deterministic-agent-control-protocol/integrations/claude-code/policy.yaml at main · elliot35/deterministic-agent-control-protocol · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# Claude Code governance policy
# Governs what the filesystem MCP server can do when used through the proxy

version: "1.0"
name: "claude-code-governance"
description: "Policy governing Claude Code's access to filesystem via MCP proxy"

capabilities:
  # Read operations (allowed)
  - tool: "read_file"
    scope: {}
  - tool: "read_text_file"
    scope: {}
  - tool: "read_multiple_files"
    scope: {}
  - tool: "read_media_file"
    scope: {}

  # Write/edit operations (allowed)
  - tool: "write_file"
    scope: {}
  - tool: "edit_file"
    scope: {}

  # Directory listing (allowed)
  - tool: "list_directory"
    scope: {}
  - tool: "list_directory_with_sizes"
    scope: {}
  - tool: "list_allowed_directories"
    scope: {}

  # Search (allowed)
  - tool: "search_files"
    scope: {}
  - tool: "get_file_info"
    scope: {}

  # Intentionally NOT including these — they will be DENIED:
  #   - create_directory
  #   - move_file
  #   - directory_tree

limits:
  max_runtime_ms: 3600000  # 1 hour

gates: []

evidence:
  require: []
  format: "jsonl"

forbidden:
  - pattern: "**/.env"
  - pattern: "**/.env.*"
  - pattern: "**/secrets*"
  - pattern: "**/credentials*"
  - pattern: "**/.git/config"

session:
  max_actions: 200
  max_denials: 30
  rate_limit:
    max_per_minute: 60