Skip to content

Commit 042bd01

Browse files
giodl73-repogiodl73-repo
committed
docs(policy): add policy rule reference tables
1 parent 87bb373 commit 042bd01

1 file changed

Lines changed: 87 additions & 0 deletions

File tree

docs/cli/policy.md

Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -165,6 +165,93 @@ provider/source posture and SecretRef metadata, never raw secret values. Policy
165165
does not read or attest per-agent credential stores such as `auth-profiles.json`;
166166
those stores remain owned by the existing auth and credential flows.
167167

168+
### Policy rule reference
169+
170+
Each policy field below is optional. A check runs only when the matching rule is
171+
present in `policy.jsonc`. The observed state is existing OpenClaw config or
172+
workspace metadata; policy reports drift but does not rewrite runtime behavior
173+
unless a repair path is explicitly available and enabled.
174+
175+
#### Channels
176+
177+
| Policy field | Observed state | Use when |
178+
| ------------------------------------ | --------------------------------------- | ------------------------------------------------------------ |
179+
| `channels.denyRules[].when.provider` | `channels.*` provider and enabled state | Deny configured channels from a provider such as `telegram`. |
180+
| `channels.denyRules[].reason` | Finding message and repair hint context | Explain why the provider is denied. |
181+
182+
#### MCP servers
183+
184+
| Policy field | Observed state | Use when |
185+
| ------------------- | ------------------- | ---------------------------------------------------------- |
186+
| `mcp.servers.allow` | `mcp.servers.*` ids | Require every configured MCP server to be in an allowlist. |
187+
| `mcp.servers.deny` | `mcp.servers.*` ids | Deny specific configured MCP server ids. |
188+
189+
#### Model providers
190+
191+
| Policy field | Observed state | Use when |
192+
| ------------------------ | ------------------------------------------------ | ------------------------------------------------------------------------------- |
193+
| `models.providers.allow` | `models.providers.*` ids and selected model refs | Require configured providers and selected model refs to use approved providers. |
194+
| `models.providers.deny` | `models.providers.*` ids and selected model refs | Deny configured providers and selected model refs by provider id. |
195+
196+
#### Network
197+
198+
| Policy field | Observed state | Use when |
199+
| ------------------------------ | ----------------------------------- | ------------------------------------------------------------------ |
200+
| `network.privateNetwork.allow` | Private-network SSRF escape hatches | Set to `false` to require private-network access to stay disabled. |
201+
202+
#### Gateway
203+
204+
| Policy field | Observed state | Use when |
205+
| --------------------------------------- | ---------------------------------------------- | ------------------------------------------------------------ |
206+
| `gateway.exposure.allowNonLoopbackBind` | `gateway.bind` | Set to `false` to require loopback Gateway binding. |
207+
| `gateway.exposure.allowTailscaleFunnel` | Tailscale serve/funnel Gateway posture | Set to `false` to deny Tailscale Funnel exposure. |
208+
| `gateway.auth.requireAuth` | `gateway.auth.mode` | Set to `true` to reject disabled Gateway auth. |
209+
| `gateway.auth.requireExplicitRateLimit` | `gateway.auth.rateLimit` | Set to `true` to require explicit auth rate-limit config. |
210+
| `gateway.controlUi.allowInsecure` | Control UI insecure auth/device/origin toggles | Set to `false` to deny insecure Control UI exposure toggles. |
211+
| `gateway.remote.allow` | Remote Gateway mode/config | Set to `false` to deny remote Gateway mode. |
212+
| `gateway.http.denyEndpoints` | Gateway HTTP API endpoints | Deny endpoint ids such as `chatCompletions` or `responses`. |
213+
| `gateway.http.requireUrlAllowlists` | Gateway HTTP URL-fetch inputs | Set to `true` to require URL allowlists on URL-fetch inputs. |
214+
215+
#### Agent workspace
216+
217+
| Policy field | Observed state | Use when |
218+
| -------------------------------- | ------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- |
219+
| `agents.workspace.allowedAccess` | `agents.defaults.sandbox.workspaceAccess` and `agents.list[].sandbox.workspaceAccess` | Allow only sandbox workspace access values such as `none` or `ro`. |
220+
| `agents.workspace.denyTools` | Global and per-agent tool deny config | Require workspace/runtime mutation tools such as `exec`, `process`, `write`, `edit`, or `apply_patch` to be denied. |
221+
222+
#### Secrets
223+
224+
| Policy field | Observed state | Use when |
225+
| --------------------------------- | -------------------------------------------------------- | ----------------------------------------------------------------------- |
226+
| `secrets.requireManagedProviders` | Config SecretRefs and `secrets.providers.*` declarations | Set to `true` to require SecretRefs to point at declared providers. |
227+
| `secrets.denySources` | Secret provider sources and SecretRef sources | Deny sources such as `exec`, `file`, or another configured source name. |
228+
| `secrets.allowInsecureProviders` | Insecure secret-provider posture flags | Set to `false` to reject providers that opt into insecure posture. |
229+
230+
#### Auth profiles
231+
232+
| Policy field | Observed state | Use when |
233+
| ------------------------------- | -------------------------------------------- | ------------------------------------------------------------------------------------------ |
234+
| `auth.profiles.requireMetadata` | `auth.profiles.*` provider and mode metadata | Require metadata keys such as `provider` and `mode` on config auth profiles. |
235+
| `auth.profiles.allowModes` | `auth.profiles.*.mode` | Allow only supported auth profile modes such as `api_key`, `aws-sdk`, `oauth`, or `token`. |
236+
237+
#### Tool metadata
238+
239+
| Policy field | Observed state | Use when |
240+
| ----------------------- | -------------------------------- | ------------------------------------------------------------------------------------------ |
241+
| `tools.requireMetadata` | Governed `TOOLS.md` declarations | Require governed tools to declare metadata keys such as `risk`, `sensitivity`, or `owner`. |
242+
243+
#### Tool posture
244+
245+
| Policy field | Observed state | Use when |
246+
| ------------------------------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- |
247+
| `tools.profiles.allow` | `tools.profile` and `agents.list[].tools.profile` | Allow only tool profile ids such as `minimal`, `messaging`, or `coding`. |
248+
| `tools.fs.requireWorkspaceOnly` | `tools.fs.workspaceOnly` and per-agent `tools.fs` overrides | Set to `true` to require workspace-only filesystem tool posture. |
249+
| `tools.exec.allowSecurity` | `tools.exec.security` and per-agent exec security | Allow only exec security modes such as `deny` or `allowlist`. |
250+
| `tools.exec.requireAsk` | `tools.exec.ask` and per-agent exec ask mode | Require approval posture such as `always`. |
251+
| `tools.exec.allowHosts` | `tools.exec.host` and per-agent exec host routing | Allow only exec host routing modes such as `sandbox`. |
252+
| `tools.elevated.allow` | `tools.elevated.enabled` and per-agent elevated posture | Set to `false` to require elevated tool mode to stay disabled. |
253+
| `tools.denyTools` | `tools.deny` and `agents.list[].tools.deny` | Require configured tool deny lists to include tool ids or groups such as `group:runtime` and `group:fs`. |
254+
168255
Run policy-only checks during authoring:
169256

170257
```bash

0 commit comments

Comments
 (0)