← c15c15 / wf1 - Persona App (Direction D build) / Egress Matrix·persona-app-v1-v1 · 2026-06-03 · draft
Qpoint
QP
← Security/Egress Control Matrix
Net-new · not in wf1

Security · Egress control (shared with Engineering) also Engineering

Which agents may reach which destinations — and where the policy has holes.

A 2D allow/deny matrix across every agent and every destination class. The gaps — allowed cells that should be blocked, and uncovered egress — are the work.

Default Stance

Egress stance: default-allow

Warning: default-allow permits all outbound traffic that no rule explicitly blocks. Anything unseen is implicitly allowed.

Uncovered egress

11%

Outbound flows matched by no policy rule.

Egress Control Matrix

Agents (rows) × destination classes (columns). Allowed cells against unapproved or unknown destinations are gaps.

Approved LLMs

Unapproved LLMs

high risk

Tool APIs

watch

Internal

Unknown

high risk

claude-code-prod
data-pipeline-agent
cursor-ide
·
support-copilot
gap
marketing-gpt
gap
·
gap

Legend

allowed blocked observe-only· none / no trafficgap allowed but should be blocked

Policy Rules

Ordered rules evaluated against every outbound flow. One critical rule is off.

Deny all agents → Unapproved LLMs (except: none)enabled
Allow Data team → Anthropic (api.anthropic.com)enabled
Observe Tool APIs — log, do not blockenabled
Deny all agents → Unknown destinationsenabled
Require owner before egress (block unowned agents)disabled

Recently Blocked / Uncovered

Latest egress decisions — including flows no rule covered.

AgentDestinationActionWhen
marketing-gptapi.openai.comUNMONITORED40m ago
support-copilotapi.together.aiBLOCKED1h ago
data-pipeline-agent198.51.100.24:443UNMONITORED3h ago

Under default-allow, unmonitored flows are permitted. Switching to default-deny would block the two UNMONITORED rows above until a rule covers them.