Org watch templates

Share repeatable watch configurations across your organization — URL patterns, poll defaults, auth headers, tags, and policy presets assigned from a catalog.

Shipped: CP-2.9 org templates API and console Launch from template on /start and fleet empty states.

Templates vs org defaults

CapabilityStatusNotes
Watch templates (CP-2.9)ShippedNamed presets — create watches and bindings with one click
Contract template registry (CP-4.8)ShippedModules / Providers shell in console catalog
Org notification defaults (CP-1.7)ShippedGET/PUT /api/org/notification-defaults — new watches inherit Slack/webhook, interval, alert policy
Org watch sets (CP-1.7)ShippedGET/POST/PUT/DELETE /api/org/watch-sets — staging vs production named sets; fleet Defined in column

Template fields

FieldDescription
nameCatalog label — e.g. “GitHub MCP production”
watchTypeopenapi · rest · mcp
urlPatternBase URL or pattern for snapshot source
policyPresetDefault drift policy preset for bindings created from template
headersJsonShared auth headers (encrypted at rest)
tagsJsonFleet filter tags — see CP-2.12 tag bar

API

GET  /api/templates
POST /api/templates
POST /api/watches/from-template

Create a template:

curl -s https://driftguard.org/api/templates \
  -H "Authorization: Bearer dg_live_…" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Stripe OpenAPI prod",
    "watchType": "openapi",
    "urlPattern": "https://api.stripe.com/v1/openapi.json",
    "policyPreset": "staging-strict",
    "tags": ["payments", "production"]
  }'

Console workflow

  1. Open the template catalog

    ConsoleCatalog or empty fleet state → Launch from template

  2. Pick a preset

    Org templates appear beside system starters (GitHub MCP, Stripe OpenAPI, etc.)

  3. Confirm overrides

    Adjust URL, headers, or policy before create — template values are defaults, not locks

  4. Optional binding

    Attach an agent binding with inherited policyPreset for runtime enforcement

Inheritance today

  • Templates set initial watch and binding fields at create time
  • Per-watch edits after create do not retroactively change sibling watches
  • Re-launch from an updated template creates a new watch — does not bulk-update fleet

CP-1.7 will add org-level sets with “defined in” override display (env0 org variables pattern).

Related

  • Watch wizard
  • Agent bindings
  • Drift policy presets
  • Portfolio Compass — coverage gaps after templating