> ## Documentation Index > Fetch the complete documentation index at: https://kosli-mbevc1-patch-1.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Environment Policy Builder > Build a Kosli environment policy YAML interactively in the browser and copy the result into your repo. export const PolicyBuilder = () => { const SCHEMA_URL = "https://docs.kosli.com/schemas/policy/v1"; const BUILTIN_TYPES = ["generic", "jira", "junit", "pull_request", "snyk", "sonar"]; const TERM_KINDS = [{ value: "flow_name", label: "Flow name" }, { value: "flow_tag", label: "Flow tag" }, { value: "artifact_name", label: "Artifact name pattern" }, { value: "custom", label: "Custom comparison" }, { value: "raw", label: "Raw expression" }]; const COMPARE_OPS = ["==", "!=", ">", "<", ">=", "<="]; const CUSTOM_OPS = ["==", "!=", ">", "<", ">=", "<=", "matches", "exists"]; const CUSTOM_CONTEXTS = ["flow.name", "flow.tags.", "artifact.name", "artifact.fingerprint"]; function yamlScalar(s) { if (s === "") return "''"; const reserved = ["true", "false", "null", "yes", "no", "on", "off", "~"]; const needsQuote = (/^\s|\s$/).test(s) || (/^[-?:,\[\]{}#&*!|>'"%@`]/).test(s) || (/:(\s|$)/).test(s) || (/\s#/).test(s) || (/[\n\t]/).test(s) || reserved.includes(s.toLowerCase()) || (/^[0-9.+-]/).test(s) && !Number.isNaN(Number(s)); if (!needsQuote) return s; return "'" + s.replace(/'/g, "''") + "'"; } function serializePolicy(state) { const lines = ["# yaml-language-server: $schema=" + SCHEMA_URL + ".json", "_schema: " + SCHEMA_URL]; const provOn = state.provReq; const trailOn = state.trailReq; const validAtts = state.atts.filter(a => attestationIsValid(a)); if (!provOn && !trailOn && validAtts.length === 0) { return lines.join("\n") + "\n"; } lines.push("artifacts:"); const booleanBlock = (key, required, exceptions) => { lines.push(" " + key + ":"); lines.push(" required: " + (required ? "true" : "false")); const exprs = exceptions.map(e => serializeExpr(e)).filter(s => s !== ""); if (exprs.length > 0) { lines.push(" exceptions:"); exprs.forEach(expr => { lines.push(" - if: " + yamlScalar(expr)); }); } }; if (provOn) booleanBlock("provenance", true, state.provExc); if (trailOn) booleanBlock("trail-compliance", true, state.trailExc); if (validAtts.length > 0) { lines.push(" attestations:"); validAtts.forEach(a => { const type = a.type === "custom" ? "custom:" + a.customType : a.type; lines.push(" - type: " + yamlScalar(type)); const name = (a.name || "").trim(); if (name !== "" && name !== "*") { lines.push(" name: " + yamlScalar(name)); } if (a.condEnabled) { const expr = serializeExpr(a.cond); if (expr !== "") lines.push(" if: " + yamlScalar(expr)); } }); } return lines.join("\n") + "\n"; } function unwrapExpr(expr) { let s = (expr || "").trim(); if (s.startsWith("${{")) s = s.slice(3); if (s.endsWith("}}")) s = s.slice(0, -2); return s.trim(); } function termToInner(term) { let inner = ""; switch (term.kind) { case "flow_name": inner = `flow.name == "${term.flowName || ""}"`; break; case "flow_tag": inner = `flow.tags.${term.tagKey || ""} ${term.tagOp} "${term.tagValue || ""}"`; break; case "artifact_name": inner = `matches(artifact.name, "${term.artifactRegex || ""}")`; break; case "custom": { const ctx = term.customCtx === "flow.tags." ? "flow.tags." + (term.customTagKey || "") : term.customCtx; if (term.customOp === "exists") { inner = `exists(${ctx})`; } else if (term.customOp === "matches") { inner = `matches(${ctx}, "${term.customValue || ""}")`; } else { inner = `${ctx} ${term.customOp} "${term.customValue || ""}"`; } break; } case "raw": inner = unwrapExpr(term.raw); break; default: inner = ""; } if (inner === "") return ""; return term.negate ? `not (${inner})` : inner; } function serializeExpr(expr) { if (!expr) return ""; const inners = (expr.terms || []).map(termToInner).filter(s => s !