Policy
Policy protocol schemas
Password Complexity Policy
Source: packages/spec/src/security/policy.zod.ts
import { AuditPolicy, NetworkPolicy, PasswordPolicy, Policy, SessionPolicy } from '@objectstack/spec/security';
import type { AuditPolicy, NetworkPolicy, PasswordPolicy, Policy, SessionPolicy } from '@objectstack/spec/security';
// Validate data
const result = AuditPolicy.parse(data);
| Property | Type | Required | Description |
|---|
| logRetentionDays | number | ✅ | |
| sensitiveFields | string[] | ✅ | Fields to redact in logs (e.g. password, ssn) |
| captureRead | boolean | ✅ | Log read access (High volume!) |
| Property | Type | Required | Description |
|---|
| trustedRanges | string[] | ✅ | CIDR ranges allowed to access (e.g. 10.0.0.0/8) |
| blockUnknown | boolean | ✅ | Block all IPs not in trusted ranges |
| vpnRequired | boolean | ✅ | |
| Property | Type | Required | Description |
|---|
| minLength | number | ✅ | |
| requireUppercase | boolean | ✅ | |
| requireLowercase | boolean | ✅ | |
| requireNumbers | boolean | ✅ | |
| requireSymbols | boolean | ✅ | |
| expirationDays | number | optional | Force password change every X days |
| historyCount | number | ✅ | Prevent reusing last X passwords |
| Property | Type | Required | Description |
|---|
| name | string | ✅ | Policy Name |
| password | Object | optional | |
| network | Object | optional | |
| session | Object | optional | |
| audit | Object | optional | |
| isDefault | boolean | ✅ | Apply to all users by default |
| assignedProfiles | string[] | optional | Apply to specific profiles |
| Property | Type | Required | Description |
|---|
| idleTimeout | number | ✅ | Minutes before idle session logout |
| absoluteTimeout | number | ✅ | Max session duration (minutes) |
| forceMfa | boolean | ✅ | Require 2FA for all users |
ObjectStack