In the .allstar repository at org level, create or edit allstar.yaml
Set optConfig.optOutStrategy: false for opt-in (only listed repos are covered) or optConfig.optOutStrategy: true for opt-out (all repos covered unless excluded)
In opt-in mode, list repos under optConfig.optInRepos; in opt-out mode list repos to exclude under optConfig.optOutRepos
To allow repository maintainers to override org-level policy, set optConfig.repoOverride.allow: true; set it to false to enforce org policy universally
Use optConfig.optOutPublicRepos or optConfig.optOutPrivateRepos to bulk-exclude all public or private repos from coverage
Known gotchas
Allstar defaults to opt-in after installation, meaning no repositories are actively monitored until you list them or switch to opt-out strategy
The .allstar config repository must be named exactly .allstar (with the leading dot); a differently named repository is not recognized as the Allstar config source
repoOverride.allow: true gives individual repo owners the ability to opt themselves out of policies entirely; in security-sensitive orgs, set it to false to prevent repos from escaping enforcement
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp