> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hitheo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Get, Update, or Delete a Policy

> Fetch, modify, or hard-delete a single guardrail policy.

Fetch, modify, or hard-delete a single guardrail policy. Visibility: author or any member of the owning org. Non-members receive `404` so the existence of team policies is never leaked.

## Authentication

Requires a Bearer token with the `billing` API key scope.

## GET

Fetch the full policy snapshot.

```bash theme={null}
curl https://www.hitheo.ai/api/v1/guardrail-policies/{id} \
  -H "Authorization: Bearer $THEO_API_KEY"
```

```typescript theme={null}
const policy = await theo.guardrails.policies.get(id);
```

## PATCH

Update fields on an existing policy. Sending `rules` replaces the entire rule set (the rules table is treated as a single document on save).

<ParamField body="name" type="string">Policy name.</ParamField>
<ParamField body="description" type="string">Free-text description.</ParamField>
<ParamField body="rules" type="object[]">Replacement rule set.</ParamField>
<ParamField body="enabled" type="boolean">Pause/unpause without deleting.</ParamField>
<ParamField body="is_default" type="boolean">Promote/demote default. One default per scope.</ParamField>

```bash theme={null}
curl -X PATCH https://www.hitheo.ai/api/v1/guardrail-policies/{id} \
  -H "Authorization: Bearer $THEO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "enabled": false }'
```

```typescript theme={null}
await theo.guardrails.policies.update(id, { enabled: false });
```

Team-scoped policies require the `manageWebhooks` permission on the active organization.

## DELETE

Hard delete. Cascade-removes every `api_key_guardrail_policies` binding pointing at this policy — previously-bound keys revert to the strict opt-in default (no enforcement).

```bash theme={null}
curl -X DELETE https://www.hitheo.ai/api/v1/guardrail-policies/{id} \
  -H "Authorization: Bearer $THEO_API_KEY"
```

```typescript theme={null}
await theo.guardrails.policies.delete(id);
```

## Errors

* `400 guardrail_policy_invalid` — Validation failure on PATCH.
* `404 not_found` — Policy doesn't exist or isn't visible to the caller.
* `409 conflict` — Default-uniqueness violation.
