Policies
GetOrganizationPolicies
UpdateOrganizationPolicies
ModelsExpand Collapse
AgentPolicy object { commandDenyList, mcpDisabled, scmToolsDisabled, 3 more } AgentPolicy contains agent-specific policy settings for an organization
AgentPolicy contains agent-specific policy settings for an organization
command_deny_list contains a list of commands that agents are not allowed to execute
mcp_disabled controls whether MCP (Model Context Protocol) is disabled for agents
scm_tools_disabled controls whether SCM (Source Control Management) tools are disabled for agents
CrowdStrikeConfig object { additionalOptions, cidSecretId, enabled, 2 more } CrowdStrikeConfig configures CrowdStrike Falcon sensor deployment
CrowdStrikeConfig configures CrowdStrike Falcon sensor deployment
CustomSecurityAgent object { id, description, enabled, 3 more } CustomSecurityAgent defines a custom security agent configured by an organization admin.
CustomSecurityAgent defines a custom security agent configured by an organization admin.
OrganizationPolicies object { agentPolicy, allowedEditorIds, allowLocalRunners, 16 more }
agent_policy contains agent-specific policy settings
agent_policy contains agent-specific policy settings
command_deny_list contains a list of commands that agents are not allowed to execute
mcp_disabled controls whether MCP (Model Context Protocol) is disabled for agents
scm_tools_disabled controls whether SCM (Source Control Management) tools are disabled for agents
allowed_editor_ids is the list of editor IDs that are allowed to be used in the organization
allow_local_runners controls whether local runners are allowed to be used in the organization
default_editor_id is the default editor ID to be used when a user doesn’t specify one
default_environment_image is the default container image when none is defined in repo
maximum_environments_per_user limits total environments (running or stopped) per user
maximum_running_environments_per_user limits simultaneously running environments per user
members_require_projects controls whether environments can only be created from projects by non-admin users
port_sharing_disabled controls whether user-initiated port sharing is disabled in the organization. System ports (VS Code Browser, agents) are always exempt from this policy.
require_custom_domain_access controls whether users must access via custom domain when one is configured. When true, access via app.gitpod.io is blocked.
restrict_account_creation_to_scim controls whether account creation is restricted to SCIM-provisioned users only. When true and SCIM is configured for the organization, only users provisioned via SCIM can create accounts.
delete_archived_environments_after controls how long archived environments are kept before automatic deletion. 0 means no automatic deletion. Maximum duration is 4 weeks (2419200 seconds).
editorVersionRestrictions: optional map[object { allowedVersions } ]editor_version_restrictions restricts which editor versions can be used.
Maps editor ID to version policy, editor_version_restrictions not set means no restrictions.
If empty or not set for an editor, we will use the latest version of the editor
editor_version_restrictions restricts which editor versions can be used. Maps editor ID to version policy, editor_version_restrictions not set means no restrictions. If empty or not set for an editor, we will use the latest version of the editor
maximum_environment_lifetime controls for how long environments are allowed to be reused. 0 means no maximum lifetime. Maximum duration is 180 days (15552000 seconds).
maximum_environment_timeout controls the maximum timeout allowed for environments in seconds. 0 means no limit (never). Minimum duration is 30 minutes (1800 seconds). value must be 0s (no limit) or at least 1800s (30 minutes):
this == duration('0s') || this >= duration('1800s')security_agent_policy contains security agent configuration for the organization.
When configured, security agents are automatically deployed to all environments.
security_agent_policy contains security agent configuration for the organization. When configured, security agents are automatically deployed to all environments.
crowdstrike contains CrowdStrike Falcon configuration
crowdstrike contains CrowdStrike Falcon configuration
SecurityAgentPolicy object { crowdstrike } SecurityAgentPolicy contains security agent configuration for an organization.
When enabled, security agents are automatically deployed to all environments.
SecurityAgentPolicy contains security agent configuration for an organization. When enabled, security agents are automatically deployed to all environments.
crowdstrike contains CrowdStrike Falcon configuration
crowdstrike contains CrowdStrike Falcon configuration
PolicyRetrieveResponse object { policies }
agent_policy contains agent-specific policy settings
agent_policy contains agent-specific policy settings
command_deny_list contains a list of commands that agents are not allowed to execute
mcp_disabled controls whether MCP (Model Context Protocol) is disabled for agents
scm_tools_disabled controls whether SCM (Source Control Management) tools are disabled for agents
allowed_editor_ids is the list of editor IDs that are allowed to be used in the organization
allow_local_runners controls whether local runners are allowed to be used in the organization
default_editor_id is the default editor ID to be used when a user doesn’t specify one
default_environment_image is the default container image when none is defined in repo
maximum_environments_per_user limits total environments (running or stopped) per user
maximum_running_environments_per_user limits simultaneously running environments per user
members_require_projects controls whether environments can only be created from projects by non-admin users
port_sharing_disabled controls whether user-initiated port sharing is disabled in the organization. System ports (VS Code Browser, agents) are always exempt from this policy.
require_custom_domain_access controls whether users must access via custom domain when one is configured. When true, access via app.gitpod.io is blocked.
restrict_account_creation_to_scim controls whether account creation is restricted to SCIM-provisioned users only. When true and SCIM is configured for the organization, only users provisioned via SCIM can create accounts.
delete_archived_environments_after controls how long archived environments are kept before automatic deletion. 0 means no automatic deletion. Maximum duration is 4 weeks (2419200 seconds).
editorVersionRestrictions: optional map[object { allowedVersions } ]editor_version_restrictions restricts which editor versions can be used.
Maps editor ID to version policy, editor_version_restrictions not set means no restrictions.
If empty or not set for an editor, we will use the latest version of the editor
editor_version_restrictions restricts which editor versions can be used. Maps editor ID to version policy, editor_version_restrictions not set means no restrictions. If empty or not set for an editor, we will use the latest version of the editor
maximum_environment_lifetime controls for how long environments are allowed to be reused. 0 means no maximum lifetime. Maximum duration is 180 days (15552000 seconds).
maximum_environment_timeout controls the maximum timeout allowed for environments in seconds. 0 means no limit (never). Minimum duration is 30 minutes (1800 seconds). value must be 0s (no limit) or at least 1800s (30 minutes):
this == duration('0s') || this >= duration('1800s')security_agent_policy contains security agent configuration for the organization.
When configured, security agents are automatically deployed to all environments.
security_agent_policy contains security agent configuration for the organization. When configured, security agents are automatically deployed to all environments.
crowdstrike contains CrowdStrike Falcon configuration
crowdstrike contains CrowdStrike Falcon configuration