## GetOrganizationPolicies

`client.Organizations.Policies.Get(ctx, body) (*OrganizationPolicyGetResponse, error)`

**post** `/gitpod.v1.OrganizationService/GetOrganizationPolicies`

Gets organization policy settings by organization ID.

Use this method to:

- Retrieve current policy settings for an organization
- View resource limits and restrictions
- Check allowed editors and other configurations

### Examples

- Get organization policies:

  Retrieves policy settings for a specific organization.

  ```yaml
  organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  ```

### Parameters

- `body OrganizationPolicyGetParams`

  - `OrganizationID param.Field[string]`

    organization_id is the ID of the organization to retrieve policies for

### Returns

- `type OrganizationPolicyGetResponse struct{…}`

  - `Policies OrganizationPolicies`

    - `AgentPolicy AgentPolicy`

      agent_policy contains agent-specific policy settings

      - `CommandDenyList []string`

        command_deny_list contains a list of commands that agents are not allowed to execute

      - `McpDisabled bool`

        mcp_disabled controls whether MCP (Model Context Protocol) is disabled for agents

      - `ScmToolsDisabled bool`

        scm_tools_disabled controls whether SCM (Source Control Management) tools are disabled for agents

      - `ConversationSharingPolicy ConversationSharingPolicy`

        conversation_sharing_policy controls whether agent conversations can be shared

        - `const ConversationSharingPolicyUnspecified ConversationSharingPolicy = "CONVERSATION_SHARING_POLICY_UNSPECIFIED"`

        - `const ConversationSharingPolicyDisabled ConversationSharingPolicy = "CONVERSATION_SHARING_POLICY_DISABLED"`

        - `const ConversationSharingPolicyOrganization ConversationSharingPolicy = "CONVERSATION_SHARING_POLICY_ORGANIZATION"`

      - `MaxSubagentsPerEnvironment int64`

        max_subagents_per_environment limits the number of non-terminal sub-agents
        a parent can have running simultaneously in the same environment.
        Valid range: 0-10. Zero means use the default (5).

      - `ScmToolsAllowedGroupID string`

        scm_tools_allowed_group_id restricts SCM tools access to members of this group.
        Empty means no restriction (all users can use SCM tools if not disabled).

    - `AllowedEditorIDs []string`

      allowed_editor_ids is the list of editor IDs that are allowed to be used in the organization

    - `AllowLocalRunners bool`

      allow_local_runners controls whether local runners are allowed to be used in the organization

    - `DefaultEditorID string`

      default_editor_id is the default editor ID to be used when a user doesn't specify one

    - `DefaultEnvironmentImage string`

      default_environment_image is the default container image when none is defined in repo

    - `MaximumEnvironmentsPerUser string`

      maximum_environments_per_user limits total environments (running or stopped) per user

    - `MaximumRunningEnvironmentsPerUser string`

      maximum_running_environments_per_user limits simultaneously running environments per user

    - `MembersCreateProjects bool`

      members_create_projects controls whether members can create projects

    - `MembersRequireProjects bool`

      members_require_projects controls whether environments can only be created from projects by non-admin users

    - `OrganizationID string`

      organization_id is the ID of the organization

    - `PortSharingDisabled bool`

      port_sharing_disabled controls whether user-initiated port sharing is disabled in the organization.
      System ports (VS Code Browser, agents) are always exempt from this policy.

    - `RequireCustomDomainAccess bool`

      require_custom_domain_access controls whether users must access via custom domain
      when one is configured. When true, access via app.gitpod.io is blocked.

    - `RestrictAccountCreationToScim bool`

      restrict_account_creation_to_scim controls whether account creation is restricted to SCIM-provisioned users only.
      When true and SCIM is configured for the organization, only users provisioned via SCIM can create accounts.

    - `DeleteArchivedEnvironmentsAfter string`

      delete_archived_environments_after controls how long archived environments are kept before automatic deletion.
      0 means no automatic deletion. Maximum duration is 4 weeks (2419200 seconds).

    - `EditorVersionRestrictions map[string, OrganizationPoliciesEditorVersionRestriction]`

      editor_version_restrictions restricts which editor versions can be used.
      Maps editor ID to version policy, editor_version_restrictions not set means no restrictions.
      If empty or not set for an editor, we will use the latest version of the editor

      - `AllowedVersions []string`

        allowed_versions lists the versions that are allowed
        If empty, we will use the latest version of the editor

        Examples for JetBrains: `["2025.2", "2025.1", "2024.3"]`

    - `MaximumEnvironmentLifetime string`

      maximum_environment_lifetime controls for how long environments are allowed to be reused.
      0 means no maximum lifetime. Maximum duration is 180 days (15552000 seconds).

    - `MaximumEnvironmentTimeout string`

      maximum_environment_timeout controls the maximum timeout allowed for environments in seconds.
      0 means no limit (never). Minimum duration is 30 minutes (1800 seconds).
      value must be 0s (no limit) or at least 1800s (30 minutes):

      ```
      this == duration('0s') || this >= duration('1800s')
      ```

    - `SecurityAgentPolicy SecurityAgentPolicy`

      security_agent_policy contains security agent configuration for the organization.
      When configured, security agents are automatically deployed to all environments.

      - `Crowdstrike CrowdStrikeConfig`

        crowdstrike contains CrowdStrike Falcon configuration

        - `AdditionalOptions map[string, string]`

          additional_options contains additional FALCONCTL_OPT_* options as key-value pairs.
          Keys should NOT include the FALCONCTL_OPT_ prefix.

        - `CidSecretID string`

          cid_secret_id references an organization secret containing the Customer ID (CID).

        - `Enabled bool`

          enabled controls whether CrowdStrike Falcon is deployed to environments

        - `Image string`

          image is the CrowdStrike Falcon sensor container image reference

        - `Tags string`

          tags are optional tags to apply to the Falcon sensor (comma-separated)

    - `VetoExecPolicy VetoExecPolicy`

      veto_exec_policy contains the veto exec policy for environments.

      - `Action KernelControlsAction`

        action specifies what action kernel-level controls take on policy violations

        - `const KernelControlsActionUnspecified KernelControlsAction = "KERNEL_CONTROLS_ACTION_UNSPECIFIED"`

        - `const KernelControlsActionBlock KernelControlsAction = "KERNEL_CONTROLS_ACTION_BLOCK"`

        - `const KernelControlsActionAudit KernelControlsAction = "KERNEL_CONTROLS_ACTION_AUDIT"`

      - `Enabled bool`

        enabled controls whether executable blocking is active

      - `Executables []string`

        executables is the list of executable paths or names to block

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/gitpod-io/gitpod-sdk-go"
  "github.com/gitpod-io/gitpod-sdk-go/option"
)

func main() {
  client := gitpod.NewClient(
    option.WithBearerToken("My Bearer Token"),
  )
  policy, err := client.Organizations.Policies.Get(context.TODO(), gitpod.OrganizationPolicyGetParams{
    OrganizationID: gitpod.F("b0e12f6c-4c67-429d-a4a6-d9838b5da047"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", policy.Policies)
}
```

