Documentation
Enforcement
Mode matrix per layer — adopt the secure baseline before expecting denies.
Recommended first
Default install is observation-friendly. Before expecting denies on npm or exfil, adopt the secure baseline and run the scenario labs.
| Layer | policy: monitor | policy: enforce | App: observation mode |
|---|---|---|---|
Network Extension | Log flows; allow connections | Drop blocked domains/IPs & behavioral gates | Workflow drops suppressed; integrity paths may still filter |
Endpoint Security (sync) | Allow + log all execution attempts | Process governance, file access control, and supply-chain gating deny unauthorized actions | Workflow rules simulate; platform integrity still enforces |
Behavioral engine (async) | Score & graph; optional notifications | Quarantine, verdict propagation, human-in-the-loop controls | Same scoring; enforcement simulated in UI |
Verdict bridge
Behavioral scores propagate to the sync enforcement layer via a zero-copy bridge. The Endpoint Security extension reads enforcement decisions on the next system call; human-in-the-loop controls suspend execution pending user approval.
Plane 1 · Synchronous
System extension
- ▸ Process governance · file access control
- ▸ Supply-chain gating · command-line detection
- ▸ ~2ms budget — blocks before launch
3 governors13 patternsSupply-chain gate
Plane 2 · Asynchronous
Behavioral engine
- ▸ Ingests telemetry from system extensions
- ▸ Builds causal graph + runs detection rules
- ▸ Propagates verdicts to sync layer via zero-copy bridge
25+ rulesSession replayHuman-in-the-loop
Zero-copy verdict bridge between enforcement planes
Synchronous (system extension)
- 13 built-in command-line detection patterns
- Intent-based policy enforcement and file access governance
- Supply-chain gating on package manager intercept (when enabled)
- Cross-correlation of sensitive file reads with subsequent execution
Asynchronous (behavioral engine)
- Graph-based behavioral detection rules
- Session quarantine and smart notifications
- Anonymized trace sharing for SOC review
Secure baseline · Behavioral detection · Evaluation · Policy
Running AI agents on Mac at scale? We'll tune policy with you.
Design partners →