# chainctl libraries policy-gate create

URL: https://edu.chainguard.dev/chainguard/chainctl/chainctl-docs/chainctl_libraries_policy-gate_create.md
Last Modified: June 10, 2026
Tags: chainctl, Reference, Product

 chainctl libraries policy-gate create Create a custom Libraries policy.
chainctl libraries policy-gate create --name NAME [--parent ORGANIZATION_NAME | ORGANIZATION_ID] [--cooldown-days N] [--block ...] [--allow ...] [flags] Examples # Create a policy with a cooldown window and a blocked package chainctl libraries policy-gate create --name=trusted --parent=example.com \ --cooldown-days=14 --block=purl=pkg:pypi/evil # Allow a package to bypass the malware gate (justification required) chainctl libraries policy-gate create --name=trusted --parent=example.com \ --allow=purl=pkg:pypi/requests,bypass-malware=true,justification=&#34;vetted internally&#34; Options --allow stringArray An allow-list entry, formatted as comma-separated key=value pairs (e.g. purl=pkg:pypi/requests,bypass-cooldown=true,bypass-malware=true,justification=&#34;...&#34;). Repeatable. --block stringArray A block-list entry, formatted as comma-separated key=value pairs (e.g. purl=pkg:pypi/requests). Repeatable. --cooldown-days int32 The cooldown window in days (0 disables, 1-30 explicit, omit to inherit the default). (default -1) --description string The description of the policy. --name string The name of the policy. --parent string The name or id of the organization to scope the policy to. Options inherited from parent commands --api string The url of the Chainguard platform API. (default &#34;https://console-api.enforce.dev&#34;) --audience string The Chainguard token audience to request. (default &#34;https://console-api.enforce.dev&#34;) --config string A specific chainctl config file. Uses CHAINCTL_CONFIG environment variable if a file is not passed explicitly. --console string The url of the Chainguard platform Console. (default &#34;https://console.chainguard.dev&#34;) --force-color Force color output even when stdout is not a TTY. -h, --help Help for chainctl --issuer string The url of the Chainguard STS endpoint. (default &#34;https://issuer.enforce.dev&#34;) --log-level string Set the log level (debug, info) (default &#34;ERROR&#34;) -o, --output string Output format. One of: [csv, env, go-template, id, json, markdown, none, table, terse, tree, wide] -v, --v int Set the log verbosity level. SEE ALSO chainctl libraries policy-gate	- Manage Libraries policy gates.