Risk dashboard
Workspace: demo-workspace·Member: demo-operator
Risk levels are produced by the package scanner at publish time and refreshed on each install. v0.1 scanner status is heuristic-stub-v0; never clean. Open approvals come from policy rules that fire on_match: require_explicit_operator_approval. See apai.policy.v0.1.
v0.1: no auth, no real persistence. This dashboard shows realistic demo data that matches the shapes the Phase 4 backend will emit. Open-approval rule IDs (e.g. no-production-deploy, no-external-send) are illustrative for the coding-safe-mode policy; real policy packs may use any rule-ID scheme. Once auth + DB land, the same UI swaps to real data without changes.
See honest status ->No installed packages classified high risk.
Limited write or external-call capability.
Installed packages by risk
Grouped from highest to lowest. Each entry links to its install record.
Limited write or external-call capability requested. Approval flow on by default. Review surface before extending.
- enabledCostGuardv0.1.0-preview·local_cli·local-toolInstalled May 12, 5:30 PM·upgrade from v0.0.9
- enabledMCP Auditv0.1.0-preview·claude_code·local-toolInstalled May 13, 3:15 PM
No persistent writes outside the decision log. Conversation-scoped or read-only operations.
- enabledCoding Safe Modev0.1.0·claude_code·local-toolInstalled May 13, 7:30 PM·upgrade from v0.0.9
- enabledPrompt Preflight Starterv0.1.0·claude·cloud-sandboxInstalled May 13, 5:30 PM
- disabledDoc Briefv0.1.0·chatgpt·cloud-sandboxInstalled May 11, 5:30 PM
Open approvals
Pending operator decisions from active policy rules.
- pending
CostGuard
Medium riskCostGuard attempted a production-side configuration change without operator approval. Policy pack coding-safe-mode requires explicit operator approval before production deploys.
Requested 12 minutes ago·appr_01HXY9A1B2C3D4E5F6G7H8J...Approvals are read-only in v0.1. Approve/deny lands in Phase 4 (CLI + UI). - pending
Coding Safe Mode
Low riskTool call requested a destructive filesystem operation (recursive delete) outside the allowed scope. Policy pack coding-safe-mode requires explicit operator approval for destructive ops.
Requested 34 minutes ago·appr_01HXY9B2C3D4E5F6G7H8J9K...Approvals are read-only in v0.1. Approve/deny lands in Phase 4 (CLI + UI). - pending
Coding Safe Mode
Medium riskTool call attempted an outbound external send to a host not in the workspace allowlist. Policy pack coding-safe-mode requires explicit operator approval for external sends.
Requested 1 hour ago·appr_01HXY9C3D4E5F6G7H8J9K0L...Approvals are read-only in v0.1. Approve/deny lands in Phase 4 (CLI + UI).
Recent receipts by risk
Top 5 receipts ordered highest risk first, then most recent.
- success
mcp-audit
Medium riskv0.1.0-preview·codex_cli·local-tool·May 13, 8:04 PMrcpt_01HXY8N4P5Q6R7S8T9V0W1X2Y3 - success
mcp-audit
Medium riskv0.1.0-preview·codex_cli·local-tool·May 13, 4:42 PMrcpt_01HXY8M3N4P5Q6R7S8T9V0W1X2 - success
mcp-audit
Medium riskv0.1.0-preview·claude_code·local-tool·May 13, 3:15 PMrcpt_01HXY8K2L3M4N5P6Q7R8S9T0V1 - partial
costguard
Medium riskv0.1.0-preview·local_cli·local-tool·May 12, 5:30 PMrcpt_01HXY5E6H7K0M1N2P3Q4R5S6T7 - success
coding-safe-mode
Low riskv0.1.0·claude_code·local-tool·May 13, 7:30 PMrcpt_01HXY7G8K9M2P3Q4R5S6T7U8V9W
Scanner status across all v0.1 packages is heuristic-stub-v0. Real signature verification and trust-root checks ship in v0.2; see apai.provenance.v0.1 for the boundary.