Policy recipes
Copy-paste policy configurations for common use cases. All recipes use the structured policy editor — no Cedar knowledge required.
GitHub recipes
Read-only agent
Block all write and destructive tools. The agent can search, list, and read but cannot create branches, push files, or open PRs.
| Field | Value |
|---|---|
| Effect | Forbid |
| Service | GitHub |
| Principal | All members |
| Tools | All write tier + all destructive tier |
Write tier: add_comment_to_pending_review, add_issue_comment, add_reply_to_pull_request_comment, create_branch, create_or_update_file, create_pull_request, issue_write, pull_request_review_write, push_files, request_copilot_review, sub_issue_write, update_pull_request, update_pull_request_branch
Destructive tier: create_repository, delete_file, fork_repository, merge_pull_request
Block destructive tools only
Allow reads and writes but forbid permanent deletions and merges.
| Field | Value |
|---|---|
| Effect | Forbid |
| Service | GitHub |
| Tools | delete_file, merge_pull_request |
Business-hours-only writes
Permit write tools only Mon–Fri 09:00–17:00. Outside that window, no write policy matches and the default deny applies.
| Field | Value |
|---|---|
| Effect | Permit |
| Service | GitHub |
| Tools | All write tier |
| Time constraints | Days: Mon–Fri / Hours: 09–17 |
Restrict to specific repos
Limit an agent to a single repository or organisation.
| Field | Value |
|---|---|
| Effect | Permit |
| Service | GitHub |
| Tools | (all tools you want to allow) |
| Repo restrictions | owner: my-org, repo: my-repo |
Slack recipes
Read-only Slack agent
Block sending messages and reactions.
| Field | Value |
|---|---|
| Effect | Forbid |
| Service | Slack |
| Tools | slack_send_message, slack_send_message_draft, slack_schedule_message, slack_reply_to_thread, slack_add_reaction, slack_update_message, slack_delete_message |
Restrict to specific channels
Allow messaging only in approved channels.
| Field | Value |
|---|---|
| Effect | Permit |
| Service | Slack |
| Tools | slack_send_message, slack_reply_to_thread |
| Channel restrictions | (add channel IDs from the picker) |
Linear recipes
Read-only Linear agent
Block issue/project writes, comments, and deletions.
| Field | Value |
|---|---|
| Effect | Forbid |
| Service | Linear |
| Tools | save_issue, save_comment, save_project, save_document, save_milestone, create_issue_label, delete_comment, delete_attachment |
Block destructive Linear tools
Allow creating and editing but forbid permanent deletion.
| Field | Value |
|---|---|
| Effect | Forbid |
| Service | Linear |
| Tools | delete_comment, delete_attachment |
Going further
- Scope to resources — restrict policies to specific repos, channels, teams, or resource attributes (public-only, protected branches, production deployments): Scope policies to resources
- Session circuit breakers — lock a session down after repeated denials: Tool sessions
- Simulate first — replay recent traffic against a draft before enabling it: Preview and simulate