Allow supervisor to override egress blocks/allow requests #261

New Issue

Closed

opened 2026-06-24 15:54:26 -04:00 by didericis · 0 comments

didericis commented 2026-06-24 15:54:26 -04:00

Owner

Copy Link

Copy Source

Sometimes the egress dlp rules are a bit too aggressive, and we want to allow a request through. Requests blocked due to tokens should show up in the supervisor so a user can decide whether or not to allow the request.

Easy first pass: have the egress proxy block/wait until a response from the supervisor after a block occurs.

When it's a token block, add the token to a "safe tokens" list that lives in memory (in future may want to persist this).

Sometimes the egress dlp rules are a bit too aggressive, and we want to allow a request through. Requests blocked due to tokens should show up in the supervisor so a user can decide whether or not to allow the request. Easy first pass: have the egress proxy block/wait until a response from the supervisor after a block occurs. When it's a token block, add the token to a "safe tokens" list that lives in memory (in future may want to persist this).

didericis added the Kind/Feature

Priority

High

2

labels 2026-06-24 15:55:38 -04:00

didericis referenced this issue from a commit 2026-06-24 16:12:59 -04:00

PRD 0062: supervisor override for egress token blocks

didericis-claude referenced a pull request that will close this issue 2026-06-24 16:13:19 -04:00

PRD: Egress token-block policy (supervise / redact / block) #262

didericis closed this issue 2026-06-24 21:17:01 -04:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

core-coverage-badge

ratchet-supervise-90

ratchet-manifest-90

ratchet-git-gate-90

ratchet-egress-core-90

ratchet-yaml-subset-90

ratchet-egress-addon-90

cover-global-90

table-drive-dlp-tests

flatten-deep-nesting

decompose-egress-dlp-config

cover-egress-addon-adapter

prd-egress-control-plane

prd-smolmachines-linux

fix-integration-test-failures

fix/macos-container-relative-dockerfile

prd-0054-install-script

commit-bottle-state

pr-211

move-codex-auth-to-contrib

feat/pipelock-skip-scan-extensions

prd-0049-named-labelled-agents

harden-git-gate-shell-rendering

No results found.

Labels

Clear labels

Compat/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

1

The priority is critical

Priority

High

2

The priority is high

Priority

Low

4

The priority is low

Priority

Medium

3

The priority is medium

Reviewed

Confirmed

1

Issue has been confirmed

Reviewed

Duplicate

2

This issue or pull request already exists

Reviewed

Invalid

3

Invalid issue

Reviewed

Won't Fix

3

This issue won't be fixed

Status

Abandoned

3

Somebody has started to work on this but abandoned work

Status

Blocked

1

Something is blocking this issue or pull request

Status

Need More Info

2

Feedback is required to reproduce issue or to continue work

No Label Kind/Feature

Priority

High

2

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: didericis/bot-bottle#261