# Attestor Policies (DOCS-ATTEST-73-003)

Guidance on verification policies applied by Attestor.

- Scope: DSSE envelope validation, subject hash matching, optional transparency checks.
- Policy fields:
  - allowed issuers / key IDs
  - required predicates (e.g., `stella.ops/vexObservation@v1`)
  - transparency requirements (allow/require/skip)
  - freshness window for attestations
- Determinism: policies must be pure; no external lookups in sealed mode.
- Versioning: include `policyVersion` and hash; store alongside attestation records.