How-to

Allow a specific sender

Applies to: .NET SDK, Node.js SDK Last updated: 2026-06-11

Goal

Add an authorization rule that allows messages from a specific identity to be accepted by your agent.

Code

using HexaEight.Bridge;
using HexaEight.Bridge.Authorization;

var client = new Client();
var policies = (CasbinAuthorizationProvider)client.Authorization;

await policies.AddPolicyRuleAsync(new PolicyRule(
    Sender:      "[email protected]",   // who is allowed
    Destination: "self",                 // to reach my agent
    Realm:       "default",              // baseline rule
    Direction:   "inbound",              // when receiving
    Effect:      "allow"));

Effect

After running this code, the SDK will allow incoming messages from [email protected] to reach your agent. Messages from other senders will be denied (unless another rule allows them) because adding the first rule turns off bootstrap mode.

Verifying the rule fired

Decrypt a message from alice and inspect the result:

var msg = await client.DecryptEnvelopeAsync(envelopeFromAlice);
Console.WriteLine($"Authorized: {msg.Authorized}");   // Allowed

Variations

See also