Documentation
security-ic-production-policy-drafter
arxsec-site / reference-agents/security-ic-production-policy-drafter/README.md
> Drafts security policies and control documentation from control frameworks and current state assessments. CISO reviews and approves.
Cell: security.ic · Shape: production · Source: arx-reference
Reference agent conforming to MANIFEST_FRAMEWORK.md. Apache 2.0 — fork, modify, or replace; the governance layer underneath stays.
What it does
Given a list of control domain IDs:
- Pulls supporting context through ARX-governed connectors
- Applies the security policy drafting logic
- Returns a structured policy draft for human review (or
auto-action if within declared low-risk scope)
- Streams every action to the customer's hash-chained personnel record
Governance posture
- Onboarding — credentials issued at runtime, scoped per-call
- Supervision — writes to github, confluence require manager approval
- Evaluation — drift detection against
manifests/job_description.yaml - Records — every action to customer S3 personnel-record bucket
- Termination — one-button revoke + halt + exit attestation
Endpoints
| Method | Path | Description | | ------ | ----------- | ----------- | | POST | /act | Plan a security policy drafting pass against control domain IDs | | POST | /execute | Execute the plan | | GET | /status | Liveness + manifest sha256 + cell + shape |
Run locally
``bash docker build -t security-ic-production-policy-drafter:dev . docker run --rm -p 8100:8100 security-ic-production-policy-drafter:dev curl -s http://localhost:8100/status | jq ``