{ // Internal maintainer inventory for `pnpm policy:config-coverage`. // Keep this report-only by default: it helps policy maintainers notice config // drift without making every config PR author update Policy. "monitored": [ "auth.profiles.*.mode", "auth.profiles.*.provider", "browser.ssrfPolicy.allowPrivateNetwork", "browser.ssrfPolicy.dangerouslyAllowPrivateNetwork", "channels.*.accounts.*.dmPolicy", "channels.*.accounts.*.groupPolicy", "channels.*.accounts.*.groups.*.requireMention", "channels.*.dmPolicy", "channels.*.enabled", "channels.*.groupPolicy", "channels.*.groups.*.requireMention", "diagnostics.otel.captureContent", "gateway.auth.mode", "gateway.auth.rateLimit.*", "gateway.bind", "gateway.controlUi.allowInsecureAuth", "gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback", "gateway.controlUi.dangerouslyDisableDeviceAuth", "gateway.customBindHost", "gateway.http.endpoints.*.*.allowUrl", "gateway.http.endpoints.*.*.urlAllowlist.*", "gateway.http.endpoints.*.enabled", "gateway.mode", "gateway.remote.enabled", "gateway.tailscale.mode", "gateway.tailscale.preserveFunnel", "logging.redactSensitive", "memory.qmd.sessions.enabled", "mcp.servers.*.command", "mcp.servers.*.transport", "mcp.servers.*.url", "models.providers.*.type", "models.selected", "models.selectedByAgent.*", "models.selectedByChannel.*", "session.dmScope", "session.maintenance.mode", "secrets.defaults.provider", "secrets.providers.*.allowInsecureTransport", "secrets.providers.*.source", "tools.allow.*", "tools.alsoAllow.*", "tools.deny.*", "tools.elevated.allowFrom.*.*", "tools.elevated.enabled", "tools.exec.ask", "tools.exec.host", "tools.exec.security", "tools.fs.workspaceOnly", "tools.profile", "tools.sandbox.tools.allow.*", "tools.sandbox.tools.alsoAllow.*", "tools.sandbox.tools.deny.*", "tools.web.fetch.ssrfPolicy.allowIpv6UniqueLocalRange", "tools.web.fetch.ssrfPolicy.allowPrivateNetwork", "tools.web.fetch.ssrfPolicy.allowRfc2544BenchmarkRange", "tools.web.fetch.ssrfPolicy.dangerouslyAllowPrivateNetwork", "agents.defaults.memorySearch.enabled", "agents.defaults.memorySearch.experimental.sessionMemory", "agents.defaults.memorySearch.sources.*", "agents.defaults.model.fallbacks.*", "agents.defaults.model.primary", "agents.defaults.models.*.alias", "agents.defaults.sandbox.backend", "agents.defaults.sandbox.browser.binds.*", "agents.defaults.sandbox.browser.cdpSourceRange", "agents.defaults.sandbox.docker.apparmorProfile", "agents.defaults.sandbox.docker.binds.*", "agents.defaults.sandbox.docker.dangerouslyAllowContainerNamespaceJoin", "agents.defaults.sandbox.docker.network", "agents.defaults.sandbox.docker.readOnlyRoot", "agents.defaults.sandbox.docker.seccompProfile", "agents.defaults.sandbox.mode", "agents.defaults.sandbox.workspaceAccess", "agents.defaults.tools.allow.*", "agents.defaults.tools.alsoAllow.*", "agents.defaults.tools.deny.*", "agents.defaults.tools.elevated.allowFrom.*.*", "agents.defaults.tools.elevated.enabled", "agents.defaults.tools.exec.ask", "agents.defaults.tools.exec.host", "agents.defaults.tools.exec.security", "agents.defaults.tools.fs.workspaceOnly", "agents.defaults.tools.profile", "agents.defaults.tools.sandbox.tools.allow.*", "agents.defaults.tools.sandbox.tools.alsoAllow.*", "agents.defaults.tools.sandbox.tools.deny.*", "agents.list.*.memorySearch.enabled", "agents.list.*.memorySearch.experimental.sessionMemory", "agents.list.*.memorySearch.sources.*", "agents.list.*.model.fallbacks.*", "agents.list.*.model.primary", "agents.list.*.models.*.alias", "agents.list.*.sandbox.backend", "agents.list.*.sandbox.browser.binds.*", "agents.list.*.sandbox.browser.cdpSourceRange", "agents.list.*.sandbox.docker.apparmorProfile", "agents.list.*.sandbox.docker.binds.*", "agents.list.*.sandbox.docker.dangerouslyAllowContainerNamespaceJoin", "agents.list.*.sandbox.docker.network", "agents.list.*.sandbox.docker.readOnlyRoot", "agents.list.