== ""); if (inners.length === 0) return ""; if (inners.length === 1) return "${{ " + inners[0] + " }}"; return "${{ " + inners.join(" " + (expr.combine || "and") + " ") + " }}"; } const idBox = useState(() => ({ n: 0 }))[0]; function uid() { idBox.n += 1; return idBox.n; } function newTerm() { return { id: uid(), kind: "flow_name", negate: false, flowName: "", tagKey: "", tagOp: "==", tagValue: "", artifactRegex: "", customCtx: "flow.name", customTagKey: "", customOp: "==", customValue: "", raw: "" }; } function newExpr() { return { id: uid(), combine: "and", terms: [newTerm()] }; } function newAttestation() { return { id: uid(), type: "snyk", customType: "", name: "*", condEnabled: false, cond: newExpr() }; } function attestationIsValid(a) { const type = a.type === "custom" ? "custom:" + (a.customType || "") : a.type; if (a.type === "custom" && !a.customType) return false; if (type === "*" && (a.name || "*") === "*") return false; return true; } const S = { wrap: { display: "grid", gridTemplateColumns: "minmax(0, 1fr) minmax(0, 1.5fr)", gap: "1.25rem", alignItems: "start" }, panel: { border: "1px solid var(--gray-200, #e5e7eb)", borderRadius: "0.5rem", padding: "1rem" }, section: { marginBottom: "1.25rem" }, legend: { fontWeight: 600, marginBottom: "0.5rem", fontSize: "0.95rem" }, row: { display: "flex", gap: "0.5rem", alignItems: "center", flexWrap: "wrap", marginBottom: "0.5rem" }, label: { display: "inline-flex", flexDirection: "row-reverse", alignItems: "center", gap: "0.4rem", fontSize: "0.9rem" }, input: { padding: "0.35rem 0.5rem", border: "1px solid var(--gray-300, #d1d5db)", borderRadius: "0.375rem", fontSize: "0.85rem", background: "var(--background, transparent)", color: "inherit" }, select: { padding: "0.35rem 0.5rem", border: "1px solid var(--gray-300, #d1d5db)", borderRadius: "0.375rem", fontSize: "0.85rem", background: "var(--background, transparent)", color: "inherit" }, btn: { padding: "0.3rem 0.7rem", border: "1px solid var(--gray-300, #d1d5db)", borderRadius: "0.375rem", fontSize: "0.8rem", cursor: "pointer", background: "transparent", color: "inherit" }, btnPrimary: { padding: "0.3rem 0.7rem", border: "none", borderRadius: "0.375rem", fontSize: "0.8rem", cursor: "pointer", background: "#2563eb", color: "#fff" }, card: { border: "1px solid var(--gray-200, #e5e7eb)", borderRadius: "0.375rem", padding: "0.75rem", marginBottom: "0.75rem" }, pre: { margin: 0, padding: "1rem", borderRadius: "0.5rem", background: "#0d1117", color: "#e6edf3", fontFamily: "ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace", fontSize: "0.8rem", lineHeight: 1.5, overflowX: "auto", whiteSpace: "pre" }, warn: { color: "#b45309", fontSize: "0.8rem", margin: "0.25rem 0 0.5rem" }, muted: { fontSize: "0.8rem", opacity: 0.7 }, fieldLabel: { fontWeight: 600, fontSize: "0.85rem", minWidth: "3rem" }, fieldRow: { display: "flex", gap: "0.5rem", alignItems: "center", flexWrap: "wrap", marginBottom: "0.2rem" } }; function termEditor({term, onChange, onRemove, removable, keyId}) { const set = patch => onChange({ ...term, ...patch }); return
{removable && }
{term.kind === "flow_name" &&
flow.name == set({ flowName: e.target.value })} />
} {term.kind === "flow_tag" &&
flow.tags. set({ tagKey: e.target.value })} /> set({ tagValue: e.target.value })} />
} {term.kind === "artifact_name" &&
matches(artifact.name, set({ artifactRegex: e.target.value })} /> )
} {term.kind === "custom" &&
{term.customCtx === "flow.tags." && set({ customTagKey: e.target.value })} />} {term.customOp !== "exists" && set({ customValue: e.target.value })} />}
} {term.kind === "raw" &&
set({ raw: e.target.value })} />
}
; } function expressionEditor({expr, onChange, keyId}) { const setTerm = (i, term) => { const terms = expr.terms.slice(); terms[i] = term; onChange({ ...expr, terms }); }; const removeTerm = i => { const terms = expr.terms.filter((_, idx) => idx !== i); onChange({ ...expr, terms: terms.length ? terms : [newTerm()] }); }; const addTerm = () => onChange({ ...expr, terms: [...expr.terms, newTerm()] }); return
{expr.terms.length > 1 &&
Combine terms with
} {expr.terms.map((term, i) => termEditor({ term, keyId: term.id, onChange: t => setTerm(i, t), onRemove: () => removeTerm(i), removable: expr.terms.length > 1 }))}
