Policy Recipes
Copy-paste policies for the scenarios users hit most often. Every recipe on this page:
- Starts from a one-paragraph problem statement in plain language.
- Ships a complete, annotated
policy.yaml-- ready to drop into the dashboard or your localcontrolzero.yaml. - Lists exactly what gets blocked and what gets allowed, with the
extracted action and
reason_codefor each case. - Has a machine-readable
scenarios.jsonfixture that CI runs on every push, so the docs cannot drift from enforcement behavior.
New here? Start with Read-only database -- it is the canonical example and the one most customers wire up first.
Shipped recipes
| # | Recipe | What it solves |
|---|---|---|
| 1 | Read-only database | Agent can SELECT but never DROP. Piggyback-proof. |
| 2 | Block secrets and PII egress | LLM calls allowed, but API keys / SSNs / cards never leave. |
| 3 | Dev warns, prod denies | One policy, two postures: soft in dev, hard in prod. |
| 4 | LLM model allow-list | Only the models you have vetted can be called. |
| 5 | Scoped file access | Read/write your repo and /tmp; deny SSH keys, AWS creds, /etc. |
| 6 | Block outbound network | Stop curl / wget / ssh / nc from exfiltrating data. |
| 7 | Multi-tenant isolation | Team A agents never touch Team B resources. |
| 8 | Tamper response | Four postures when the bundle is altered: warn, deny, deny-all, quarantine. |
Coming soon
Six recipes are blocked on features that are either in flight or
need doc surfacing. Reach out via support with the TODO-RECIPE-NN
tag if you want one prioritized.
| # | Recipe | Blocked on | Tracking |
|---|---|---|---|
| 9 | Approval flow for destructive actions | Phase 4 approvals feature | TODO-RECIPE-09 |
| 10 | Time-windowed access | Condition DSL for time + principal matching | TODO-RECIPE-10 |
| 11 | Alert on repeated denies | Alert-rule builder (new feature) | TODO-RECIPE-11 |
| 12 | Git branch-scoped operations | Shell extractor (T4 -- spec landed, SDK copies in flight) | TODO-RECIPE-12 |
| 13 | Rate-limit per org | Feature exists, needs doc surfacing + condition DSL | TODO-RECIPE-13 |
| 14 | Prompt-level PII redaction | Feature exists, needs doc surfacing | TODO-RECIPE-14 |
The recipe format
Every recipe page follows the same template so you can skim quickly:
- The problem -- one paragraph in the user's voice.
- The policy -- full YAML, copy-paste ready.
- Why it works -- which extractor runs, which rule matches, which decision fires.
- What gets blocked -- table with extracted action, decision,
reason_code. - What gets allowed -- table with extracted action, decision,
reason_code. - Test it yourself -- single
controlzero test-policycommand and the scenarios fixture that backs the tables above. - Caveats -- what the recipe does NOT cover. Honest about the gaps so you pair it with a second recipe or a tool-layer control.
- Related recipes -- the next two or three you will likely want.
How the test fixtures work
Each recipe under docs-site/docs/recipes/ has a matching fixture
at tests/fixtures/enforcement-spec/recipes/{recipe-name}/ in the
main repo:
policy.yaml-- byte-identical to the YAML shown in the recipe.scenarios.json-- an array of{input, expected}cases covering at least one allow, one deny, one piggyback attempt, and one "falls through to default" case per recipe.
A driver at
tests/fixtures/enforcement-spec/recipes/test-recipes.py iterates
every recipe directory on every CI run and asserts decision +
reason_code + extracted method match the expectations. If a recipe
page ever contradicts what the code actually does, CI goes red.
Adding a recipe
Recipes are product statements, not just docs pages. Before you write one, ask:
- Is it a problem at least three customers have asked about?
- Can the product actually enforce it today?
- Is there one policy that fits 80% of the shape, with caveats listed for the other 20%?
If all three answers are yes, follow the format above and add both the markdown file AND the fixture directory in the same PR. The CI driver does the rest.
If the answer to question 2 is "not yet," contact support so the
roadmap team can file the gap, add the recipe to the "Coming soon"
table above with a fresh TODO-RECIPE-NN tag, and stop. A
half-working recipe is worse than no recipe.