openclaw/scripts/lib/policy-config-coverage.jsonc

{
  // Internal maintainer inventory for `pnpm policy:config-coverage`.
  // Keep this report-only by default: it helps policy maintainers notice config
  // drift without making every config PR author update Policy.
  "monitored": [
    "auth.profiles.*.mode",
    "auth.profiles.*.provider",
    "browser.ssrfPolicy.allowPrivateNetwork",
    "browser.ssrfPolicy.dangerouslyAllowPrivateNetwork",
    "channels.*.accounts.*.dmPolicy",
    "channels.*.accounts.*.groupPolicy",
    "channels.*.accounts.*.groups.*.requireMention",
    "channels.*.dmPolicy",
    "channels.*.enabled",
    "channels.*.groupPolicy",
    "channels.*.groups.*.requireMention",
    "diagnostics.otel.captureContent",
    "gateway.auth.mode",
    "gateway.auth.rateLimit.*",
    "gateway.bind",
    "gateway.controlUi.allowInsecureAuth",
    "gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback",
    "gateway.controlUi.dangerouslyDisableDeviceAuth",
    "gateway.customBindHost",
    "gateway.http.endpoints.*.*.allowUrl",
    "gateway.http.endpoints.*.*.urlAllowlist.*",
    "gateway.http.endpoints.*.enabled",
    "gateway.mode",
    "gateway.remote.enabled",
    "gateway.tailscale.mode",
    "gateway.tailscale.preserveFunnel",
    "logging.redactSensitive",
    "memory.qmd.sessions.enabled",
    "mcp.servers.*.command",
    "mcp.servers.*.transport",
    "mcp.servers.*.url",
    "models.providers.*.type",
    "models.selected",
    "models.selectedByAgent.*",
    "models.selectedByChannel.*",
    "session.dmScope",
    "session.maintenance.mode",
    "secrets.defaults.provider",
    "secrets.providers.*.allowInsecureTransport",
    "secrets.providers.*.source",
    "tools.allow.*",
    "tools.alsoAllow.*",
    "tools.deny.*",
    "tools.elevated.allowFrom.*.*",
    "tools.elevated.enabled",
    "tools.exec.ask",
    "tools.exec.host",
    "tools.exec.security",
    "tools.fs.workspaceOnly",
    "tools.profile",
    "tools.sandbox.tools.allow.*",
    "tools.sandbox.tools.alsoAllow.*",
    "tools.sandbox.tools.deny.*",
    "tools.web.fetch.ssrfPolicy.allowIpv6UniqueLocalRange",
    "tools.web.fetch.ssrfPolicy.allowPrivateNetwork",
    "tools.web.fetch.ssrfPolicy.allowRfc2544BenchmarkRange",
    "tools.web.fetch.ssrfPolicy.dangerouslyAllowPrivateNetwork",
    "agents.defaults.memorySearch.enabled",
    "agents.defaults.memorySearch.experimental.sessionMemory",
    "agents.defaults.memorySearch.sources.*",
    "agents.defaults.model.fallbacks.*",
    "agents.defaults.model.primary",
    "agents.defaults.models.*.alias",
    "agents.defaults.sandbox.backend",
    "agents.defaults.sandbox.browser.binds.*",
    "agents.defaults.sandbox.browser.cdpSourceRange",
    "agents.defaults.sandbox.docker.apparmorProfile",
    "agents.defaults.sandbox.docker.binds.*",
    "agents.defaults.sandbox.docker.dangerouslyAllowContainerNamespaceJoin",
    "agents.defaults.sandbox.docker.network",
    "agents.defaults.sandbox.docker.readOnlyRoot",
    "agents.defaults.sandbox.docker.seccompProfile",
    "agents.defaults.sandbox.mode",
    "agents.defaults.sandbox.workspaceAccess",
    "agents.defaults.tools.allow.*",
    "agents.defaults.tools.alsoAllow.*",
    "agents.defaults.tools.deny.*",
    "agents.defaults.tools.elevated.allowFrom.*.*",
    "agents.defaults.tools.elevated.enabled",
    "agents.defaults.tools.exec.ask",
    "agents.defaults.tools.exec.host",
    "agents.defaults.tools.exec.security",
    "agents.defaults.tools.fs.workspaceOnly",
    "agents.defaults.tools.profile",
    "agents.defaults.tools.sandbox.tools.allow.*",
    "agents.defaults.tools.sandbox.tools.alsoAllow.*",
    "agents.defaults.tools.sandbox.tools.deny.*",
    "agents.list.*.memorySearch.enabled",
    "agents.list.*.memorySearch.experimental.sessionMemory",
    "agents.list.*.memorySearch.sources.*",
    "agents.list.*.model.fallbacks.*",
    "agents.list.*.model.primary",
    "agents.list.*.models.*.alias",
    "agents.list.*.sandbox.backend",
    "agents.list.*.sandbox.browser.binds.*",
    "agents.list.*.sandbox.browser.cdpSourceRange",
    "agents.list.*.sandbox.docker.apparmorProfile",
    "agents.list.*.sandbox.docker.binds.*",
    "agents.list.*.sandbox.docker.dangerouslyAllowContainerNamespaceJoin",
    "agents.list.*.sandbox.docker.network",
    "agents.list.*.sandbox.docker.readOnlyRoot",
    "agents.list.*.sandbox.docker.seccompProfile",
    "agents.list.*.sandbox.mode",
