AI Agent Policy Listing

Source: app.qpoint.io/security/policies

Agent Policies
7
Active Violations
8
Avg Compliance
98
%
Agent Sessions
847
Needs Attention

Destination Allowlist

v1

Default-deny outbound connections. Agents can only reach approved destinations — LLM APIs, sanctioned MCP servers. backboard.railway.app blocked.

Last Updated2026-04-28
RegulationsRuntime Enforcement

Flows Governed

847

Compliance

98
%

Violations

2
Source
Dataflow
Destination
Violation
Time
cursor-agent-7f3a
Credential
S
local filesystem
Read RAILWAY_TOKEN from config
Apr 25, 2:32 PM
cursor-agent-7f3a
Infrastructure
S
backboard.railway.app
Unapproved destination
Apr 25, 2:32 PM
cursor-agent-7f3a
Destructive
S
backboard.railway.app/graphql
volumeDelete mutation
Apr 25, 2:32 PM

Sensitive File Boundary

v1

Ring-fence credential stores. Block agent access to .env, .ssh, .aws, and paths outside the project root before content is loaded.

Last Updated2026-04-26
RegulationsRuntime Enforcement

Flows Governed

847

Compliance

97
%

Violations

1
Source
Dataflow
Destination
Violation
Time
cursor-agent-7f3a
Credential
S
local filesystem
Read RAILWAY_TOKEN from config
Apr 25, 2:32 PM
cursor-agent-7f3a
Infrastructure
S
backboard.railway.app
Unapproved destination
Apr 25, 2:32 PM
cursor-agent-7f3a
Destructive
S
backboard.railway.app/graphql
volumeDelete mutation
Apr 25, 2:32 PM

Trust-Based Progressive Enforcement

v1

Behavioral trip wire. Scores agents on the Lethal Trifecta — external communication, sensitive data access, untrusted content. Auto-escalates enforcement.

Last Updated2026-04-28
RegulationsRuntime Enforcement

Flows Governed

847

Compliance

94
%

Violations

3
Source
Dataflow
Destination
Violation
Time
cursor-agent-7f3a
Credential
S
local filesystem
Read RAILWAY_TOKEN from config
Apr 25, 2:32 PM
cursor-agent-7f3a
Infrastructure
S
backboard.railway.app
Unapproved destination
Apr 25, 2:32 PM
cursor-agent-7f3a
Destructive
S
backboard.railway.app/graphql
volumeDelete mutation
Apr 25, 2:32 PM

Agent Permission Classification

v1

Classify agents by permission level at session start. Elevated agents prohibited on repos with production credentials.

Last Updated2026-04-25
RegulationsFleet Governance

Flows Governed

847

Compliance

97
%

Violations

2
Source
Dataflow
Destination
Violation
Time
cursor-agent-7f3a
Credential
S
local filesystem
Read RAILWAY_TOKEN from config
Apr 25, 2:32 PM
cursor-agent-7f3a
Infrastructure
S
backboard.railway.app
Unapproved destination
Apr 25, 2:32 PM
cursor-agent-7f3a
Destructive
S
backboard.railway.app/graphql
volumeDelete mutation
Apr 25, 2:32 PM
Compliant

Credential Redaction

v1

Flows Governed

847

Compliance

100
%

Violations

0

Destructive Operation Gate

v1

Flows Governed

312

Compliance

100
%

Violations

0

Proxy-Routed Agent Traffic

v1

Flows Governed

847

Compliance

99
%

Violations

1