Documentation

Policy

Canonical policy file, merge order, and rule engines.

Active local policy · Managed by MDMsnake_case

{
  "blocked_domains": ["evil-exfil.example"],
  "enforcement_mode": "monitor",
  // Additional fields available during
  // design partner onboarding
}

Use snake_case in JSON

On-disk keys are enforcement_mode, blocked_domains, ai_agent_processes — not camelCase. Swift models decode both conventions where noted, but fleet exports use snake_case.

Merge order

/Users/Shared/macfirewall_driftcop_policy.json (base)
/Users/Shared/driftcop_fleet_overlay.json (optional fleet)
~/Library/Application Support/MacFirewall/driftcop.config.json
/Library/Application Support/MacFirewall/driftcop.config.json (MDM)

Rule engines

Step FSM

RuleEvaluator — verb sequences, time windows, PID binding

Graph IR

IRExecutionEngine + CompiledIRPolicy — BFS invariants on causal graph

Shields

NPM postinstall sandbox
Python DNS lock
Java EC2 metadata shield
AI shell spawn → human triage

Behavioral detection · Full schema · Runtime paths

Running AI agents on Mac at scale? We'll tune policy with you.

Design partners →