> ## Documentation Index > Fetch the complete documentation index at: https://docs.trulayer.ai/llms.txt > Use this file to discover all available pages before exploring further. # List Control Loop Policies (TRU-67 Phase 1) > Dashboard-only. Supports optional status filter + pagination. ## OpenAPI ````yaml /api-reference/openapi.yaml get /v1/policies openapi: 3.1.0 info: title: TruLayer API version: 0.1.0 description: | Trace ingestion, evaluation, query, and feedback API for TruLayer AI. ### Authentication Two auth schemes coexist: SDK API keys (`Authorization: Bearer tl_...`) and Clerk session JWTs (dashboard). Routes marked "requires Clerk auth" in their summary are unreachable via API key. ### Roles (TRU-234) Dashboard requests carry one of three organization roles: `owner`, `member`, `viewer`. Endpoints enforce role allowlists, not rank comparisons. See `docs/security.md` for the full role-permission matrix. - **owner** — full control including billing, member management, destructive deletes on failure-rules/model-routes/webhooks/eval-rules, control-loop execution, and DLQ resolution. - **member** — read + write (ingest, feedback, evals, API keys, projects, failure-rules, model-routes, webhooks). - **viewer** — read-only dashboard access plus compliance read access to `/v1/audit-log` and `/v1/dlq`. servers: - url: https://api.trulayer.ai description: Production - url: http://localhost:8080 description: Local development security: - BearerAuth: [] tags: - name: health - name: ingest - name: traces - name: metrics - name: feedback - name: evals - name: eval-rules - name: control - name: apikeys - name: model-routes - name: datasets - name: search - name: anomaly - name: webhooks - name: failure-rules - name: eval-runs - name: ci - name: otlp - name: billing - name: deprecations - name: audit - name: failures - name: projects - name: compliance - name: dsr - name: policies - name: members paths: /v1/policies: get: tags: - policies summary: List Control Loop Policies (TRU-67 Phase 1) description: Dashboard-only. Supports optional status filter + pagination. operationId: listPolicies parameters: - name: status in: query description: Filter by lifecycle status. schema: type: string enum: - draft - active - paused - archived - name: limit in: query description: Page size (1–200, default 50). schema: type: integer default: 50 minimum: 1 maximum: 200 - name: offset in: query description: Offset into the result set (default 0). schema: type: integer minimum: 0 default: 0 responses: '200': description: Page of policies content: application/json: schema: $ref: '#/components/schemas/PolicyListResponse' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' components: schemas: PolicyListResponse: type: object required: - items - total - limit - offset properties: items: type: array items: $ref: '#/components/schemas/Policy' total: type: integer format: int64 limit: type: integer offset: type: integer Policy: type: object required: - id - created_at - updated_at - tenant_id - name - description - status - rule_yaml - trigger_type - action_type - rollout_pct - dry_run - created_by - max_retry_depth - max_cascade_depth properties: id: type: string format: uuid created_at: type: string format: date-time updated_at: type: string format: date-time tenant_id: type: string format: uuid name: type: string description: type: string status: type: string enum: - draft - active - paused - archived rule_yaml: type: string description: Raw YAML DSL as authored. Opaque to the server in Phase 1. trigger_type: type: string enum: - eval_score - anomaly - failure_rate description: Denormalised summary of the `when:` clause for fast filtering. action_type: type: string enum: - retry - fallback_model - route_pct - block - escalate description: Denormalised summary of the `then:` clause for fast filtering. rollout_pct: type: integer minimum: 0 maximum: 100 description: >- Staged-rollout percentage. 0 means the policy is authored but inactive. dry_run: type: boolean description: >- When true, the evaluator records observations without applying the action. created_by: type: string description: Clerk user ID of the author. max_retry_depth: type: integer minimum: 1 maximum: 10 description: | Per-policy retry depth cap (TRU-362). When the executor counts this many or more previously-executed retry actions on a trace for this policy, the next retry is auto-converted to an `escalate` action and routed through the HITL pending_approval queue. Default 3. max_cascade_depth: type: integer minimum: 1 maximum: 20 description: | Per-policy cascade depth cap (TRU-371). Counts every remediation action on the trace — `retry` plus `fallback_model` plus `prompt_modification` — across all policies. When the count reaches this many, the next remediation is auto-converted to `escalate` and parked in the HITL queue. Distinct from `max_retry_depth` which counts retries only; both gates run per `Execute` call and whichever fires first wins. Default 5. ErrorResponse: type: object required: - error properties: error: type: string responses: BadRequest: description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Unauthorized: description: Missing or invalid credentials content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' securitySchemes: BearerAuth: type: http scheme: bearer description: SDK API key (`tl_...`) or Clerk session JWT ````