# POLICY_SCHEMA

` .pi/minimax-policy.json ` controls project-specific behavior. Core harness stays generic; project-specific rules live in policy.

## Merge order

1. global user policy
2. workspace policy
3. project policy
4. task/session policy

Higher layer overrides lower layer.

## Core fields

- `version`
- `name`
- `scope`
- `project`
- `workflow`
- `commandPolicy`
- `rules`
- `artifactPolicy`
- `todoPolicy`
- `memoryPolicy`
- `extensionPolicy`

## Example

```json
{
  "version": 1,
  "name": "project policy",
  "scope": "project",
  "project": {
    "name": "auto",
    "root": "auto",
    "types": ["auto"]
  },
  "commandPolicy": {
    "safeRead": "allow",
    "build": "preflight",
    "install": "require_reason",
    "destructive": "require_approval",
    "deploy": "require_explicit_user_request",
    "database": "require_backup_or_dry_run",
    "network": "require_reason",
    "unknown": "ask"
  },
  "rules": []
}
```

## Artifact rule example

```json
{
  "id": "copied-artifact-hash-match",
  "description": "Copied artifact hash must match source hash.",
  "enabled": true,
  "when": {
    "projectType": "wails",
    "tool": "bash",
    "commandRegex": "copy|cp|xcopy"
  },
  "action": "block",
  "message": "Installer source artifact hash must match built executable hash."
}
```