Appearance
Turbo CLI
Validate that attempting to relax isolation via Turbo CLI/runtime flags does not override policy-governed settings.
Objectives
- Prevent policy bypass via ad-hoc CLI flags for network/data motion/device controls.
Preconditions
- Windows target with Turbo Launcher and Secure Sandbox.
- Policy integrity and signing configured per enterprise posture.
Controls Under Test
- Policy integrity and override gating.
Test Scenarios
| ID | Canonical IDs | Scenario | Procedure | Expected Outcome |
|---|---|---|---|---|
| SCEN-SYSTEM-TURBO-CLI-01 | HARD-POLICY-11 | Attempt to relax isolation via CLI | Launch an app with CLI flags that would disable or relax isolation (for example, disable proxy enforcement or data-motion channels) without changing authorized policy. | Overrides are ignored or rejected; fail‑closed posture is maintained. Audit shows policy/authz deny or reason indicating unauthorized override/tamper. |
Evidence Requirements
policy/authzevents indicating override rejection; integrity chain present.
