We don’t have any compiled code for now. Nor any policy for this.
The closest to such a policy is this one:
Whonix firejail discussion:
Something super simple to answer “everything from the workstation is
always routed through Tor” becomes something less simple and more
insecure sounding “everything from the workstation is always routed
through Tor unless you install that package”.
/cc @HulaHoop since this involves compiled code, policy, firejail and
contributions.