Skip to main content
Use this endpoint to treat policy configuration as code.

POST /v1/policies/sync

Canonical policy sync endpoint.

POST /v1/sync

Alias endpoint with the same behavior and response contract as /v1/policies/sync.

Auth

Dashboard user session auth (not workspace API key).

Idempotency

You can set Idempotency-Key header to make repeated CI retries safe. 
Idempotency-Key: deploy-2026-02-21-001

curl -sS -X POST https://api.clawb.ai/api/v1/policies/sync \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: deploy-2026-02-21-001" \
  -b "<dashboard-session-cookie>" \
  -d '{"dry_run":true,"spec":{"reusable_policy_blocks":{},"agent_groups":[],"bindings":[],"global_guardrails":{}}}'

Response patterns

Dry run: 
{
  "ok": true,
  "dry_run": true,
  "policy_id": "pol_enterprise_sync",
  "current_policy_hash": "...",
  "desired_policy_hash": "...",
  "diff": {"changed": true}
}
Conflict: 
{
  "error": "sync_conflict",
  "current_policy_hash": "..."
}

Junior developer workflow

  1. Run dry_run=true first in CI.
  2. Validate diff output.
  3. Apply with dry_run=false and idempotency key.
  4. Fail the pipeline on sync_conflict and rebase policy source.

What gets synchronized

In addition to policy upserts, the sync process materializes group-to-policy bindings and group memberships from the submitted spec.