# yaml-language-server: $schema=https://occasio.ai/schemas/occasio-policy.schema.json # Occasio policy — dev-default template (generated by: occasio policy init) # # Default posture: governance on, blocking on, no path restrictions. # All flags are at their built-in defaults; the tools: block is shown # commented for reference. Edit this file to customise. Changes take # effect immediately on the next tool call (no proxy restart). # # occasio policy show — view the active policy with annotations # occasio policy validate — check this file for errors before using it # occasio policy init --template strict — switch to a locked-down preset # occasio policy init --template finance — switch to the finance-oriented preset version: 1 # ── Global flags ────────────────────────────────────────────────────────────── # Block the request when a tool result contains a recognised secret pattern. # The model never sees the secret; a policy-refusal response is returned instead. block_secrets_in_tool_results: true # Redact secrets in-place (replace with [REDACTED]) rather than blocking outright. # To use: set this to true and set block_secrets_in_tool_results to false. redact_secrets_in_tool_results: false # Distil long tool outputs (file reads, grep results) before sending to the # model. Reduces token cost; the full raw output is still saved locally. distill_tool_results: false # Block outbound requests once the session spend reaches the --budget limit. block_requests_over_budget: true # ── Per-tool routing (optional) ─────────────────────────────────────────────── # Uncomment the tools: block below to override routing for specific tools. # # IMPORTANT: when tools: is present it replaces the built-in defaults entirely. # Any tool not listed here will PASS to the cloud. List every tool you want # to keep running locally. # # Available actions: # LOCAL — execute locally, result never leaves your machine # TRANSFORM — execute locally, then apply a shaping step before sending # PASS — skip local execution, let the cloud handle it # # Available transforms: redact-secrets, distill-output # Chaining: set both redact_secrets_in_tool_results and distill_tool_results # to true to apply redact → distil automatically on all LOCAL tools. # # tools: # # # Distil grep output to send only matched lines, not the full corpus: # grep: # action: TRANSFORM # transform: distill-output # # # Redact secrets from file reads (replaces recognised patterns): # read_file: # action: TRANSFORM # transform: redact-secrets # # # Always route shell commands locally (default behaviour, shown for reference): # shell_bash: # action: LOCAL # classifier: bash-allowlist # ── Path-based access control (optional) ────────────────────────────────────── # Block or allow filesystem paths regardless of tool routing. Applies to # read_file, find_files, and grep. Path entries may use ~ for the user home # directory; comparisons are case-insensitive on Windows. # # deny_paths: # - ~/.ssh # - ~/.aws # - ~/.config/gcloud # # allow_paths: # - ~/projects # ── Custom deny patterns (optional) ─────────────────────────────────────────── # Extend the built-in secret scanner with your own regexes. Patterns are # JavaScript RegExps; escape backslashes for YAML. # # deny_patterns: # internal-jwt: "eyJ[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+" # internal-ticket: "INC-[0-9]{6,}"