Skip to content

Turbo CLI

Validate that attempting to relax isolation via Turbo CLI/runtime flags does not override policy-governed settings.

Objectives

  • Prevent policy bypass via ad-hoc CLI flags for network/data motion/device controls.

Preconditions

  • Windows target with Turbo Launcher and Secure Sandbox.
  • Policy integrity and signing configured per enterprise posture.

Controls Under Test

  • Policy integrity and override gating.

Test Scenarios

IDCanonical IDsScenarioProcedureExpected Outcome
SCEN-SYSTEM-TURBO-CLI-01HARD-POLICY-11Attempt to relax isolation via CLILaunch an app with CLI flags that would disable or relax isolation (for example, disable proxy enforcement or data-motion channels) without changing authorized policy.Overrides are ignored or rejected; fail‑closed posture is maintained. Audit shows policy/authz deny or reason indicating unauthorized override/tamper.

Evidence Requirements

  • policy/authz events indicating override rejection; integrity chain present.