*.sandbox.docker.seccompProfile", "agents.list.*.sandbox.mode", "agents.list.*.sandbox.workspaceAccess", "agents.list.*.tools.allow.*", "agents.list.*.tools.alsoAllow.*", "agents.list.*.tools.deny.*", "agents.list.*.tools.elevated.allowFrom.*.*", "agents.list.*.tools.elevated.enabled", "agents.list.*.tools.exec.ask", "agents.list.*.tools.exec.host", "agents.list.*.tools.exec.security", "agents.list.*.tools.fs.workspaceOnly", "agents.list.*.tools.profile", "agents.list.*.tools.sandbox.tools.allow.*", "agents.list.*.tools.sandbox.tools.alsoAllow.*", "agents.list.*.tools.sandbox.tools.deny.*", ], "classifications": [ { "pattern": "browser.ssrfPolicy.dangerouslyAllowPrivateNetwork", "status": "observed", "area": "network", "policy": "network.privateNetwork.allow", "reason": "Policy observes private-network browser SSRF posture.", }, { "pattern": "browser.ssrfPolicy.allowPrivateNetwork", "status": "observed", "area": "network", "policy": "network.privateNetwork.allow", "reason": "Policy observes the legacy browser private-network toggle.", "allowNoSchemaPath": true, }, { "pattern": "tools.web.fetch.ssrfPolicy.dangerouslyAllowPrivateNetwork", "status": "observed", "area": "network", "policy": "network.privateNetwork.allow", "reason": "Policy observes private-network web-fetch SSRF posture.", "allowNoSchemaPath": true, }, { "pattern": "tools.web.fetch.ssrfPolicy.allowPrivateNetwork", "status": "observed", "area": "network", "policy": "network.privateNetwork.allow", "reason": "Policy observes the legacy web-fetch private-network toggle.", "allowNoSchemaPath": true, }, { "pattern": "tools.web.fetch.ssrfPolicy.allowRfc2544BenchmarkRange", "status": "observed", "area": "network", "policy": "network.privateNetwork.allow", "reason": "Policy treats RFC 2544 benchmark ranges as private-network posture.", }, { "pattern": "tools.web.fetch.ssrfPolicy.allowIpv6UniqueLocalRange", "status": "observed", "area": "network", "policy": "network.privateNetwork.allow", "reason": "Policy treats IPv6 unique-local ranges as private-network posture.", }, { "pattern": "session.dmScope", "status": "observed", "area": "ingress", "policy": "ingress.session.requireDmScope", "reason": "Policy observes direct-message session isolation scope.", }, { "pattern": "logging.redactSensitive", "status": "observed", "area": "dataHandling", "policy": "dataHandling.sensitiveLogging.requireRedaction", "reason": "Policy observes sensitive log redaction posture.", "allowNoSchemaPath": true, }, { "pattern": "diagnostics.otel.captureContent", "status": "observed", "area": "dataHandling", "policy": "dataHandling.telemetry.denyContentCapture", "reason": "Policy observes telemetry content-capture posture.", "allowNoSchemaPath": true, }, { "pattern": "session.maintenance.mode", "status": "observed", "area": "dataHandling", "policy": "dataHandling.retention.requireSessionMaintenance", "reason": "Policy observes session maintenance enforcement posture.", }, { "pattern": "memory.qmd.sessions.enabled", "status": "observed", "area": "dataHandling", "policy": "dataHandling.memory.denySessionTranscriptIndexing", "reason": "Policy observes QMD session-transcript indexing.", }, { "pattern": "agents.defaults.memorySearch.enabled", "status": "observed", "area": "dataHandling", "policy": "dataHandling.memory.denySessionTranscriptIndexing", "reason": "Policy observes default memory-search session indexing enablement.", }, { "pattern": "agents.defaults.memorySearch.experimental.sessionMemory", "status": "observed", "area": "dataHandling", "policy": "dataHandling.memory.denySessionTranscriptIndexing", "reason": "Policy observes default memory-search session-memory toggle.", }, { "pattern": "agents.defaults.memorySearch.sources.*", "status": "observed", "area": "dataHandling", "policy": "dataHandling.memory.denySessionTranscriptIndexing", "reason": "Policy observes whether default memory-search sources include sessions.", }, { "pattern": "agents.list.