diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
index 4977ae5..f0dbafe 100644
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/npm-publish.yml
@@ -6,8 +6,9 @@ on:
   workflow_dispatch:
 
 permissions:
-  contents: read
+  contents: write
   id-token: write
+  pull-requests: write
 
 concurrency:
   group: npm-publish-${{ github.ref }}
@@ -45,3 +46,40 @@ jobs:
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: npm publish --provenance --access public
+
+      - name: Open Homebrew formula PR
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VERSION: ${{ github.ref_name }}
+        run: |
+          set -euo pipefail
+          v="${VERSION#v}"
+          tarball="https://registry.npmjs.org/@openagentlock/cli/-/cli-${v}.tgz"
+          for i in 1 2 3 4 5 6; do
+            if curl -sfI "$tarball" >/dev/null; then break; fi
+            sleep 5
+          done
+          sha=$(curl -sfL "$tarball" | shasum -a 256 | awk '{print $1}')
+          git config user.name  "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git fetch origin main
+          branch="formula/v${v}"
+          git checkout -B "$branch" origin/main
+          sed -i -E \
+            -e "s|cli-[0-9]+\.[0-9]+\.[0-9]+\.tgz|cli-${v}.tgz|" \
+            -e "s|sha256 \"[^\"]+\"|sha256 \"${sha}\"|" \
+            -e "s|version \"[^\"]+\"|version \"${v}\"|" \
+            Formula/agentlock.rb
+          if git diff --quiet -- Formula/agentlock.rb; then
+            echo "Formula already at v${v}"
+            exit 0
+          fi
+          git add Formula/agentlock.rb
+          git commit -m "Formula: pin v${v} sha256"
+          git push -f origin "$branch"
+          gh pr create \
+            --base main \
+            --head "$branch" \
+            --title "Formula: pin v${v} sha256" \
+            --body "Automated formula bump after publishing \`@openagentlock/cli@${v}\` to npm." \
+            || gh pr edit "$branch" --title "Formula: pin v${v} sha256"
diff --git a/control-plane/Dockerfile b/control-plane/Dockerfile
index 368b308..c36bb4e 100644
--- a/control-plane/Dockerfile
+++ b/control-plane/Dockerfile
@@ -59,6 +59,7 @@ RUN install -d -m 0700 -o 65532 -g 65532 /out/agentlock-home
 FROM gcr.io/distroless/cc-debian12 AS runtime
 COPY --from=go-builder /out/control-plane /usr/local/bin/agentlockd
 COPY --from=go-builder --chown=65532:65532 /out/agentlock-home /var/lib/agentlock
+COPY policies/default.yaml /etc/agentlock/policies/default.yaml
 ENV AGENTLOCK_LISTEN=0.0.0.0:7878
 ENV AGENTLOCK_DASHBOARD_LISTEN=0.0.0.0:7879
 ENV AGENTLOCK_HOME=/var/lib/agentlock
diff --git a/docker-compose.yml b/docker-compose.yml
index 40a4a91..b177680 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -26,7 +26,6 @@ services:
       AGENTLOCK_HOME: "/var/lib/agentlock"
     volumes:
       - agentlock-state:/var/lib/agentlock
-      - ./policies:/etc/agentlock/policies:ro
     healthcheck:
       test: ["CMD", "/usr/local/bin/agentlockd", "--health"]
       interval: 10s