    "agents.list.*.sandbox.workspaceAccess",
    "agents.list.*.tools.allow.*",
    "agents.list.*.tools.alsoAllow.*",
    "agents.list.*.tools.deny.*",
    "agents.list.*.tools.elevated.allowFrom.*.*",
    "agents.list.*.tools.elevated.enabled",
    "agents.list.*.tools.exec.ask",
    "agents.list.*.tools.exec.host",
    "agents.list.*.tools.exec.security",
    "agents.list.*.tools.fs.workspaceOnly",
    "agents.list.*.tools.profile",
    "agents.list.*.tools.sandbox.tools.allow.*",
    "agents.list.*.tools.sandbox.tools.alsoAllow.*",
    "agents.list.*.tools.sandbox.tools.deny.*",
  ],
  "classifications": [
    {
      "pattern": "browser.ssrfPolicy.dangerouslyAllowPrivateNetwork",
      "status": "observed",
      "area": "network",
      "policy": "network.privateNetwork.allow",
      "reason": "Policy observes private-network browser SSRF posture.",
    },
    {
      "pattern": "browser.ssrfPolicy.allowPrivateNetwork",
      "status": "observed",
      "area": "network",
      "policy": "network.privateNetwork.allow",
      "reason": "Policy observes the legacy browser private-network toggle.",
      "allowNoSchemaPath": true,
    },
    {
      "pattern": "tools.web.fetch.ssrfPolicy.dangerouslyAllowPrivateNetwork",
      "status": "observed",
      "area": "network",
      "policy": "network.privateNetwork.allow",
      "reason": "Policy observes private-network web-fetch SSRF posture.",
      "allowNoSchemaPath": true,
    },
    {
      "pattern": "tools.web.fetch.ssrfPolicy.allowPrivateNetwork",
      "status": "observed",
      "area": "network",
      "policy": "network.privateNetwork.allow",
      "reason": "Policy observes the legacy web-fetch private-network toggle.",
      "allowNoSchemaPath": true,
    },
    {
      "pattern": "tools.web.fetch.ssrfPolicy.allowRfc2544BenchmarkRange",
      "status": "observed",
      "area": "network",
      "policy": "network.privateNetwork.allow",
      "reason": "Policy treats RFC 2544 benchmark ranges as private-network posture.",
    },
    {
      "pattern": "tools.web.fetch.ssrfPolicy.allowIpv6UniqueLocalRange",
      "status": "observed",
      "area": "network",
      "policy": "network.privateNetwork.allow",
      "reason": "Policy treats IPv6 unique-local ranges as private-network posture.",
    },
    {
      "pattern": "session.dmScope",
      "status": "observed",
      "area": "ingress",
      "policy": "ingress.session.requireDmScope",
      "reason": "Policy observes direct-message session isolation scope.",
    },
    {
      "pattern": "logging.redactSensitive",
      "status": "observed",
      "area": "dataHandling",
      "policy": "dataHandling.sensitiveLogging.requireRedaction",
      "reason": "Policy observes sensitive log redaction posture.",
      "allowNoSchemaPath": true,
    },
    {
      "pattern": "diagnostics.otel.captureContent",
      "status": "observed",
      "area": "dataHandling",
      "policy": "dataHandling.telemetry.denyContentCapture",
      "reason": "Policy observes telemetry content-capture posture.",
      "allowNoSchemaPath": true,
    },
    {
      "pattern": "session.maintenance.mode",
      "status": "observed",
      "area": "dataHandling",
      "policy": "dataHandling.retention.requireSessionMaintenance",
      "reason": "Policy observes session maintenance enforcement posture.",
    },
    {
      "pattern": "memory.qmd.sessions.enabled",
      "status": "observed",
      "area": "dataHandling",
      "policy": "dataHandling.memory.denySessionTranscriptIndexing",
      "reason": "Policy observes QMD session-transcript indexing.",
    },
    {
      "pattern": "agents.defaults.memorySearch.enabled",
      "status": "observed",
      "area": "dataHandling",
      "policy": "dataHandling.memory.denySessionTranscriptIndexing",
      "reason": "Policy observes default memory-search session indexing enablement.",
    },
    {
      "pattern": "agents.defaults.memorySearch.experimental.sessionMemory",
      "status": "observed",
      "area": "dataHandling",
      "policy": "dataHandling.memory.denySessionTranscriptIndexing",
      "reason": "Policy observes default memory-search session-memory toggle.",
    },
    {
      "pattern": "agents.defaults.memorySearch.sources.*",
      "status": "observed",
      "area": "dataHandling",
      "policy": "dataHandling.memory.denySessionTranscriptIndexing",
