This is the only page with the full baseline table. After applying it, run the scenarios on What TURI does on Mac and check outcomes against the POC scorecard.
Deployment
Secure baseline
Canonical policy posture — use with scenario labs before production claims.
Recommended deployment
Default install is tuned for observation and low false positives. High-risk AI engineering teams should adopt this baseline before claiming supply-chain or exfil protection.
See scenarios with default vs hardened| Setting | Default | Baseline |
|---|---|---|
enforcement_mode Without enforce, ES and file governors record would-block but do not deny. | monitor (log, allow AUTH) | enforce |
Observation mode (app) Observation projects denies to alerts; use only while learning false positives. | Often on for new installs | Off when tuning is complete |
supply_chain_install_gate Stops or defers package-manager AUTH before postinstall scripts run. | disabled | enabled + npm, pnpm, pip, uv in intercept list |
Behavioral rules (supply chain) npm → node → osascript should not be alert-only in high-risk teams. | transitive_package_execution: alert | Promote to block or pair with gate + HITL |
blocked_domains NE path blocks agentic egress to listed domains. | empty | Org C2 blocklist + exfil destinations |
AI installs Writes supply-chain verdict + capability lineage for semantic contracts. | raw npm / pip from agent | mf wrap npm install … where possible |
Starter policy fragmentFull policy guide →
{
"version": 1,
"enforcement_mode": "enforce",
"supply_chain_install_gate_enabled": true,
"supply_chain_intercept_binaries": ["npm", "pnpm", "yarn", "pip", "pip3", "uv"],
"supply_chain_defer_unknowns": true,
"blocked_domains": ["your-org-blocklist.example"],
"behavioral_network_block_threshold": 100
}