Policy Schema Reference
Complete field reference for Sigil security policy YAML. Use this to generate or validate policy files.
Where to Save Policy Files
Section titled “Where to Save Policy Files”Drop .yml files into the Sigil policy directory. Sigil watches it and reloads any change automatically.
| OS | Path |
|---|---|
| macOS | ~/Library/Application Support/Sigil/policy/ |
| Windows | %LOCALAPPDATA%\Sigil\policy\ |
| Linux | $XDG_DATA_HOME/Sigil/policy/ (or ~/.local/share/Sigil/policy/) |
In the Sigil app, the Security tab → Open Policy Directory opens this folder in the system file manager.
Top-Level Structure
Section titled “Top-Level Structure”version: "1" # optionaldescription: "..." # optional, human-readable description of this policynetwork: # optional, network request interception rules deny: [...] # optional, deny rules (implicit deny-all if omitted with allow present) allow: [...] # optional, exception rulesactions: # optional, agent action restrictions deny: [...] # optional, block specific actions allow: [...] # optional, allow only specific actions| Field | Type | Required | Description |
|---|---|---|---|
version | string | No | Policy schema version. Currently "1". |
description | string | No | Human-readable description of what this policy does. |
network | object | No | Network request interception rules. |
actions | object | No | Agent action restrictions. |
At least one of network or actions must contain rules. A policy with only metadata is rejected.
Network
Section titled “Network”| Field | Type | Required | Description |
|---|---|---|---|
deny | list of rules | No | Rules that block matching requests. If omitted but allow is present, all requests are denied by default. |
allow | list of rules | No | Exception rules that override deny matches. At least one of deny or allow is required. |
Actions
Section titled “Actions”Controls which actions the agent can perform. Deny rules are checked first; allow rules act as exceptions (same evaluation logic as network rules). If allow rules exist but no deny rules, an implicit deny-all (*) is inserted.
| Field | Type | Required | Description |
|---|---|---|---|
deny | list of strings | No | Actions to block. "*" matches all actions. |
allow | list of strings | No | Exception list — actions allowed even if denied. |
Validation rules:
- Action names are case-insensitive (lowercased on load).
- Unknown action names are rejected at load time.
Valid action names: open, snapshot, click, type, key, back, forward, reload, eval, select, extract, tab, wait, upload, hover, tabs, scroll.
The action policy is not consulted for tabs, tab, and snapshot.
Each rule in deny or allow. All specified fields must match (AND logic). Multiple rules in a list use OR logic — first match wins. If a field is omitted, it matches anything.
| Field | Syntax | Matched Against | Description |
|---|---|---|---|
method | Regex (case-insensitive) | HTTP method (r.Method) | Example: "POST|PUT|DELETE|PATCH" |
host | CDP wildcard | Parsed URL host (r.URL.Host) | Includes port if present. Example: "*api.example.com" |
path | Regex | Parsed URL path (r.URL.Path) | Example: "/sync", "^/api/", "/(users|accounts)" |
query | Regex | Parsed URL query string (r.URL.RawQuery) | Example: "action=delete", "action=(delete|archive)" |
header | Regex | Serialized request headers | Headers in wire format: "Name: Value\r\n" per header. Header names use Go canonical form (e.g. Content-Type, Authorization). Example: "Authorization:.*Bearer" |
body | Regex | Request body | Example: "delete|archive" |
Syntax Details
Section titled “Syntax Details”CDP Wildcard (host only)
Section titled “CDP Wildcard (host only)”The host field uses CDP wildcard syntax, not regex:
| Pattern | Meaning |
|---|---|
* | Matches any sequence of characters (zero or more) |
? | Matches exactly one character |
| No wildcards | Exact match |
Regex (method, path, query, header, body)
Section titled “Regex (method, path, query, header, body)”All fields except host use Go regexp syntax. method is automatically case-insensitive ((?i) prefix). All other regex fields are case-sensitive — add (?i) to your pattern if needed.
Regex fields use substring matching by default. Use ^ and $ anchors for exact matching:
| Pattern | Behavior |
|---|---|
/sync | Matches any path containing /sync (e.g. /sync, /sync/data, /old/sync) |
^/sync | Matches paths starting with /sync |
^/sync$ | Matches exactly /sync |
Component-Level Matching
Section titled “Component-Level Matching”Each field is matched against the parsed URL component, not the raw URL string. The request URL is parsed with Go’s url.Parse(), then:
hostmatches againstURL.Host(includes port if present)pathmatches againstURL.Pathquerymatches againstURL.RawQuery
Deny/Allow Evaluation
Section titled “Deny/Allow Evaluation”- If no deny rules are specified but allow rules exist, requests are denied unless they match an allow rule.
- Check deny rules. No match → allowed (default pass-through).
- Deny matched → check allow rules. Match → allowed (exception overrides deny).
- Deny matched, no allow exception → denied.
Examples
Section titled “Examples”Block all writes
Section titled “Block all writes”network: deny: - method: "POST|PUT|DELETE|PATCH"Block a domain
Section titled “Block a domain”network: deny: - host: "*evil.example.com"Block writes to an API with a login exception
Section titled “Block writes to an API with a login exception”network: deny: - method: "POST" host: "*api.example.com"
allow: - method: "POST" host: "*api.example.com" path: "/login"Block destructive actions by request body
Section titled “Block destructive actions by request body”network: deny: - host: "*api.example.com" path: "/sync" body: "delete|archive"
allow: - host: "*api.example.com" path: "/sync" body: "read"Block requests with auth headers
Section titled “Block requests with auth headers”network: deny: - header: "Authorization:.*Bearer"Block DELETE to specific paths
Section titled “Block DELETE to specific paths”network: deny: - method: "DELETE" host: "*api.example.com" path: "^/api/(users|accounts)"Allow only specific domains
Section titled “Allow only specific domains”network: allow: - host: "*.example.com" - host: "docs.google.com"Block specific query parameters
Section titled “Block specific query parameters”network: deny: - host: "*api.example.com" query: "action=(delete|archive)"Block JavaScript execution
Section titled “Block JavaScript execution”actions: deny: - evalRead-only agent (observe but don’t interact)
Section titled “Read-only agent (observe but don’t interact)”actions: deny: ["*"] allow: - extractThe deny: ["*"] is optional here — it is inserted implicitly when only allow is specified. snapshot, tabs, and tab do not need to be listed because they bypass the action policy.
Combined network and action restrictions
Section titled “Combined network and action restrictions”network: allow: - host: "*.example.com"actions: deny: - evalError Messages
Section titled “Error Messages”When a network request is blocked:
request blocked by policy: POST https://api.example.com/sync (rule: host=*api.example.com path=/sync body=delete|archive)When an action is blocked:
action "eval" is blocked by policy