Choose a template

The first stage is the Build your Claude Code policy dialog. It opens automatically on your first visit, and you can reopen it anytime with the Choose template / Change template button in the editor toolbar.

The dialog has two steps: pick a starting point, then tune add-ons on top of it.

Step 1 — Choose a starting point

Pick one baseline. Each card shows a strictness bar (1–5) and a short tagline, and selecting one automatically pre-selects a recommended set of add-ons that you can adjust in step 2.

Starting point	Strictness	Best for	Includes
Startup	2	Fast-moving teams that want light guardrails with minimal friction	Blocks secrets and .env files, disables bypass-permissions mode, all MCP servers allowed
Small business (Recommended)	3	Most teams — a balanced baseline	Managed MCP servers only, blocks secrets/SSH keys/curl/wget, disables bypass-permissions mode
Enterprise	5	Security-conscious organizations that need hardened controls	Managed MCP only, blocks outbound network tools, blocks privilege escalation, forces Claude.ai login
Start from scratch	—	Building a policy by hand	An empty {} config with no pre-filled rules

Start from scratch is rendered as a distinct dashed card. It begins with an empty policy so you can add only the settings you need, either via the add-ons in step 2 or directly in the editor.

Step 2 — Tune add-ons

Add-ons are small, composable presets that layer on top of your starting point. The header shows how many are currently selected, and a note reminds you which baseline they're layered onto. Toggle any add-on on or off to mix and match.

Conflicts are handled for you

If an add-on conflicts with your current selection (for example, Read-only mode vs. add-ons that allow shell execution), it's shown with a lock icon and disabled, with a short explanation of why. Remove the conflicting selection to re-enable it.

Add-ons are grouped into categories:

Secrets

Add-on	What it does
Block secret files	Denies reading .env, .env.*, secrets/**, SSH keys, AWS credentials, and service-account files
Block cloud & CI tokens	Denies .npmrc, .netrc, .pypirc, kube config, Docker config.json, gcloud creds, and Terraform secrets

Permissions

Add-on	What it does
Read-only mode	Denies Write/Edit/MultiEdit/NotebookEdit and Bash; defaults to plan mode
Block privilege escalation	Denies sudo, su, chmod, chown, and rm -rf; disables bypass-permissions mode
Confirm destructive commands	Prompts before rm, rm -rf, git reset --hard, and git clean
Protect critical config	Blocks edits to .github/**, Dockerfile, docker-compose, Terraform *.tf, and Makefile
Confirm package installs	Prompts before npm/yarn/pnpm, pip/cargo, and brew installs

Network

Add-on	What it does
Block outbound network	Denies WebFetch, WebSearch, curl, wget, and nc/ncat
Block remote shell & transfer	Denies ssh, scp, sftp, rsync, telnet, and DNS lookup tools

MCP servers

Add-on	What it does
Managed MCP servers only	Enables allowManagedMcpServersOnly and blocks unmanaged project servers
Block all MCP servers	Empties the allowlist and disables every MCP server, managed or project-level

Sandbox

Add-on	What it does
Bash sandbox	Runs shell commands inside an isolated sandbox, auto-allowing when sandboxed
Strict sandbox	Requires the sandbox and fails closed if it's unavailable; never auto-allows

Git workflows

Add-on	What it does
Git safe push	Blocks git push/force-push, prompts before commit/merge, and sets commit & PR attribution
Git local only	Blocks all remote git operations and destructive local commands, including the gh CLI

Display & UX

Add-on	What it does
Branded rollout	Adds startup announcements with usage guidelines, sets English as default, uses the stable update channel
Audit & compliance	Enables verbose view mode, turn duration, thinking summaries, and a compliance startup notice

Models

Add-on	What it does
Cheap models only	Defaults to Claude Haiku and enforces a Haiku-only allowlist to cut spend
Budget tier (Haiku + Sonnet)	Allows Haiku and Sonnet, blocks Opus, and caps reasoning effort at medium

Apply your selection

When you're happy with the baseline and add-ons, click Use this policy. The Policy Builder merges the starting point with every selected add-on and loads the result into the editor, where you can review and refine it.