Agent governance
Developer control plane for policies, metering, and activity history.
Workspace: Local workspaceRole: AdminWelcome Preview

Who this applies to

Name, agents, and environments
Stable name for audit records and the policy list.
Comma-separated names or selectors. Blank = tenant-wide.
01 · Pre-flight

Can this agent run? Checked before execution begins.

Tools

0 allow · 0 review · 1 deny

Everything not marked Allow or Review is denied by default. Review tools pause for a human before they run.

Tool
Allow
Review
Deny
Remove
delete_research_data

Models

Which LLMs this policy permits
All 7 models allowed
Select which models this policy permits. Leaving all unchecked denies every model request.
02 · In-flight

Is this action safe and worth it? Checked on every tool call.

Guardrails

Prompt and payload checks on every governed call
03 · Post-flight

Can we explain and improve it? Tracks behavior and feeds back into pre-flight.

Privilege de-escalation

Auto-tighten access when an agent misbehaves
After this many token-overage strikes, all tools require human review until an operator resets the agent.
Cancel