Skip to content
Clasper Core

Policy Cookbook

Policy Cookbook

Section titled “Policy Cookbook”

This page provides example policies for common governance patterns. Use these as starting points and adapt them to your environment.

For policy condition reference, see Governance.

Safe Browser

Section titled “Safe Browser”

Allow browser automation only when the target is constrained and network access is controlled.

Allow browser within path scope

Section titled “Allow browser within path scope”
policy_id: allow_browser_scoped_paths
scope:
  tenant_id: t1
subject:
  type: adapter
conditions:
  tool: browser
  context:
    targets:
      paths:
        any_under: ["/allowed/projects/*"]
effect:
  decision: allow
explanation: Allow browser automation when targets are under allowed project paths.
precedence: 100

Require approval for browser with external network

Section titled “Require approval for browser with external network”
policy_id: require_approval_browser_external_network
scope:
  tenant_id: t1
subject:
  type: adapter
conditions:
  tool: browser
  context:
    external_network: true
effect:
  decision: require_approval
explanation: Browser with external network access requires human approval.
precedence: 80

Deny marketplace browser with elevated privileges

Section titled “Deny marketplace browser with elevated privileges”
policy_id: deny_marketplace_browser_elevated
scope:
  tenant_id: t1
subject:
  type: adapter
conditions:
  tool: browser
  context:
    elevated_privileges: true
  provenance:
    source: marketplace
effect:
  decision: deny
explanation: Deny marketplace skills from running browser with elevated privileges.
precedence: 200

Per-Agent Policies

Section titled “Per-Agent Policies”

Scope policies to specific agents using agent_id or agent_role. Adapters include these in the execution request.

Allow only trusted agent for shell

Section titled “Allow only trusted agent for shell”
policy_id: allow_trusted_agent_shell
scope:
  tenant_id: t1
subject:
  type: adapter
conditions:
  agent_id: agent-prod-001
  capability: shell.exec
effect:
  decision: allow
explanation: Allow shell execution only from the designated production agent.
precedence: 100

Require approval for researcher role

Section titled “Require approval for researcher role”
policy_id: require_approval_researcher
scope:
  tenant_id: t1
subject:
  type: adapter
conditions:
  agent_role: researcher
  capability: browser
effect:
  decision: require_approval
explanation: Researcher agents using browser require human approval.
precedence: 80

Controlled Execution

Section titled “Controlled Execution”

Govern shell and runtime execution with path and command constraints.

Allow exec with argv0 allowlist

Section titled “Allow exec with argv0 allowlist”
policy_id: allow_exec_argv0_allowlist
scope:
  tenant_id: t1
subject:
  type: adapter
conditions:
  tool_group: runtime
  context:
    exec:
      argv0:
        in: ["node", "python", "npx"]
effect:
  decision: allow
explanation: Allow execution when argv0 is in the approved list.
precedence: 90

Deny marketplace shell with network

Section titled “Deny marketplace shell with network”
policy_id: deny_marketplace_shell_exec_with_network
scope:
  tenant_id: t1
subject:
  type: adapter
conditions:
  capability: shell.exec
  context:
    external_network: true
  provenance:
    source: marketplace
effect:
  decision: deny
explanation: Deny marketplace skills that request shell execution with external network access.
precedence: 200

Require approval for high-risk exec

Section titled “Require approval for high-risk exec”
policy_id: require_approval_high_risk_exec
scope:
  tenant_id: t1
subject:
  type: adapter
conditions:
  tool_group: runtime
  risk_level: high
effect:
  decision: require_approval
explanation: High-risk runtime execution requires approval.
precedence: 70

Restricted Messaging

Section titled “Restricted Messaging”

Control messaging and external communication tools.

Require approval for messaging tools

Section titled “Require approval for messaging tools”
policy_id: require_approval_messaging
scope:
  tenant_id: t1
subject:
  type: adapter
conditions:
  tool:
    in: ["message", "slack", "whatsapp_login", "discord"]
effect:
  decision: require_approval
explanation: Messaging tools require human approval before sending.
precedence: 75

Deny marketplace messaging

Section titled “Deny marketplace messaging”
policy_id: deny_marketplace_messaging
scope:
  tenant_id: t1
subject:
  type: adapter
conditions:
  tool:
    in: ["message", "slack", "whatsapp_login", "discord"]
  provenance:
    source: marketplace
effect:
  decision: deny
explanation: Deny marketplace skills from using messaging tools.
precedence: 200

Fallback Rule (Extensible Adapters)

Section titled “Fallback Rule (Extensible Adapters)”

For adapters like OpenClaw that can gain new tools via skills, add a low-precedence fallback so unknown tools do not run silently.

policy_id: fallback_require_approval_unknown_tools
scope:
  tenant_id: t1
subject:
  type: adapter
conditions: {}
effect:
  decision: require_approval
explanation: No matching policy; require approval for unknown tools. Create a policy from trace to tighten coverage.
precedence: 0
Section titled “Related”
  • Governance — Policy model, conditions, approvals
  • Operations — Traces, decision replay, create policy from trace

Starter Packs

Section titled “Starter Packs”

Install the built-in starter templates locally:

Terminal window
clasper-core policy install safe-defaults

This writes templates into ./policies/safe-defaults/ and does not auto-activate them in Core.