-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathagent-monitor.yaml
More file actions
59 lines (51 loc) · 1.7 KB
/
agent-monitor.yaml
File metadata and controls
59 lines (51 loc) · 1.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# Example AIP Policy Manifest - Monitor Mode (Dry Run)
#
# This policy operates in "monitor" mode, which allows all requests through
# but logs violations to the audit file. Use this mode to:
# - Test new policies before enforcement
# - Understand agent behavior in production
# - Gradually roll out stricter policies
#
# Usage:
# aip-proxy --target "python mcp_server.py" --policy examples/agent-monitor.yaml
#
# Check audit log for violations:
# cat aip-audit.jsonl | jq 'select(.violation == true)'
apiVersion: aip.io/v1alpha1
kind: AgentPolicy
metadata:
name: code-review-agent-monitor
version: "1.0.0"
owner: platform-team@company.com
spec:
# MONITOR MODE: Violations are logged but requests pass through
# Change to "enforce" to block violations
mode: monitor
# Tools that this agent is allowed to invoke.
# In monitor mode, tools NOT in this list will be logged as violations
# but still allowed through.
allowed_tools:
# GitHub read operations
- github_get_repo
- github_list_pulls
- github_get_pull
- github_list_commits
# GitHub write operations (limited)
- github_create_review
- github_add_comment
# Filesystem operations (read-only)
- read_file
- list_directory
# Argument-level validation rules
# In monitor mode, failed argument validation is logged but allowed
tool_rules:
- tool: fetch_url
allow_args:
# Only allow HTTPS URLs from trusted domains
url: "^https://(github\\.com|api\\.github\\.com)/.*"
- tool: run_query
allow_args:
# Only allow read-only queries
query: "^SELECT\\s+.*"
# Only allow specific databases
database: "^(analytics|reporting)$"