deterministic-agent-control-protocol/examples/coding-agent.policy.yaml at main · elliot35/deterministic-agent-control-protocol · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
version: "1.0"
name: "coding-agent"
description: "Policy for AI coding agents (Cursor, Claude Code, Codex) operating on a project"

capabilities:
  - tool: "file:read"
    scope:
      paths:
        - "./src/**"
        - "./tests/**"
        - "./package.json"
        - "./tsconfig.json"
        - "./README.md"
  - tool: "file:write"
    scope:
      paths:
        - "./src/**"
        - "./tests/**"
  - tool: "file:delete"
    scope:
      paths:
        - "./src/**"
        - "./tests/**"
  - tool: "file:move"
    scope:
      paths:
        - "./src/**"
        - "./tests/**"
  - tool: "file:copy"
    scope:
      paths:
        - "./src/**"
        - "./tests/**"
  - tool: "directory:list"
    scope:
      paths:
        - "./**"
  - tool: "directory:create"
    scope:
      paths:
        - "./src/**"
        - "./tests/**"
  - tool: "command:run"
    scope:
      binaries:
        - "npm"
        - "npx"
        - "node"
        - "tsc"
        - "git"
        - "echo"
        - "cat"
        - "ls"
  - tool: "git:diff"
    scope:
      repos: ["."]
  - tool: "git:apply"
    scope:
      repos: ["."]
  - tool: "git:status"
    scope:
      repos: ["."]
  - tool: "git:commit"
    scope:
      repos: ["."]
  - tool: "env:read"
    scope: {}

limits:
  max_runtime_ms: 1800000    # 30 minutes
  max_files_changed: 30
  max_output_bytes: 10485760  # 10MB
  max_cost_usd: 5.0

gates:
  - action: "file:delete"
    approval: "human"
    risk_level: "high"

  - action: "file:move"
    approval: "auto"
    risk_level: "medium"

  - action: "git:commit"
    approval: "auto"
    risk_level: "medium"

  - action: "command:run"
    approval: "human"
    risk_level: "high"
    condition: "outside_scope"

evidence:
  require: ["checksums", "diffs"]
  format: "jsonl"

forbidden:
  - pattern: "**/.env"
  - pattern: "**/.env.*"
  - pattern: "**/credentials*"
  - pattern: "**/secrets*"
  - pattern: "curl | sh"
  - pattern: "wget | sh"
  - pattern: "npm publish"
  - pattern: "git push --force"

session:
  max_actions: 200
  max_denials: 20
  rate_limit:
    max_per_minute: 60
  escalation:
    - after_actions: 50
      require: human_checkin
    - after_minutes: 15
      require: human_checkin

remediation:
  rules:
    - match: "ENOENT"
      action: "retry"
    - match: "EACCES"
      action: "abort"
  fallback_chain: ["retry", "skip", "abort"]