Manifests

What you'll learn: What manifests are, how to connect a repository, and how to assign manifests to agents.

What are manifests?

Manifests are YAML files that define sets of compliance policies. Instead of creating policies one by one, you connect a GitHub repository containing manifest files and assign them to your agents. Policies are created automatically from the manifest and evaluated by the engine.

Manifests live in a GitHub repository (e.g. Kyvvu/manifests) and are versioned with Git. When a manifest is updated in the repo, you can resync the assignment to pick up changes.

Connecting a repository

Via the dashboard

1. Go to Manifests page.

2. Click Add Repository.

3. Enter the GitHub URL and a personal access token (optional for public repos).

4. Click Connect.

Via the API

curl -X POST https://platform.kyvvu.com/api/v1/repos \
  -H "Authorization: Bearer <JWT>" \
  -H "Content-Type: application/json" \
  -d '{"owner": "Kyvvu", "name": "manifests", "branch": "main", "token": "ghp_..."}'

Assigning a manifest to an agent

Via the dashboard

1. Go to Manifests page.

2. Click Assign on a manifest.

3. Select the agents to assign to.

4. Click Save.

Via the CLI

Via the API

Listing manifests and assignments

Resyncing assignments

When a manifest is updated in the repository, you can resync to pick up changes:

• Dashboard: Click the sync icon on the assignment in the Agents page.

• API: POST /api/v1/assignments/{id}/resync

Resync compares the Git SHA. If unchanged, it's a no-op. If changed, old policies are disabled and new ones created.

Risk filtering

When assigning a manifest, policies with a risk_classification higher than the agent's risk level are automatically skipped. For example, a high-risk-only policy won't be applied to a limited-risk agent.

Next steps

• Creating Policies — create custom policies

• Compound Policies — advanced policy authoring