Policies
A policy is a named set of tools. When you attach a policy to an agent, that agent gains access to every tool in the policy.
Policies are the central point of control in your governance setup. Getting policies right means your agents have exactly the access they need - no more, no less.
Creating a policy
Click New policy to open the policy editor.
Name - Keep this short and descriptive. The policy name appears in audit log entries and approval requests, so it should be recognizable at a glance (for example, "CRM Read-Only" or "GitHub Dev Tools").
Description - What this policy is for and which agents or teams use it.
Tools - Search and select the tools this policy covers. Only approved, active tools appear in the list.
Approvers - Optionally select Slack users who must approve any call covered by this policy. When approvers are set, every agent using this policy will have its tool calls reviewed by a human before (or after) execution. Leave this empty for fully automated execution with no approval gate.
Requiring human approval
Adding approvers to a policy is how you put a human in the loop for sensitive operations.
For example, if you have a policy covering stripe_refund_charge and stripe_cancel_subscription, you might add your finance team as approvers. Any agent that carries this policy will have those calls queued for review rather than executing automatically.
See Approvals for how approvers review and act on queued requests.
Editing a policy
When you edit an existing policy, the editor shows you an impact summary before you save:
- Which agents are currently using this policy - any change affects them immediately
- Which tools are being added or removed by this edit
Review the impact summary carefully. Removing a tool from a policy means every agent using that policy can no longer call that tool, effective immediately after you save.
Version history and rollback
Every change to a policy is recorded automatically. Open a policy and click History to see a timeline of all changes: who made each one, when, and exactly what was added or removed.
To restore a previous version:
- Find the version you want to restore in the history timeline
- Click Preview to see the full tool list and approver list as they were at that point
- Click Restore to apply it
The restore is recorded as a new version entry, so the action itself is auditable. You can restore a restore.
Templates
If you are starting from scratch, templates give you a starting point for common governance patterns:
- Read-Only Data Access - GET-only tools for querying data
- Communication Suite - email, Slack, and messaging tools
- Dev Toolchain - GitHub, Jira, and similar developer tools
- Sandbox Full Access - broad access for test environments
- CRM Read - read-only CRM data (contacts, accounts, deals)
- Infrastructure Read - cloud resource listing and status tools
- Analytics Access - query and reporting tools
- Support Workflow - ticketing and customer support tools
Selecting a template pre-fills the editor. All fields can be changed before you save.
Deleting a policy
Deleting a policy removes it from all agents that carry it. Those agents immediately lose access to any tools that were only covered by the deleted policy. This is not reversible through history rollback since the policy no longer exists.
Before deleting, check the impact summary to confirm which agents will be affected.