Workspace
/
Policies
setup
Search agents, workflows, memory...
⌘K
Deploy agent
Execution guardrails - 9 enforced
Policies
Policies are enforced before operators can execute tool actions. Operators can propose actions, but guardrails decide what can run.
Add policy
Enforced policies
9
active guardrails
Actions reviewed today
0
policy engine evaluations
Approvals required
0
risky actions waiting
Blocked actions
0
blocked before execution
Active guardrails
Blocked actions never reach connected tools.
Outbound communication gate
approval
email.send
External email sends require approval before execution.
agents: all | connectors: gmail, outlook | conditions: externalRecipient:true
Edit
Test
Disable
CRM auto-write
allow
crm.updateRecord
Revenue and client flow operators may update CRM records.
agents: agent-rv-001, agent-cf-003 | connectors: hubspot, salesforce | conditions: none
Edit
Test
Disable
Delete CRM record blocked
blocked
crm.deleteRecord
Destructive CRM deletes are blocked by execution guardrails.
agents: all | connectors: hubspot, salesforce, pipedrive | conditions: destructiveAction:true
Edit
Test
Disable
Pricing changes blocked
blocked
pricing.change
Pricing updates are blocked from operator actions.
agents: all | connectors: all | conditions: containsPricing:true
Edit
Test
Disable
Payment refunds blocked
blocked
payment.refund
Payment refunds are blocked from operator execution.
agents: all | connectors: stripe, shopify | conditions: financialAction:true
Edit
Test
Disable
Memory write allowed
allow
memory.write
Operators may write approved memory updates.
agents: all | connectors: all | conditions: none
Edit
Test
Disable
Memory delete requires admin approval
approval
memory.delete
Memory deletions require admin approval review.
agents: all | connectors: all | conditions: adminOnly:true | destructiveAction:true
Edit
Test
Disable
External calendar invite gate
approval
calendar.createExternalInvite
External meeting invites require approval.
agents: all | connectors: google-calendar, outlook-calendar, calendly | conditions: externalRecipient:true
Edit
Test
Disable
External file sharing blocked
blocked
file.shareExternal
External file sharing is blocked for customer-facing actions.
agents: all | connectors: google-drive, notion | conditions: customerFacing:true
Edit
Test
Disable
Policy test panel
Approval-required actions wait in the inbox.
Revenue Operator
Marketing Operator
Client Flow Operator
Operations Operator
email.createDraft
email.send
crm.createRecord
crm.updateRecord
crm.deleteRecord
pricing.change
payment.refund
slack.postMessage
calendar.createExternalInvite
memory.read
memory.write
memory.delete
file.read
file.shareExternal
internal.logWrite
internal.approvalCreate
risk: low
risk: medium
risk: high
External recipient
Contains pricing
Customer facing
Destructive action
Clear
Test decision