disallow constraints will evaluate all direct and transitive dependencies for a package. If any local dependency has tags that match a selector within the disallow array, then the constraint will fail.

Disallow specific direct or transitive dependencies

Use a tag as a selector to disallow subsets of local dependencies. 
{
  "disallow": ["application"]
}

Disllow all dependencies

Use * as a selector to disallow all local dependencies. 
{
  "disallow": "*"
}

Example

The following constraint…
.commonality/config.json
{
  "constraints": {
    "high-availability": {
      "disallow": ["beta"]
    }
  }
}
…will fail for the following dependency graph. A graph that shows that transitive dependencies are traversed with disallow constraints This is due to the fact that a transitive dependency contains the matching beta tag.