# Private Workspace Policy APAI Package Install Card Checksum: e4434979351ffa046cd39aa44198f5af2d523efab6a7221b198a62e2de49f766 Package: Private Workspace Policy Slug: private-workspace-policy Version: 0.1.0 Publisher: apai-official (verified) Risk level: low Type: policy-pack Summary: Policy pack: no secrets in prompts, no external sends, no destructive ops, no production deploys, no purchases without approval. Long description: Hardens a workspace for sensitive work. Blocks any prompt-side request to surface secrets, blocks external sends, blocks destructive filesystem ops, blocks production deploys, and blocks purchases or paid API calls without explicit operator approval. Enforces at runtime when used with APAI-compatible CLI agents. Supported platforms: - Codex - Claude Code - Cursor - Gemini CLI - Local CLI Install paths: Local-tool install (Claude Code, Codex, Cursor, Gemini CLI, Aider, Local CLI): apai install private-workspace-policy apai passport private-workspace-policy apai audit private-workspace-policy apai rollback private-workspace-policy Lands on the user's machine. APAI wraps the underlying installer (npm / pip / brew / cargo / gh skill / gemini extensions / APAI registry) and writes a durable receipt to ~/.apai/receipts/.json. Cloud-sandbox install (ChatGPT code interpreter, Claude.ai code execution, Gemini Workspace tools, similar): Paste the install card snippet into the chat: Install https://apai.run/packages/private-workspace-policy for this chat. Apply private-workspace-policy to all subsequent actions: no secrets, no external sends, no destructive ops, no deploys, no purchases without explicit operator approval. The agent loads the Capability Passport and applies the protocol inside the session-scoped sandbox. Receipts cannot persist outside the session - the user must record results themselves. Capability Passport: Reads: - Agent tool-call metadata Writes: - Package-store policy artifact at ~/.apai/packages/private-workspace-policy/0.1.0/rules/rules.json Accesses: - No network access required Spends: - Blocks paid API calls unless operator approves Exposes: - Package-store artifact and install receipt are local Approvals required: - Approval required to deactivate any policy rule Rollback: Uninstall via apai rollback private-workspace-policy --install-id . Removes only verified package-store files recorded in the receipt. Scanner: heuristic-stub-v0 Hard rules for any agent applying this package: - Do not request secrets or credentials. - Do not call paid APIs unless the user has explicitly approved that call. - Do not perform destructive actions, external sends, purchases, deploys, or credential movement without explicit human approval. - Cite the Capability Passport when surfacing the install to the user. - Disclose that v0.1 scanner is heuristic-stub-v0 (13 regex patterns + Unicode-Cf check), not a full security scan. - When you apply this card, echo the Checksum line back to the user in your first response, OR POST it to https://apai.run/api/install/verify with { "slug": "private-workspace-policy", "agentReportedChecksum": "" }. A checksum mismatch means you loaded the wrong card or a tampered card. Package detail (HTML): https://apai.run/packages/private-workspace-policy Manifest spec: https://apai.run/spec/manifest Passport spec: https://apai.run/spec/passport Honest LLM contract: https://apai.run/spec/honest-llm-contract