*.memorySearch.enabled", "status": "observed", "area": "dataHandling", "policy": "dataHandling.memory.denySessionTranscriptIndexing", "reason": "Policy observes per-agent memory-search session indexing enablement.", }, { "pattern": "agents.list.*.memorySearch.experimental.sessionMemory", "status": "observed", "area": "dataHandling", "policy": "dataHandling.memory.denySessionTranscriptIndexing", "reason": "Policy observes per-agent memory-search session-memory toggle.", }, { "pattern": "agents.list.*.memorySearch.sources.*", "status": "observed", "area": "dataHandling", "policy": "dataHandling.memory.denySessionTranscriptIndexing", "reason": "Policy observes whether per-agent memory-search sources include sessions.", }, { "pattern": "auth.profiles.*.mode", "status": "observed", "area": "auth", "policy": "auth.profiles.allowModes", "reason": "Policy observes configured auth profile mode metadata.", }, { "pattern": "auth.profiles.*.provider", "status": "observed", "area": "auth", "policy": "auth.profiles.requireMetadata", "reason": "Policy observes configured auth profile provider metadata.", }, { "pattern": "channels.*.enabled", "status": "observed", "area": "channels", "policy": "channels.denyRules", "reason": "Provider deny rules only apply to enabled configured channels.", }, { "pattern": "channels.*.accounts.*.dmPolicy", "status": "observed", "area": "ingress", "policy": "ingress.channels.allowDmPolicies", "reason": "Policy observes account-level direct-message access posture.", }, { "pattern": "channels.*.dmPolicy", "status": "observed", "area": "ingress", "policy": "ingress.channels.allowDmPolicies", "reason": "Policy observes channel-level direct-message access posture.", }, { "pattern": "channels.*.accounts.*.groupPolicy", "status": "observed", "area": "ingress", "policy": "ingress.channels.denyOpenGroups", "reason": "Policy observes account-level group access posture.", }, { "pattern": "channels.*.groupPolicy", "status": "observed", "area": "ingress", "policy": "ingress.channels.denyOpenGroups", "reason": "Policy observes channel-level group access posture.", }, { "pattern": "channels.*.accounts.*.groups.*.requireMention", "status": "observed", "area": "ingress", "policy": "ingress.channels.requireMentionInGroups", "reason": "Policy observes account group mention gates.", }, { "pattern": "channels.*.groups.*.requireMention", "status": "observed", "area": "ingress", "policy": "ingress.channels.requireMentionInGroups", "reason": "Policy observes channel group mention gates.", }, { "pattern": "gateway.bind", "status": "observed", "area": "gateway", "policy": "gateway.exposure.allowNonLoopbackBind", "reason": "Policy observes Gateway bind exposure posture.", }, { "pattern": "gateway.customBindHost", "status": "observed", "area": "gateway", "policy": "gateway.exposure.allowNonLoopbackBind", "reason": "Policy observes custom bind host exposure posture.", }, { "pattern": "gateway.tailscale.mode", "status": "observed", "area": "gateway", "policy": "gateway.exposure.allowTailscaleFunnel", "reason": "Policy observes Tailscale serve/funnel mode when deriving Gateway exposure posture.", }, { "pattern": "gateway.tailscale.preserveFunnel", "status": "observed", "area": "gateway", "policy": "gateway.exposure.allowTailscaleFunnel", "reason": "Policy observes preserveFunnel because serve mode can preserve Funnel exposure.", }, { "pattern": "gateway.auth.mode", "status": "observed", "area": "gateway", "policy": "gateway.auth.requireAuth", "reason": "Policy observes Gateway auth mode posture.", }, { "pattern": "gateway.auth.rateLimit.