Policy Configuration

Policies define the conditions under which alerts are generated. Four built-in policy types are available out of the box.

Policy structure

{
  "id": 1,
  "type": "unknown_agent",
  "name": "Unknown AI Agent Detected",
  "description": "Alert when an unapproved AI agent is running",
  "severity": "high",
  "enabled": true,
  "config": {
    "allowed_agents": ["claude-code", "cursor"]
  }
}

Field	Type	Description
`type`	string	Policy type (see below)
`name`	string	Display name
`description`	string	Human-readable description
`severity`	`low\|medium\|high\|critical`	Alert severity
`enabled`	bool	Whether the policy is active
`config`	object	Type-specific configuration (see below)

Policy types

unknown_agent

Fires when an AI agent name is not in the allowed_agents list.

{
  "type": "unknown_agent",
  "config": {
    "allowed_agents": ["claude-code", "cursor", "copilot"]
  }
}

note

If allowed_agents is empty, the policy is inactive (no alerts generated). Set at least one agent name to activate.

Automatic allowlist update

When an admin approves an agent in the Approval workflow, the agent's name is automatically added to allowed_agents. If no unknown_agent policy exists yet, one is created automatically with severity: high and enabled: true.

Agent names (canonical names used by adapters):

claude-code
cursor
copilot
amazon-q
chatgpt

unauthorized_api

Fires when an agent connects to a domain not in the allowed_domains list.

{
  "type": "unauthorized_api",
  "config": {
    "allowed_domains": [
      "api.anthropic.com",
      "api.githubcopilot.com"
    ]
  }
}

note

If allowed_domains is empty, the policy is inactive. Requires an explicit domain allowlist.

Common AI API domains:

api.anthropic.com — Claude / Claude Code
api.openai.com — OpenAI (ChatGPT, Codex CLI)
api.githubcopilot.com — GitHub Copilot
codewhisperer.us-east-1.amazonaws.com — Amazon Q Developer
api.deepseek.com — DeepSeek
generativelanguage.googleapis.com — Google Gemini
api.mistral.ai — Mistral
api.groq.com — Groq
api.x.ai — xAI Grok
api.cohere.ai — Cohere
api.together.xyz — Together AI
api.perplexity.ai — Perplexity

mcp_filesystem

Fires when a detected MCP server exposes filesystem tools (read_file, write_file, list_directory, etc.).

{
  "type": "mcp_filesystem",
  "config": {}
}

No configuration required. The policy uses built-in heuristics to identify filesystem-related MCP tools.

new_mcp_server

Fires the first time a specific MCP server is detected on an endpoint. Uses existing alerts as the "known servers" list — once an alert is acknowledged, the server is considered known.

{
  "type": "new_mcp_server",
  "config": {}
}

Alert deduplication

Alerts are deduplicated to prevent alert floods: an open alert for the same condition persists until it is resolved. Once resolved, the same condition will trigger a new alert on the next scan.

Default seeded policies

Type	Severity	Enabled by default
`unknown_agent`	high	✅ (empty allowlist — activate by adding agents)
`unauthorized_api`	high	❌ (requires allowlist configuration)
`mcp_filesystem`	medium	✅
`new_mcp_server`	low	✅

Policy structure​

Policy types​

unknown_agent​

unauthorized_api​

mcp_filesystem​

new_mcp_server​

Alert deduplication​

Default seeded policies​