      "reason": "Policy observes whether default memory-search sources include sessions.",
    },
    {
      "pattern": "agents.list.*.memorySearch.enabled",
      "status": "observed",
      "area": "dataHandling",
      "policy": "dataHandling.memory.denySessionTranscriptIndexing",
      "reason": "Policy observes per-agent memory-search session indexing enablement.",
    },
    {
      "pattern": "agents.list.*.memorySearch.experimental.sessionMemory",
      "status": "observed",
      "area": "dataHandling",
      "policy": "dataHandling.memory.denySessionTranscriptIndexing",
      "reason": "Policy observes per-agent memory-search session-memory toggle.",
    },
    {
      "pattern": "agents.list.*.memorySearch.sources.*",
      "status": "observed",
      "area": "dataHandling",
      "policy": "dataHandling.memory.denySessionTranscriptIndexing",
      "reason": "Policy observes whether per-agent memory-search sources include sessions.",
    },
    {
      "pattern": "auth.profiles.*.mode",
      "status": "observed",
      "area": "auth",
      "policy": "auth.profiles.allowModes",
      "reason": "Policy observes configured auth profile mode metadata.",
    },
    {
      "pattern": "auth.profiles.*.provider",
      "status": "observed",
      "area": "auth",
      "policy": "auth.profiles.requireMetadata",
      "reason": "Policy observes configured auth profile provider metadata.",
    },
    {
      "pattern": "channels.*.enabled",
      "status": "observed",
      "area": "channels",
      "policy": "channels.denyRules",
      "reason": "Provider deny rules only apply to enabled configured channels.",
    },
    {
      "pattern": "channels.*.accounts.*.dmPolicy",
      "status": "observed",
      "area": "ingress",
      "policy": "ingress.channels.allowDmPolicies",
      "reason": "Policy observes account-level direct-message access posture.",
    },
    {
      "pattern": "channels.*.dmPolicy",
      "status": "observed",
      "area": "ingress",
      "policy": "ingress.channels.allowDmPolicies",
      "reason": "Policy observes channel-level direct-message access posture.",
    },
    {
      "pattern": "channels.*.accounts.*.groupPolicy",
      "status": "observed",
      "area": "ingress",
      "policy": "ingress.channels.denyOpenGroups",
      "reason": "Policy observes account-level group access posture.",
    },
    {
      "pattern": "channels.*.groupPolicy",
      "status": "observed",
      "area": "ingress",
      "policy": "ingress.channels.denyOpenGroups",
      "reason": "Policy observes channel-level group access posture.",
    },
    {
      "pattern": "channels.*.accounts.*.groups.*.requireMention",
      "status": "observed",
      "area": "ingress",
      "policy": "ingress.channels.requireMentionInGroups",
      "reason": "Policy observes account group mention gates.",
    },
    {
      "pattern": "channels.*.groups.*.requireMention",
      "status": "observed",
      "area": "ingress",
      "policy": "ingress.channels.requireMentionInGroups",
      "reason": "Policy observes channel group mention gates.",
    },
    {
      "pattern": "gateway.bind",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.exposure.allowNonLoopbackBind",
      "reason": "Policy observes Gateway bind exposure posture.",
    },
    {
      "pattern": "gateway.customBindHost",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.exposure.allowNonLoopbackBind",
      "reason": "Policy observes custom bind host exposure posture.",
    },
    {
      "pattern": "gateway.tailscale.mode",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.exposure.allowTailscaleFunnel",
      "reason": "Policy observes Tailscale serve/funnel mode when deriving Gateway exposure posture.",
    },
    {
      "pattern": "gateway.tailscale.preserveFunnel",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.exposure.allowTailscaleFunnel",
      "reason": "Policy observes preserveFunnel because serve mode can preserve Funnel exposure.",
    },
    {
      "pattern": "gateway.auth.mode",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.auth.requireAuth",
      "reason": "Policy observes Gateway auth mode posture.",
    },
    {
      "pattern": "gateway.auth.rateLimit.*",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.auth.requireExplicitRateLimit",
      "reason": "Policy observes whether Gateway auth rate limiting is explicitly configured.",
    },
    {
