Policy Templates

1. Default Deny Policy (Baseline)#

policy:
  default: deny_unknown_capabilities
  enforcement: strict
  capability_registry:
    integrity_required: true
  schema_validation:
    request: required
    response: required
  prompt_injection:
    taint_model: true
    boundary_wrap: true

2. Enterprise Policy (Hardened)#

policy:
  default: deny
  rbac: true
  capability_validation: strict
  egress:
    allowlist:
      - internal.company.tld
  secret_isolation: enforced
  remote_boundary_signing: required
  replay_protection:
    nonce: required
    timestamp: required

3. DePIN Distributed Policy#

policy:
  lease:
    required: true
    fencing: true
    ttl_seconds: 60
  receipts:
    mandatory: true
    metrics: enabled
  sampling:
    enabled: true
    rate: 0.05
  schema_validation: required
  audit:
    append_only: true
    hash_chain: true