Skip to content
SASY Policy Demo

Policy Walkthrough

This page shows the full policy translation from English to enforced Datalog, clause by clause.

Three Representations

Section titled “Three Representations”
# Airline Booking Policy


## Default behavior
- All actions are authorized by default


## Cancellation policy
- Gold members can cancel any reservation,
  regardless of insurance status
- Silver and regular members can only cancel
  if the reservation has travel insurance
- Deny cancellation if the reservation has
  no insurance and the member is not gold


## Flight modification policy
- Economy reservations can be modified by any member
- Basic economy reservations can only be modified
  by silver or gold members
- Deny flight modifications on basic economy
  reservations for regular members

Clause-by-Clause Breakdown

Section titled “Clause-by-Clause Breakdown”

Each clause maps English intent to a concrete Datalog rule. Click to expand.

C1: Authorize all actions by default

English: “All actions are authorized by default”

Datalog:

IsAuthorized(idx) :- Actions(idx, _).

Every tool call is allowed unless a specific Unauthorized rule overrides it. Without this rule, tools like get_reservation_details would be blocked — even though the policy has no rules about them.

Cancellation Rules

Section titled “Cancellation Rules”
C2: Allow cancel if gold member

English: “Gold members can cancel any reservation, regardless of insurance status”

Datalog:

IsAuthorized(idx) :-
    Actions(idx, a),
    IsTool(a, "cancel_reservation"),
    ToolResultField("get_reservation_details",
        "membership", "gold").

Checks the membership field from get_reservation_details. Gold overrides the insurance check entirely.

C3: Allow cancel if has insurance

English: “Silver and regular members can only cancel if the reservation has travel insurance”

Datalog:

IsAuthorized(idx) :-
    Actions(idx, a),
    IsTool(a, "cancel_reservation"),
    ToolResultField("get_reservation_details",
        "insurance", "yes").

Any member with insurance can cancel, regardless of tier.

C4: Deny cancel if no insurance, not gold

English: “Deny cancellation if the reservation has no insurance and the member is not gold”

Datalog:

// @deny_message: Cannot cancel without insurance
//   unless you are a gold member
// @suggestion: Consider adding travel insurance
// @tool_pattern: cancel_reservation
Unauthorized(idx) :-
    Actions(idx, a),
    IsTool(a, "cancel_reservation"),
    ToolResultField("get_reservation_details",
        "insurance", "no"),
    !ToolResultField("get_reservation_details",
        "membership", "gold").

The @deny_message is shown to the agent when the action is denied. The agent relays this to the customer.

C5: Guard — deny cancel if not looked up

Why: The agent must call get_reservation_details before attempting to cancel. Otherwise it could bypass the insurance check.

Datalog:

// @deny_message: Look up reservation details first
// @tool_pattern: cancel_reservation
Unauthorized(idx) :-
    Actions(idx, a),
    IsTool(a, "cancel_reservation"),
    !ToolResultField("get_reservation_details",
        "insurance", _).

The !ToolResultField(..., _) checks that the lookup hasn’t happened yet. This is a prerequisite guard — a common pattern for policies that depend on runtime data.

Modification Rules

Section titled “Modification Rules”
C6: Allow modify if economy cabin

English: “Economy reservations can be modified by any member”

Datalog:

IsAuthorized(idx) :-
    Actions(idx, a),
    IsTool(a, "update_reservation_flights"),
    ToolResultField("get_reservation_details",
        "cabin", "economy").
C7: Allow modify basic economy for silver/gold

English: “Basic economy reservations can only be modified by silver or gold members”

Datalog:

IsAuthorized(idx) :-
    Actions(idx, a),
    IsTool(a, "update_reservation_flights"),
    ToolResultField("get_reservation_details",
        "cabin", "basic_economy"),
    ToolResultField("get_reservation_details",
        "membership", "silver").


/* (similar rule for gold) */
C8: Deny modify basic economy for regular

English: “Deny flight modifications on basic economy reservations for regular members”

Datalog:

// @deny_message: Regular members cannot modify
//   basic economy reservations
// @suggestion: Upgrade membership or cabin class
// @tool_pattern: update_reservation_flights
Unauthorized(idx) :-
    Actions(idx, a),
    IsTool(a, "update_reservation_flights"),
    ToolResultField("get_reservation_details",
        "cabin", "basic_economy"),
    ToolResultField("get_reservation_details",
        "membership", "regular").
C9: Guard — deny modify if not looked up

Datalog:

// @deny_message: Look up reservation details first
// @tool_pattern: update_reservation_flights
Unauthorized(idx) :-
    Actions(idx, a),
    IsTool(a, "update_reservation_flights"),
    !ToolResultField("get_reservation_details",
        "cabin", _).

Same pattern as C5 — ensures the agent looks up reservation details before attempting to modify.

Truth Table

Section titled “Truth Table”

Every combination of attributes was tested:

ActionMembershipInsuranceCabinDecision
cancelgoldnoALLOW
cancelgoldyesALLOW
cancelsilveryesALLOW
cancelsilvernoDENY
cancelregularyesALLOW
cancelregularnoDENY
cancelunknownnoGUARD_DENY
modifyanyeconomyALLOW
modifysilverbasic_economyALLOW
modifygoldbasic_economyALLOW
modifyregularbasic_economyDENY
modifyunknownunknownGUARD_DENY