*", "status": "observed", "area": "gateway", "policy": "gateway.auth.requireExplicitRateLimit", "reason": "Policy observes whether Gateway auth rate limiting is explicitly configured.", }, { "pattern": "gateway.controlUi.allowInsecureAuth", "status": "observed", "area": "gateway", "policy": "gateway.controlUi.allowInsecure", "reason": "Policy observes the Control UI insecure auth toggle.", }, { "pattern": "gateway.controlUi.dangerouslyDisableDeviceAuth", "status": "observed", "area": "gateway", "policy": "gateway.controlUi.allowInsecure", "reason": "Policy observes the Control UI device-auth disable toggle.", }, { "pattern": "gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback", "status": "observed", "area": "gateway", "policy": "gateway.controlUi.allowInsecure", "reason": "Policy observes the Control UI Host-header origin fallback toggle.", }, { "pattern": "gateway.mode", "status": "observed", "area": "gateway", "policy": "gateway.remote.allow", "reason": "Policy observes whether Gateway remote mode is enabled.", }, { "pattern": "gateway.remote.enabled", "status": "observed", "area": "gateway", "policy": "gateway.remote.allow", "reason": "Policy observes explicit remote Gateway enablement.", }, { "pattern": "gateway.http.endpoints.*.enabled", "status": "observed", "area": "gateway", "policy": "gateway.http.denyEndpoints", "reason": "Policy observes Gateway HTTP endpoint enablement.", }, { "pattern": "gateway.http.endpoints.*.*.allowUrl", "status": "observed", "area": "gateway", "policy": "gateway.http.requireUrlAllowlists", "reason": "Policy observes URL-fetch enablement on Gateway HTTP inputs.", }, { "pattern": "gateway.http.endpoints.*.*.urlAllowlist.*", "status": "observed", "area": "gateway", "policy": "gateway.http.requireUrlAllowlists", "reason": "Policy observes URL-fetch allowlists on Gateway HTTP inputs.", }, { "pattern": "mcp.servers.*.command", "status": "observed", "area": "mcp", "policy": "mcp.servers.allow / mcp.servers.deny", "reason": "Policy observes configured MCP server ids and command posture context.", }, { "pattern": "mcp.servers.*.transport", "status": "observed", "area": "mcp", "policy": "mcp.servers.allow / mcp.servers.deny", "reason": "Policy observes configured MCP server transport posture context.", }, { "pattern": "mcp.servers.*.url", "status": "observed", "area": "mcp", "policy": "mcp.servers.allow / mcp.servers.deny", "reason": "Policy observes configured MCP server URL posture context.", }, { "pattern": "models.providers.*.type", "status": "observed", "area": "models", "policy": "models.providers.allow / models.providers.deny", "reason": "Policy observes configured provider ids.", "allowNoSchemaPath": true, }, { "pattern": "models.selected", "status": "observed", "area": "models", "policy": "models.providers.allow / models.providers.deny", "reason": "Policy observes selected model refs.", "allowNoSchemaPath": true, }, { "pattern": "models.selectedByAgent.*", "status": "observed", "area": "models", "policy": "models.providers.allow / models.providers.deny", "reason": "Policy observes agent-specific selected model refs.", "allowNoSchemaPath": true, }, { "pattern": "models.selectedByChannel.*", "status": "observed", "area": "models", "policy": "models.providers.allow / models.providers.deny", "reason": "Policy observes channel-specific selected model refs.", "allowNoSchemaPath": true, }, { "pattern": "agents.defaults.model.**", "status": "observed", "area": "models", "policy": "models.providers.allow / models.providers.deny", "reason": "Policy observes default agent model refs.", }, { "pattern": "agents.defaults.models.*.alias", "status": "observed", "area": "models", "policy": "models.providers.allow / models.providers.deny", "reason": "Policy observes default agent model aliases.", }, { "pattern": "agents.list.*.model.**", "status": "observed", "area": "models", "policy": "models.providers.allow / models.providers.deny", "reason": "Policy observes per-agent model refs.", }, { "pattern": "agents.list.*.models.