Policy Configuration

Policies define the conditions under which alerts are generated. Four built-in policy types are pre-seeded in the database.

Policy structure

{
  "id": 1,
  "type": "unknown_agent",
  "name": "Unknown AI Agent Detected",
  "description": "Alert when an unapproved AI agent is running",
  "severity": "high",
  "enabled": true,
  "config": {
    "allowed_agents": ["claude-code", "cursor"]
  }
}

Field	Type	Description
`type`	string	Policy type (see below)
`name`	string	Display name
`description`	string	Human-readable description
`severity`	`low\|medium\|high\|critical`	Alert severity
`enabled`	bool	Whether the policy is active
`config`	object	Type-specific configuration (see below)

Policy types

unknown_agent

Fires when an AI agent name is not in the allowed_agents list.

{
  "type": "unknown_agent",
  "config": {
    "allowed_agents": ["claude-code", "cursor", "copilot"]
  }
}

note

If allowed_agents is empty, the policy is inactive (no alerts generated). Set at least one agent name to activate.

Agent names (canonical names used by adapters):

claude-code
cursor
copilot
amazon-q
chatgpt

unauthorized_api

Fires when an agent connects to a domain not in the allowed_domains list.

{
  "type": "unauthorized_api",
  "config": {
    "allowed_domains": [
      "api.anthropic.com",
      "api.githubcopilot.com"
    ]
  }
}

note

If allowed_domains is empty, the policy is inactive. Requires an explicit domain allowlist.

Common AI API domains:

api.anthropic.com — Claude
api.openai.com — OpenAI
api.githubcopilot.com — GitHub Copilot
codewhisperer.us-east-1.amazonaws.com — Amazon Q

mcp_filesystem

Fires when a detected MCP server exposes filesystem tools (read_file, write_file, list_directory, etc.).

{
  "type": "mcp_filesystem",
  "config": {}
}

No configuration required. The policy uses built-in heuristics to identify filesystem-related MCP tools.

new_mcp_server

Fires the first time a specific MCP server is detected on an endpoint. Uses existing alerts as the "known servers" list — once an alert is acknowledged, the server is considered known.

{
  "type": "new_mcp_server",
  "config": {}
}

Alert deduplication

A new alert is only created if no alert of the same (policy_id, agent_id) combination exists with status open or acknowledged. This prevents alert floods while ensuring the alert persists until it is resolved.

When an alert is resolved, the same condition will trigger a new alert on the next scan.

Default seeded policies

Type	Severity	Enabled by default
`unknown_agent`	high	✅ (empty allowlist — activate by adding agents)
`unauthorized_api`	high	❌ (requires allowlist configuration)
`mcp_filesystem`	medium	✅
`new_mcp_server`	low	✅

Policy structure​

Policy types​

unknown_agent​

unauthorized_api​

mcp_filesystem​

new_mcp_server​

Alert deduplication​

Default seeded policies​