Policies
A policy is a versioned bundle of rules every sensor enforces locally. Change it here, test it in the Lab, publish with approval, roll back any time.
Test in LabDraft change
All packsSecretsPersonal identifiersSource codeCustomer dataRegulatedCustom
RuleDetectorActionScopeMatches
API keys & bearer tokensSecrets · CriticaldeterministicBlockAll surfaces17 · 24H
Private key blocksSecrets · CriticaldeterministicBlockAll surfaces0 · 24H
Cloud credentials & DB URLsSecrets · CriticalhybridBlockAll surfaces2 · 7D
Email & phonePersonal identifiers · HighdeterministicRedactAll surfaces121 · 24H
Government IDs & cardsPersonal identifiers · CriticalhybridBlockAll surfaces1 · 7D
.env & config patternsSource code · HighdeterministicRedactIDE · agents38 · 24H
Proprietary code spansSource code · Mediumlocal modelMetadata onlyBrowser AI26 · 24H
Customer & contract IDsCustomer data · High · 3 false-positive reports this weekhybridRedactSupport · Sales122 · 24H
Account referencesCustomer data · Mediumlocal modelMetadata onlySupport44 · 24H
Financial account dataRegulated · CriticalhybridBlockAll surfaces0 · 30D
Medical & health dataRegulated · Criticallocal modelQuarantineAll surfaces0 · 30D
Project codenamesCustom · Low · draft · Draft — ships with v13deterministicRedactBrowser AI9 · 24H
Change history
Every publish is approved, logged, and reversible.
v12Added account-references rule (metadata-only) · tightened customer-ID scope to Support + SalesJun 6 · by M. Kublin · approved by O. Bibring · live on 18 sensors
v11Raised proprietary-code action from report-only to metadata-onlyMay 19 · by M. Kublin · approved by O. Bibring · 2 sensors still hereRoll back to v11
v10Initial regulated-content pack · enabled local classifier on all packsMay 2 · by Security · approved by O. Goldberg · supersededRoll back to v10
v9Baseline: secrets + PII packs, block + redact actionsApr 14 · by Security · approved by O. Bibring · supersededRoll back to v9