*.alias", "status": "observed", "area": "models", "policy": "models.providers.allow / models.providers.deny", "reason": "Policy observes per-agent model aliases.", }, { "pattern": "secrets.defaults.provider", "status": "observed", "area": "secrets", "policy": "secrets.requireManagedProviders", "reason": "Policy observes default SecretRef provider provenance.", "allowNoSchemaPath": true, }, { "pattern": "secrets.providers.*.source", "status": "observed", "area": "secrets", "policy": "secrets.denySources", "reason": "Policy observes configured secret provider source type.", }, { "pattern": "secrets.providers.*.allowInsecureTransport", "status": "observed", "area": "secrets", "policy": "secrets.allowInsecureProviders", "reason": "Policy observes insecure secret-provider transport posture.", "allowNoSchemaPath": true, }, { "pattern": "tools.profile", "status": "observed", "area": "tools", "policy": "tools.profiles.allow", "reason": "Policy observes global tool profile posture.", }, { "pattern": "tools.fs.workspaceOnly", "status": "observed", "area": "tools", "policy": "tools.fs.requireWorkspaceOnly", "reason": "Policy observes global filesystem workspace-only posture.", }, { "pattern": "tools.exec.security", "status": "observed", "area": "tools", "policy": "tools.exec.allowSecurity", "reason": "Policy observes global exec security posture.", }, { "pattern": "tools.exec.ask", "status": "observed", "area": "tools", "policy": "tools.exec.requireAsk", "reason": "Policy observes global exec approval posture.", }, { "pattern": "tools.exec.host", "status": "observed", "area": "tools", "policy": "tools.exec.allowHosts", "reason": "Policy observes global exec host routing posture.", }, { "pattern": "tools.elevated.enabled", "status": "observed", "area": "tools", "policy": "tools.elevated.allow", "reason": "Policy observes global elevated tool posture.", }, { "pattern": "tools.elevated.allowFrom.*.*", "status": "observed", "area": "tools", "policy": "tools.elevated.allow", "reason": "Policy observes global elevated provider allowlists.", }, { "pattern": "tools.allow.*", "status": "observed", "area": "tools", "policy": "tool posture evidence", "reason": "Policy includes global tool allow posture in evidence for attestation drift.", }, { "pattern": "tools.alsoAllow.*", "status": "observed", "area": "tools", "policy": "tools.alsoAllow.expected", "reason": "Policy observes global tools.alsoAllow posture.", }, { "pattern": "tools.deny.*", "status": "observed", "area": "tools", "policy": "tools.denyTools", "reason": "Policy observes global tool deny posture.", }, { "pattern": "tools.sandbox.tools.*.*", "status": "observed", "area": "tools", "policy": "tools.denyTools", "reason": "Policy observes global sandbox tool posture.", }, { "pattern": "agents.*.tools.**", "status": "observed", "area": "tools", "policy": "tools.* scoped by agentIds", "reason": "Policy observes default and per-agent tool posture overrides.", "allowNoSchemaPath": true, }, { "pattern": "agents.list.*.tools.**", "status": "observed", "area": "tools", "policy": "tools.* scoped by agentIds", "reason": "Policy observes per-agent tool posture overrides.", }, { "pattern": "agents.*.sandbox.mode", "status": "observed", "area": "sandbox", "policy": "sandbox.requireMode", "reason": "Policy observes sandbox mode posture.", }, { "pattern": "agents.list.*.sandbox.mode", "status": "observed", "area": "sandbox", "policy": "sandbox.requireMode", "reason": "Policy observes per-agent sandbox mode posture.", }, { "pattern": "agents.*.sandbox.backend", "status": "observed", "area": "sandbox", "policy": "sandbox.allowBackends", "reason": "Policy observes sandbox backend posture.", }, { "pattern": "agents.list.*.sandbox.backend", "status": "observed", "area": "sandbox", "policy": "sandbox.allowBackends", "reason": "Policy observes per-agent sandbox backend posture.", }, { "pattern": "agents.