      "pattern": "gateway.controlUi.allowInsecureAuth",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.controlUi.allowInsecure",
      "reason": "Policy observes the Control UI insecure auth toggle.",
    },
    {
      "pattern": "gateway.controlUi.dangerouslyDisableDeviceAuth",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.controlUi.allowInsecure",
      "reason": "Policy observes the Control UI device-auth disable toggle.",
    },
    {
      "pattern": "gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.controlUi.allowInsecure",
      "reason": "Policy observes the Control UI Host-header origin fallback toggle.",
    },
    {
      "pattern": "gateway.mode",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.remote.allow",
      "reason": "Policy observes whether Gateway remote mode is enabled.",
    },
    {
      "pattern": "gateway.remote.enabled",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.remote.allow",
      "reason": "Policy observes explicit remote Gateway enablement.",
    },
    {
      "pattern": "gateway.http.endpoints.*.enabled",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.http.denyEndpoints",
      "reason": "Policy observes Gateway HTTP endpoint enablement.",
    },
    {
      "pattern": "gateway.http.endpoints.*.*.allowUrl",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.http.requireUrlAllowlists",
      "reason": "Policy observes URL-fetch enablement on Gateway HTTP inputs.",
    },
    {
      "pattern": "gateway.http.endpoints.*.*.urlAllowlist.*",
      "status": "observed",
      "area": "gateway",
      "policy": "gateway.http.requireUrlAllowlists",
      "reason": "Policy observes URL-fetch allowlists on Gateway HTTP inputs.",
    },
    {
      "pattern": "mcp.servers.*.command",
      "status": "observed",
      "area": "mcp",
      "policy": "mcp.servers.allow / mcp.servers.deny",
      "reason": "Policy observes configured MCP server ids and command posture context.",
    },
    {
      "pattern": "mcp.servers.*.transport",
      "status": "observed",
      "area": "mcp",
      "policy": "mcp.servers.allow / mcp.servers.deny",
      "reason": "Policy observes configured MCP server transport posture context.",
    },
    {
      "pattern": "mcp.servers.*.url",
      "status": "observed",
      "area": "mcp",
      "policy": "mcp.servers.allow / mcp.servers.deny",
      "reason": "Policy observes configured MCP server URL posture context.",
    },
    {
      "pattern": "models.providers.*.type",
      "status": "observed",
      "area": "models",
      "policy": "models.providers.allow / models.providers.deny",
      "reason": "Policy observes configured provider ids.",
      "allowNoSchemaPath": true,
    },
    {
      "pattern": "models.selected",
      "status": "observed",
      "area": "models",
      "policy": "models.providers.allow / models.providers.deny",
      "reason": "Policy observes selected model refs.",
      "allowNoSchemaPath": true,
    },
    {
      "pattern": "models.selectedByAgent.*",
      "status": "observed",
      "area": "models",
      "policy": "models.providers.allow / models.providers.deny",
      "reason": "Policy observes agent-specific selected model refs.",
      "allowNoSchemaPath": true,
    },
    {
      "pattern": "models.selectedByChannel.*",
      "status": "observed",
      "area": "models",
      "policy": "models.providers.allow / models.providers.deny",
      "reason": "Policy observes channel-specific selected model refs.",
      "allowNoSchemaPath": true,
    },
    {
      "pattern": "agents.defaults.model.**",
      "status": "observed",
      "area": "models",
      "policy": "models.providers.allow / models.providers.deny",
      "reason": "Policy observes default agent model refs.",
    },
    {
      "pattern": "agents.defaults.models.*.alias",
      "status": "observed",
      "area": "models",
      "policy": "models.providers.allow / models.providers.deny",
      "reason": "Policy observes default agent model aliases.",
    },
    {
      "pattern": "agents.list.*.model.**",
      "status": "observed",
      "area": "models",
      "policy": "models.providers.allow / models.providers.deny",
      "reason": "Policy observes per-agent model refs.",
    },
    {
      "pattern": "agents.list.*.models.*.alias",
      "status": "observed",
      "area": "models",
      "policy": "models.providers.allow / models.providers.deny",
