checkrd

Overly broad allow

An allow rule uses a wildcard URL with no narrower constraints, effectively permitting all outbound traffic.

Overly broad allow

An allow rule that matches all methods on all URLs (url: "*" with no method constraint) effectively disables default: deny. Any request, regardless of destination, method, or body, will be permitted by this rule before the default action is even consulted.

This pattern is common during initial development ("allow everything while I figure out the policy") but should be replaced with explicit rules before deploying to production.

Example

yaml
default: deny

rules:
  - name: allow-all # matches every outbound call - default: deny is bypassed
    allow:
      url: "*"

Fix

Replace the catch-all rule with explicit allow rules for each API endpoint your agent legitimately needs. Apply the principle of least privilege; allow only what is necessary:

yaml
default: deny

rules:
  - name: allow-openai-inference
    allow:
      method: [POST]
      url: "api.openai.com/v1/chat/completions"
  - name: allow-stripe-reads
    allow:
      method: [GET]
      url: "api.stripe.com/v1/**"