Policies
Per-tenant policy configuration. Today: AI provider/model gating and token budgets. Endpoint policies (registry, security baselines) coming with policy engine v2.
Tenants
0
With AI policy
0
Without policy
0
AI provider policies
Controls which AI providers and models each tenant can dispatch to. Edited via the AI Router admin (mutate via PATCH /api/v1/ai-router/policies/:tenantId).
Loading…
Automation policies
Which automation kinds (bash / claude_session / aegis / http) each tenant can use.
Currently enforced at the worker pool level via tenant-scoped automation lookups. UI-side policy editor not yet implemented.
Credential policies
Rotation cadence, expiry, who can reveal, MFA requirements.
Per-credential settings live in /dashboard/credentials. Tenant-wide defaults coming with policy engine v2.
Endpoint hardening
Required Windows/Linux/macOS configuration (services, firewall, GPO).
Out of scope for v1. Will integrate with the AEGIS daemon's baseline-check capability when available.
Hat assignment
Which Erin hats are usable by each tenant's agents.
Edit hat scope (TENANT vs GLOBAL) directly in /lexicon/hats.