#### Response

```json
{
  "policies": {
    "agentPolicy": {
      "commandDenyList": [
        "string"
      ],
      "mcpDisabled": true,
      "scmToolsDisabled": true,
      "conversationSharingPolicy": "CONVERSATION_SHARING_POLICY_UNSPECIFIED",
      "maxSubagentsPerEnvironment": 10,
      "scmToolsAllowedGroupId": "scmToolsAllowedGroupId"
    },
    "allowedEditorIds": [
      "string"
    ],
    "allowLocalRunners": true,
    "defaultEditorId": "defaultEditorId",
    "defaultEnvironmentImage": "defaultEnvironmentImage",
    "maximumEnvironmentsPerUser": "maximumEnvironmentsPerUser",
    "maximumRunningEnvironmentsPerUser": "maximumRunningEnvironmentsPerUser",
    "membersCreateProjects": true,
    "membersRequireProjects": true,
    "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "portSharingDisabled": true,
    "requireCustomDomainAccess": true,
    "restrictAccountCreationToScim": true,
    "deleteArchivedEnvironmentsAfter": "+9125115.360s",
    "editorVersionRestrictions": {
      "foo": {
        "allowedVersions": [
          "string"
        ]
      }
    },
    "maximumEnvironmentLifetime": "+9125115.360s",
    "maximumEnvironmentLifetimeStrict": true,
    "maximumEnvironmentTimeout": "+9125115.360s",
    "securityAgentPolicy": {
      "crowdstrike": {
        "additionalOptions": {
          "foo": "string"
        },
        "cidSecretId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
        "enabled": true,
        "image": "image",
        "tags": "tags"
      },
      "customAgents": [
        {
          "id": "id",
          "description": "description",
          "enabled": true,
          "envMappings": [
            {
              "name": "name",
              "secretName": "secretName"
            }
          ],
          "name": "name",
          "startCommand": "startCommand"
        }
      ]
    },
    "vetoExecPolicy": {
      "action": "KERNEL_CONTROLS_ACTION_UNSPECIFIED",
      "enabled": true,
      "executables": [
        "string"
      ],
      "safelist": [
        "string"
      ]
    }
  }
}
```