checkrd

Overly broad allow

An allow rule uses a wildcard URL with no narrower constraints, effectively permitting all outbound traffic.

Overly broad allow

An allow rule that matches all methods on all URLs (url: "*" with no method constraint) effectively disables default: deny. Any request — regardless of destination, method, or body — will be permitted by this rule before the default action is even consulted.

This pattern is common during initial development ("allow everything while I figure out the policy") but should be replaced with explicit rules before deploying to production.

Example

yaml
agent: my-agent
default: deny

rules:
  - name: allow-all # matches every outbound call — default: deny is bypassed
    allow:
      url: "*"

Fix

Replace the catch-all rule with explicit allow rules for each API endpoint your agent legitimately needs. Apply the principle of least privilege — allow only what is necessary:

yaml
agent: my-agent
default: deny

rules:
  - name: allow-openai-inference
    allow:
      method: [POST]
      url: "api.openai.com/v1/chat/completions"
  - name: allow-stripe-reads
    allow:
      method: [GET]
      url: "api.stripe.com/v1/**"