      "reason": "Policy observes per-agent model aliases.",
    },
    {
      "pattern": "secrets.defaults.provider",
      "status": "observed",
      "area": "secrets",
      "policy": "secrets.requireManagedProviders",
      "reason": "Policy observes default SecretRef provider provenance.",
      "allowNoSchemaPath": true,
    },
    {
      "pattern": "secrets.providers.*.source",
      "status": "observed",
      "area": "secrets",
      "policy": "secrets.denySources",
      "reason": "Policy observes configured secret provider source type.",
    },
    {
      "pattern": "secrets.providers.*.allowInsecureTransport",
      "status": "observed",
      "area": "secrets",
      "policy": "secrets.allowInsecureProviders",
      "reason": "Policy observes insecure secret-provider transport posture.",
      "allowNoSchemaPath": true,
    },
    {
      "pattern": "tools.profile",
      "status": "observed",
      "area": "tools",
      "policy": "tools.profiles.allow",
      "reason": "Policy observes global tool profile posture.",
    },
    {
      "pattern": "tools.fs.workspaceOnly",
      "status": "observed",
      "area": "tools",
      "policy": "tools.fs.requireWorkspaceOnly",
      "reason": "Policy observes global filesystem workspace-only posture.",
    },
    {
      "pattern": "tools.exec.security",
      "status": "observed",
      "area": "tools",
      "policy": "tools.exec.allowSecurity",
      "reason": "Policy observes global exec security posture.",
    },
    {
      "pattern": "tools.exec.ask",
      "status": "observed",
      "area": "tools",
      "policy": "tools.exec.requireAsk",
      "reason": "Policy observes global exec approval posture.",
    },
    {
      "pattern": "tools.exec.host",
      "status": "observed",
      "area": "tools",
      "policy": "tools.exec.allowHosts",
      "reason": "Policy observes global exec host routing posture.",
    },
    {
      "pattern": "tools.elevated.enabled",
      "status": "observed",
      "area": "tools",
      "policy": "tools.elevated.allow",
      "reason": "Policy observes global elevated tool posture.",
    },
    {
      "pattern": "tools.elevated.allowFrom.*.*",
      "status": "observed",
      "area": "tools",
      "policy": "tools.elevated.allow",
      "reason": "Policy observes global elevated provider allowlists.",
    },
    {
      "pattern": "tools.allow.*",
      "status": "observed",
      "area": "tools",
      "policy": "tool posture evidence",
      "reason": "Policy includes global tool allow posture in evidence for attestation drift.",
    },
    {
      "pattern": "tools.alsoAllow.*",
      "status": "observed",
      "area": "tools",
      "policy": "tools.alsoAllow.expected",
      "reason": "Policy observes global tools.alsoAllow posture.",
    },
    {
      "pattern": "tools.deny.*",
      "status": "observed",
      "area": "tools",
      "policy": "tools.denyTools",
      "reason": "Policy observes global tool deny posture.",
    },
    {
      "pattern": "tools.sandbox.tools.*.*",
      "status": "observed",
      "area": "tools",
      "policy": "tools.denyTools",
      "reason": "Policy observes global sandbox tool posture.",
    },
    {
      "pattern": "agents.*.tools.**",
      "status": "observed",
      "area": "tools",
      "policy": "tools.* scoped by agentIds",
      "reason": "Policy observes default and per-agent tool posture overrides.",
      "allowNoSchemaPath": true,
    },
    {
      "pattern": "agents.list.*.tools.**",
      "status": "observed",
      "area": "tools",
      "policy": "tools.* scoped by agentIds",
      "reason": "Policy observes per-agent tool posture overrides.",
    },
    {
      "pattern": "agents.*.sandbox.mode",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.requireMode",
      "reason": "Policy observes sandbox mode posture.",
    },
    {
      "pattern": "agents.list.*.sandbox.mode",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.requireMode",
      "reason": "Policy observes per-agent sandbox mode posture.",
    },
    {
      "pattern": "agents.*.sandbox.backend",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.allowBackends",
      "reason": "Policy observes sandbox backend posture.",
    },
    {
      "pattern": "agents.list.*.sandbox.backend",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.allowBackends",
      "reason": "Policy observes per-agent sandbox backend posture.",
