user_id="user123",
scope="preferences",
domain="food",
purpose="generate recommendations"
)
use_preferences(result.summary_struct)
else:
# Use alternative approach
use_default_recommendations()Related Documentation