SecurityPolicyCard

components/security/PolicyCard.vue

Policy status card showing compliance metrics, violation counts, and flow stats with sparklines. Green border for compliant (cool), red for active violations (hot).

Credential Redaction

v1

Intercepts file reads and replaces credential patterns with REDACTED_BY_POLICY placeholders

Last Updated2026-04-28
RegulationsRuntime Enforcement

Flows Governed

847

Compliance

100
%

Violations

0
Source
Dataflow
Destination
Violation
Time
cursor-agent-7f3a
Credential
S
local filesystem
Read RAILWAY_TOKEN from config
Apr 25, 2:32 PM
cursor-agent-7f3a
Infrastructure
S
backboard.railway.app
Unapproved destination
Apr 25, 2:32 PM
cursor-agent-7f3a
Destructive
S
backboard.railway.app/graphql
volumeDelete mutation
Apr 25, 2:32 PM
big

Credential Redaction

v1

Intercepts file reads and replaces credential patterns (API keys, bearer tokens, PEM headers) with REDACTED_BY_POLICY. The agent never sees real tokens.

Last Updated2026-04-28
RegulationsRuntime Enforcement

Flows Governed

847

Compliance

100
%

Violations

0

Trust-Based Progressive Enforcement

v1

Behavioral trip wire. Scores agents on the Lethal Trifecta — external communication, sensitive data access, untrusted content. Auto-escalates enforcement.

Last Updated2026-04-28
RegulationsRuntime Enforcement

Flows Governed

847

Compliance

94
%

Violations

3
med

Destination Allowlist

v1

Default-deny outbound connections. Agents can only reach approved destinations — LLM APIs, sanctioned MCP servers. backboard.railway.app blocked.

Flows Governed

847

Compliance

98
%

Violations

2

Agent Permission Classification

v1

Classify agents by permission level at session start. Elevated agents prohibited on repos with production credentials.

Flows Governed

847

Compliance

97
%

Violations

2
small

Sensitive File Boundary

v1

Flows Governed

847

Compliance

97
%

Violations

1

Proxy-Routed Agent Traffic

v1

Flows Governed

847

Compliance

99
%

Violations

1
micro

Destructive Operation Gate

v1

Flows Governed

312

Compliance

100
%

Violations

0
AI Agent Starter Pack — 6 policies across 2 tiers
T3 — Runtime

Credential Redaction

v1

Intercepts every file read by the agent process and replaces credential patterns with REDACTED_BY_POLICY placeholders.

Last Updated2026-04-28
RegulationsRuntime Enforcement

Flows Governed

847

Compliance

100
%

Violations

0

Destination Allowlist

v1

Default-deny for outbound connections. Agents reach only LLM APIs, sanctioned MCP servers, and approved SaaS.

Last Updated2026-04-28
RegulationsRuntime Enforcement

Flows Governed

847

Compliance

98
%

Violations

2

Sensitive File Boundary

v1

Ring-fence credential stores. Alert or block agent access to paths likely to contain secrets before content scanning.

Last Updated2026-04-26
RegulationsRuntime Enforcement

Flows Governed

847

Compliance

97
%

Violations

1

Destructive Operation Gate

v1

Human-in-the-loop for irreversible actions. Destructive operations pause for explicit human confirmation.

Last Updated2026-04-27
RegulationsRuntime Enforcement

Flows Governed

312

Compliance

100
%

Violations

0

Trust-Based Progressive Enforcement

v1

Continuously scores agent behavior across the Lethal Trifecta. As risk accumulates, enforcement tightens automatically.

Last Updated2026-04-28
RegulationsRuntime Enforcement

Flows Governed

847

Compliance

94
%

Violations

3

Proxy-Routed Agent Traffic

v1

All agent outbound traffic must route through the enterprise security proxy. Direct connections blocked. Leverages existing proxy security stack.

Last Updated2026-04-28
RegulationsRuntime Enforcement

Flows Governed

847

Compliance

99
%

Violations

1
T1 — Inventory

Agent Permission Classification

v1

Classify every agent by permission level at session start. Enforce org rules about which classifications are permitted per context.

Last Updated2026-04-25
RegulationsFleet Governance

Flows Governed

847

Compliance

97
%

Violations

2
components/security/PolicyCard.vue

Usage

<SecurityPolicyCard name = "—" :version = "1" state = "cool" size = "big" description = "—" lastUpdated = "—" regulations = "—" :flowsGoverned = "—" :flowsData = "[]" :compliance = "—" :complianceData = "[]" :violations = "—" :violationsData = "[]" :violationSamples = "[]" />

Props

PropTypeDefaultDescription
nameStringPolicy name (required)
version[String, Number]'1'Version label shown top-right
stateString'cool''cool' (green, compliant) or 'hot' (red, violations)
sizeString'big''big' | 'med' | 'small' | 'micro'
descriptionString''Policy description (shown in big + med)
lastUpdatedString''Date string shown in big size only
regulationsString''Regulation names shown in big size only
flowsGovernedNumberFlow count (auto-abbreviated, e.g. 12000 → 12k) (required)
flowsDataArray<{count: number}>[]Sparkline data points for flows
complianceNumberCompliance percentage 0–100 (required)
complianceDataArray<{count: number}>[]Sparkline data points for compliance
violationsNumberViolation count — turns red when > 0 (required)
violationsDataArray<{count: number}>[]Sparkline data points for violations
violationSamplesArray[]Violation records to display in an adjacent table. When non-empty, renders SecurityViolationsTable beside the card with a "Violation Samples X of Y" footer and Remediate button.

Related