*.sandbox.workspaceAccess", "status": "observed", "area": "agents", "policy": "agents.workspace.allowedAccess", "reason": "Policy observes sandbox workspace access posture.", }, { "pattern": "agents.list.*.sandbox.workspaceAccess", "status": "observed", "area": "agents", "policy": "agents.workspace.allowedAccess", "reason": "Policy observes per-agent sandbox workspace access posture.", }, { "pattern": "agents.*.sandbox.docker.network", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.denyHostNetwork and sandbox.containers.denyContainerNamespaceJoin", "reason": "Policy observes Docker container network posture.", }, { "pattern": "agents.list.*.sandbox.docker.network", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.denyHostNetwork and sandbox.containers.denyContainerNamespaceJoin", "reason": "Policy observes per-agent Docker container network posture.", }, { "pattern": "agents.*.sandbox.docker.binds.*", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.requireReadOnlyMounts and sandbox.containers.denyContainerRuntimeSocketMounts", "reason": "Policy observes Docker bind mount posture.", }, { "pattern": "agents.list.*.sandbox.docker.binds.*", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.requireReadOnlyMounts and sandbox.containers.denyContainerRuntimeSocketMounts", "reason": "Policy observes per-agent Docker bind mount posture.", }, { "pattern": "agents.*.sandbox.browser.binds.*", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.requireReadOnlyMounts", "reason": "Policy observes sandbox browser bind mount posture.", }, { "pattern": "agents.list.*.sandbox.browser.binds.*", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.requireReadOnlyMounts", "reason": "Policy observes per-agent sandbox browser bind mount posture.", }, { "pattern": "agents.*.sandbox.docker.apparmorProfile", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.denyUnconfinedProfiles", "reason": "Policy observes Docker AppArmor profile posture.", }, { "pattern": "agents.list.*.sandbox.docker.apparmorProfile", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.denyUnconfinedProfiles", "reason": "Policy observes per-agent Docker AppArmor profile posture.", }, { "pattern": "agents.*.sandbox.docker.seccompProfile", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.denyUnconfinedProfiles", "reason": "Policy observes Docker seccomp profile posture.", }, { "pattern": "agents.list.*.sandbox.docker.seccompProfile", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.denyUnconfinedProfiles", "reason": "Policy observes per-agent Docker seccomp profile posture.", }, { "pattern": "agents.*.sandbox.docker.dangerouslyAllowContainerNamespaceJoin", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.denyContainerNamespaceJoin", "reason": "Policy observes explicit Docker namespace-join escape posture.", }, { "pattern": "agents.list.*.sandbox.docker.dangerouslyAllowContainerNamespaceJoin", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.denyContainerNamespaceJoin", "reason": "Policy observes explicit per-agent Docker namespace-join escape posture.", }, { "pattern": "agents.*.sandbox.docker.readOnlyRoot", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.requireReadOnlyMounts", "reason": "Policy observes Docker read-only root posture.", }, { "pattern": "agents.list.*.sandbox.docker.readOnlyRoot", "status": "observed", "area": "sandbox", "policy": "sandbox.containers.requireReadOnlyMounts", "reason": "Policy observes per-agent Docker read-only root posture.", }, { "pattern": "agents.*.sandbox.browser.cdpSourceRange", "status": "observed", "area": "sandbox", "policy": "sandbox.browser.requireCdpSourceRange", "reason": "Policy observes sandbox browser CDP source range posture.", }, { "pattern": "agents.list.*.sandbox.browser.cdpSourceRange", "status": "observed", "area": "sandbox", "policy": "sandbox.browser.requireCdpSourceRange", "reason": "Policy observes per-agent sandbox browser CDP source range posture.", }, ], }