# Read-only platform inspection policy.
#
# Useful for status dashboards and audit/review sessions that need visibility
# into mounts and platform metadata without secret material mutation.

path "sys/health" {
  capabilities = ["read"]
}

path "sys/mounts" {
  capabilities = ["read", "list"]
}

path "sys/auth" {
  capabilities = ["read", "list"]
}

path "sys/policies/acl" {
  capabilities = ["read", "list"]
}

path "auth/token/lookup-self" {
  capabilities = ["read"]
}

path "platform/metadata/*" {
  capabilities = ["read", "list"]
}