    },
    {
      "pattern": "agents.*.sandbox.workspaceAccess",
      "status": "observed",
      "area": "agents",
      "policy": "agents.workspace.allowedAccess",
      "reason": "Policy observes sandbox workspace access posture.",
    },
    {
      "pattern": "agents.list.*.sandbox.workspaceAccess",
      "status": "observed",
      "area": "agents",
      "policy": "agents.workspace.allowedAccess",
      "reason": "Policy observes per-agent sandbox workspace access posture.",
    },
    {
      "pattern": "agents.*.sandbox.docker.network",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.denyHostNetwork and sandbox.containers.denyContainerNamespaceJoin",
      "reason": "Policy observes Docker container network posture.",
    },
    {
      "pattern": "agents.list.*.sandbox.docker.network",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.denyHostNetwork and sandbox.containers.denyContainerNamespaceJoin",
      "reason": "Policy observes per-agent Docker container network posture.",
    },
    {
      "pattern": "agents.*.sandbox.docker.binds.*",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.requireReadOnlyMounts and sandbox.containers.denyContainerRuntimeSocketMounts",
      "reason": "Policy observes Docker bind mount posture.",
    },
    {
      "pattern": "agents.list.*.sandbox.docker.binds.*",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.requireReadOnlyMounts and sandbox.containers.denyContainerRuntimeSocketMounts",
      "reason": "Policy observes per-agent Docker bind mount posture.",
    },
    {
      "pattern": "agents.*.sandbox.browser.binds.*",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.requireReadOnlyMounts",
      "reason": "Policy observes sandbox browser bind mount posture.",
    },
    {
      "pattern": "agents.list.*.sandbox.browser.binds.*",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.requireReadOnlyMounts",
      "reason": "Policy observes per-agent sandbox browser bind mount posture.",
    },
    {
      "pattern": "agents.*.sandbox.docker.apparmorProfile",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.denyUnconfinedProfiles",
      "reason": "Policy observes Docker AppArmor profile posture.",
    },
    {
      "pattern": "agents.list.*.sandbox.docker.apparmorProfile",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.denyUnconfinedProfiles",
      "reason": "Policy observes per-agent Docker AppArmor profile posture.",
    },
    {
      "pattern": "agents.*.sandbox.docker.seccompProfile",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.denyUnconfinedProfiles",
      "reason": "Policy observes Docker seccomp profile posture.",
    },
    {
      "pattern": "agents.list.*.sandbox.docker.seccompProfile",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.denyUnconfinedProfiles",
      "reason": "Policy observes per-agent Docker seccomp profile posture.",
    },
    {
      "pattern": "agents.*.sandbox.docker.dangerouslyAllowContainerNamespaceJoin",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.denyContainerNamespaceJoin",
      "reason": "Policy observes explicit Docker namespace-join escape posture.",
    },
    {
      "pattern": "agents.list.*.sandbox.docker.dangerouslyAllowContainerNamespaceJoin",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.denyContainerNamespaceJoin",
      "reason": "Policy observes explicit per-agent Docker namespace-join escape posture.",
    },
    {
      "pattern": "agents.*.sandbox.docker.readOnlyRoot",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.requireReadOnlyMounts",
      "reason": "Policy observes Docker read-only root posture.",
    },
    {
      "pattern": "agents.list.*.sandbox.docker.readOnlyRoot",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.containers.requireReadOnlyMounts",
      "reason": "Policy observes per-agent Docker read-only root posture.",
    },
    {
      "pattern": "agents.*.sandbox.browser.cdpSourceRange",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.browser.requireCdpSourceRange",
      "reason": "Policy observes sandbox browser CDP source range posture.",
    },
    {
      "pattern": "agents.list.*.sandbox.browser.cdpSourceRange",
      "status": "observed",
      "area": "sandbox",
      "policy": "sandbox.browser.requireCdpSourceRange",
      "reason": "Policy observes per-agent sandbox browser CDP source range posture.",
    },
  ],
}