# Policies

## Overview

Collection policies let you set rules that control how environments run within a collection. They enforce approval workflows, budget limits, and blueprint restrictions so every deployment follows a consistent, auditable process.

<figure><img src="/files/HdnvUloTpn0nA5CsMqve" alt=""><figcaption></figcaption></figure>

## Types of collection policies

Bluebricks provides four built-in policies. Each policy is a toggle you enable per collection; some have additional configuration.

### Owner Approval

The Owner Approval policy requires [collection owners](/docs/orchestration/collections/owners-and-members.md) to approve a run before it executes. When enabled, the run pauses until an owner confirms the change.

Use this when you need a review gate for sensitive collections (e.g., staging or production).

### Cost Limit

The Cost Limit policy sets a maximum allowed cost for infrastructure changes in the collection. Bluebricks evaluates the projected cost of an IaC change and blocks it if it exceeds the threshold.

* The limit must be between $1 and $1,000,000
* The limit must be greater than the collection's current cost
* Changes that exceed the limit can still proceed with owner approval

### Allowed Blueprints

The Allowed Blueprints policy restricts which [blueprints](/docs/orchestration/packages/blueprints-overview.md) can be deployed to the collection. For each allowed blueprint, you can choose to permit any version or only specific versions.

* An empty version list means any version is allowed
* A populated version list restricts deployments to those specific versions
* Users can only see blueprints and versions based on their collection [membership](/docs/orchestration/collections/owners-and-members.md)

### Allow Pre-Release Versions

The Allow Pre-Release Versions policy controls whether pre-release blueprint versions can be deployed to the collection. This is a simple toggle with no additional configuration.

## How policy enforcement works

Whenever a run is triggered, Bluebricks evaluates all enabled policies before execution begins. If a policy is violated:

1. The run is paused or blocked
2. A clear explanation shows which policy failed and why
3. You can update inputs, request owner approval, or adjust the policy before retrying


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://bluebricks.co/docs/orchestration/collections/policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.