Skip to content

Policies

A policy is a named set of tools. When you attach a policy to an agent, that agent gains access to every tool in the policy.

Policies are the central point of control in your governance setup. Getting policies right means your agents have exactly the access they need - no more, no less.

Creating a policy

Click New policy to open the policy editor.

Name - Keep this short and descriptive. The policy name appears in audit log entries and approval requests, so it should be recognizable at a glance (for example, "CRM Read-Only" or "GitHub Dev Tools").

Description - What this policy is for and which agents or teams use it.

Tools - Search and select the tools this policy covers. Only approved, active tools appear in the list.

Approvers - Optionally select Slack users who must approve any call covered by this policy. When approvers are set, every agent using this policy will have its tool calls reviewed by a human before (or after) execution. Leave this empty for fully automated execution with no approval gate.

Requiring human approval

Adding approvers to a policy is how you put a human in the loop for sensitive operations.

For example, if you have a policy covering stripe_refund_charge and stripe_cancel_subscription, you might add your finance team as approvers. Any agent that carries this policy will have those calls queued for review rather than executing automatically.

See Approvals for how approvers review and act on queued requests.

Editing a policy

When you edit an existing policy, the editor shows you an impact summary before you save:

  • Which agents are currently using this policy - any change affects them immediately
  • Which tools are being added or removed by this edit

Review the impact summary carefully. Removing a tool from a policy means every agent using that policy can no longer call that tool, effective immediately after you save.

Version history and rollback

Every change to a policy is recorded automatically. Open a policy and click History to see a timeline of all changes: who made each one, when, and exactly what was added or removed.

To restore a previous version:

  1. Find the version you want to restore in the history timeline
  2. Click Preview to see the full tool list and approver list as they were at that point
  3. Click Restore to apply it

The restore is recorded as a new version entry, so the action itself is auditable. You can restore a restore.

Templates

If you are starting from scratch, templates give you a starting point for common governance patterns:

  • Read-Only Data Access - GET-only tools for querying data
  • Communication Suite - email, Slack, and messaging tools
  • Dev Toolchain - GitHub, Jira, and similar developer tools
  • Sandbox Full Access - broad access for test environments
  • CRM Read - read-only CRM data (contacts, accounts, deals)
  • Infrastructure Read - cloud resource listing and status tools
  • Analytics Access - query and reporting tools
  • Support Workflow - ticketing and customer support tools

Selecting a template pre-fills the editor. All fields can be changed before you save.

Deleting a policy

Deleting a policy removes it from all agents that carry it. Those agents immediately lose access to any tools that were only covered by the deleted policy. This is not reversible through history rollback since the policy no longer exists.

Before deleting, check the impact summary to confirm which agents will be affected.

Released under the MIT License.