; } function exceptionList({exceptions, onChange, label}) { const add = () => onChange([...exceptions, newExpr()]); const remove = i => onChange(exceptions.filter((_, idx) => idx !== i)); const update = (i, expr) => { const next = exceptions.slice(); next[i] = expr; onChange(next); }; return
{exceptions.map((expr, i) =>
{label} exception {i + 1}
{expressionEditor({ expr, onChange: e => update(i, e) })}
)}
; } function attestationRow({att, onChange, onRemove, index}) { const set = patch => onChange({ ...att, ...patch }); const valid = attestationIsValid(att); const typeValue = att.type === "custom" ? "custom" : att.type; return
Attestation {index + 1}
type
{att.type === "custom" &&
custom type set({ customType: e.target.value })} />
}
name set({ name: e.target.value })} />
{!valid &&

{att.type === "custom" && !att.customType ? "Enter a custom type name." : "type and name cannot both be * — give the attestation a name."}

} {att.condEnabled &&
{expressionEditor({ expr: att.cond, onChange: cond => set({ cond }) })}
}
; } const YAML = { key: "#79c0ff", string: "#a5d6ff", bool: "#ff7b72", expr: "#d2a8ff", punct: "#8b949e" }; function highlightValue(value) { if (value === "true" || value === "false") { return {value}; } if (value.includes("${{")) { return {value}; } return {value}; } function highlightYaml(text) { const rows = text.replace(/\n$/, "").split("\n"); return rows.map((line, i) => { if ((/^\s*#/).test(line)) { return
{line}
; } const m = line.match(/^(\s*)(- )?([A-Za-z0-9_.-]+):( ?)(.*)$/); let content; if (!m) { content = line === "" ? " " : line; } else { const indent = m[1]; const dash = m[2]; const key = m[3]; const space = m[4]; const value = m[5]; content = <> {indent} {dash ? {dash} : null} {key} : {space} {value !== "" ? highlightValue(value) : null} ; } return
{content}
; }); } const [provReq, setProvReq] = useState(false); const [provExc, setProvExc] = useState([]); const [trailReq, setTrailReq] = useState(false); const [trailExc, setTrailExc] = useState([]); const [atts, setAtts] = useState([]); const [copied, setCopied] = useState(false); const yaml = useMemo(() => serializePolicy({ provReq, provExc, trailReq, trailExc, atts }), [provReq, provExc, trailReq, trailExc, atts]); const invalidCount = atts.filter(a => !attestationIsValid(a)).length; const copy = () => { if (navigator.clipboard && navigator.clipboard.writeText) { navigator.clipboard.writeText(yaml).then(() => { setCopied(true); setTimeout(() => setCopied(false), 1500); }); } }; return
{}
Provenance
{provReq &&
{exceptionList({ exceptions: provExc, onChange: setProvExc, label: "provenance" })}
}
{}
Trail compliance
{trailReq &&
{exceptionList({ exceptions: trailExc, onChange: setTrailExc, label: "trail-compliance" })}
}
{}
Required attestations
{atts.map((att, i) => attestationRow({ att, index: i, onChange: next => { const arr = atts.slice(); arr[i] = next; setAtts(arr); }, onRemove: () => setAtts(atts.filter((_, idx) => idx !== i)) }))}
policy.yaml
{invalidCount > 0 &&

{invalidCount} attestation rule{invalidCount > 1 ? "s are" : " is"}{" "} incomplete and excluded from the output.

}
{highlightYaml(yaml)}
; }; Use this builder to assemble an [environment policy](/policy-reference/environment_policy). Toggle the requirements you need, add attestation rules and exceptions, then copy the generated YAML into a file in your repo. The output conforms to the [v1 policy schema](https://docs.kosli.com/schemas/policy/v1.json) and runs entirely in your browser — nothing is sent to Kosli. ## Next steps * Save the YAML as a file (e.g. `policy.yaml`) in your repo. * Create or update the policy with [`kosli create policy`](/client_reference/kosli_create_policy). * Attach it to an environment with [`kosli attach-policy`](/client_reference/kosli_attach-policy). ## See also * [Environment Policy](/policy-reference/environment_policy) — full schema reference and field descriptions * [Environment Policies](/getting_started/policies) — concepts, workflow, and enforcement