DTwo Policy Store

Im Messaging bundle

Included policies (1)

About this bundle

A curated bundle of policies for instant-messaging MCP servers (Slack today; Microsoft Teams and Discord planned). The goal is a sensible default posture for any organization fronting an IM tool through the DTwo gateway: prevent secret leaks, redact sensitive data, and keep audit trails clean.

Included policies

Policy App Direction Purpose
block-secrets slack ingress Deny Slack send-message calls whose body looks like a secret (API key, password, token, private key).

Policy bodies live under apps/. This page only links to them — see the top-level README for the rationale.

How bundle membership works

Bundle membership is declared in each policy's policy.md frontmatter (the policy lists bundles: ["im-messaging"]). This page is a human-readable landing page; the generated manifest.json is the machine-readable source of truth. There is intentionally no separate bundle.json artifact — one source of metadata avoids drift.

The bundle's policies are designed to compose cleanly on the same ingress pipeline. None of them conflict with the others, and each is default allow := false only for the narrow concern it addresses (i.e., they don't accidentally deny tools they don't know about).

What's intentionally not in the bundle

Roadmap