# Loop Build policy toggles
# Safe-by-default behavior:
# - read-only commands in allowlist pass without explicit approval
# - all other non-denylist commands can run only when the harness is in an approved execution context

POLICY_SECONDARY_CONFIRM=0
ALLOW_SUDO=0
ALLOW_RM_RF=0
ALLOW_NETWORK=0
ALLOW_CURL_BASH=0
ALLOW_INSTALL=0
ALLOW_GIT_NETWORK=0
ALLOW_PROFILE_MODIFY=0