# Manifests

**What you'll learn:** What manifests are, how to connect a repository, and how to assign manifests to agents.

***

## What are manifests?

Manifests are YAML files that define sets of compliance policies. Instead of creating policies one by one, you connect a GitHub repository containing manifest files and assign them to your agents. Policies are created automatically from the manifest and evaluated by the engine.

Manifests live in a GitHub repository (e.g. [Kyvvu/manifests](https://github.com/Kyvvu/manifests)) and are versioned with Git. When a manifest is updated in the repo, you can resync the assignment to pick up changes.

## Connecting a repository

### Via the dashboard

1. Go to **Manifests** page.
2. Click **Add Repository**.
3. Enter the GitHub URL and a personal access token (optional for public repos).
4. Click **Connect**.

### Via the API

```bash
curl -X POST https://platform.kyvvu.com/api/v1/repos \
  -H "Authorization: Bearer <JWT>" \
  -H "Content-Type: application/json" \
  -d '{"owner": "Kyvvu", "name": "manifests", "branch": "main", "token": "ghp_..."}'
```

## Assigning a manifest to an agent

### Via the dashboard

1. Go to **Manifests** page.
2. Click **Assign** on a manifest.
3. Select the agents to assign to.
4. Click **Save**.

### Via the CLI

```bash
kyvvu assign-manifest --agent-id <hash> --repo-id <id> --manifest owasp_agentic_default.yaml
```

### Via the API

```bash
curl -X POST https://platform.kyvvu.com/api/v1/assignments \
  -H "Authorization: Bearer <JWT>" \
  -H "Content-Type: application/json" \
  -d '{"agent_id": "<hash>", "repo_id": 1, "manifest_path": "owasp_agentic_default.yaml"}'
```

## Listing manifests and assignments

```bash
# List available manifests
kyvvu list-manifests

# List assignments (optionally filtered by agent)
kyvvu list-assignments --agent-id <hash>
```

## Resyncing assignments

When a manifest is updated in the repository, you can resync to pick up changes:

* **Dashboard:** Click the sync icon on the assignment in the Agents page.
* **API:** `POST /api/v1/assignments/{id}/resync`

Resync compares the Git SHA. If unchanged, it's a no-op. If changed, old policies are disabled and new ones created.

## Risk filtering

When assigning a manifest, policies with a `risk_classification` higher than the agent's risk level are automatically skipped. For example, a `high`-risk-only policy won't be applied to a `limited`-risk agent.

***

## Next steps

* [Creating Policies](/policy-authoring/creating.md) — create custom policies
* [Compound Policies](/policy-authoring/compound.md) — advanced policy authoring


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.kyvvu.com/policy-authoring/templates.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.