Skip to main content
The Policies page lets Org Admins configure the behavioral rules that Agent Charley enforces on enrolled devices. Policies use a three-level scope hierarchy — org-wide defaults, group overrides, and per-device pins.

Scope Hierarchy

global (org-wide default)
  └── group (subset of devices)
        └── device (individual device override)
Policies merge from broadest to most specific. A value set at the group level overrides the same value at global; a value set at the device level overrides both. Only the fields you explicitly set are overridden — unset fields fall through to the broader scope.

Policy Types

TypeControls
App ConfigUI visibility, email analysis, stealth mode, telemetry, flow logs
Flow ConfigWhich URL categories are tracked and reported
DLP ConfigData loss prevention — pattern detection, block/warn mode, clipboard control

Editing the Org-Wide Policy

The Org (global) scope is the default scope shown when you open the Policies page. Changes here apply to all enrolled devices that do not have a group or device override for the same field.
  1. Select a policy type from the tab bar (App Config, Flow Config, DLP Config).
  2. Click the scope selector and choose Org.
  3. Edit the fields in the editor panel.
  4. Click Save.
Enabling Locked on a policy prevents individual devices from overriding it locally, even if the device has its own override configured. Use this for compliance-critical settings.

Group Policies

Apply a policy override to a device group without changing the org-wide baseline.
  1. Click Group override in the scope selector.
  2. Choose a group from the dropdown. (Manage groups under Devices → Groups.)
  3. Edit the policy fields you want to override for this group.
  4. Click Save.
Devices not in any group continue to use the org-wide policy. Devices in the group receive the merged result: org-wide values plus any field overridden at the group level.

Device Policies

Override a specific device’s policy — useful for exceptions, testing, or pilot rollouts.
  1. Click Device override in the scope selector.
  2. Start typing a device name or email to search, then select the device.
  3. Edit the policy fields for that device only.
  4. Click Save.
Device policies take the highest precedence in the merge chain.

Policy-Managed Badge

Policies created via the Policy-as-Code CLI or SDK display a Managed by code badge. These policies can still be viewed in the dashboard but are best edited through your version-controlled policy files to keep your git history consistent.

Active Policies Table

The bottom of the Policies page shows all policies currently set for the active type — org-wide, all groups, and device overrides — in a single table. Click Edit on any row to jump directly to that scope’s editor.

App Config Fields

FieldDefaultDescription
suppress_frontend_uifalseHide the browser extension’s UI (coin, panel, badges)
suppress_email_content_analysisfalseSkip phishing analysis of email content
stealth_modefalseRun entirely invisible — no tray icon, no dashboard access
flow_logs_enabledtrueStream device activity to Charley for analytics
telemetry_enabledtrueReport threat telemetry for the Overview dashboard
suppress_policy_lockedfalseAllow device to override even locked policies (use with caution)

Flow Config Fields

FieldDefaultDescription
enabledtrueEnable or disable flow tracking entirely
categoriesallURL categories to classify and report
Available categories: SECURITY_BLOCK, BANKING, CRYPTO, ECOMMERCE, EMAIL, JOB_SITES, SOCIAL_MEDIA, PRODUCTIVITY, TRUSTED.

DLP Config Fields

FieldDescription
enabledEnable DLP scanning
targets.apply_to_all_appsScan clipboard paste in all apps
targets.apps_allowlistOnly scan in the listed apps (by name, e.g. Chrome, Slack)
detections.builtinsBuilt-in detectors: credit_card, ssn_us, email, phone
detections.custom_regexCustom patterns (name + regex)
actions.modeblock — prevent paste, warn — alert user, allow — log only
actions.clear_clipboard_on_blockClear clipboard when blocking
actions.allow_once_overrideLet the user bypass the block once per trigger
ui.notify_on_block / ui.notify_on_warnShow a toast notification
ui.toast_cooldown_secMinimum seconds between successive toasts (0 = always)

Policy Templates

The template bar lets you save and reuse common policy configurations.
  • Click Save as template from the editor to name and store the current configuration.
  • Click a template in the bar to load it into the editor (you can then adjust and save).
  • Templates are shared across your org and stored server-side.

Next Steps

  • Groups — create device groups and assign members
  • Policy as Code — version-control and automate policy deployment via CLI/SDK