Skip to main content
Tool policies are per-tool rules that control how your agent behaves when it wants to take an action. Every tool the agent has access to has a policy, and the policy is enforced server-side—the agent cannot bypass it.

The four policy values

The agent runs the tool without asking anyone first. Use this for safe, read-only operations where you’re comfortable with the agent acting autonomously—for example, looking up a user’s profile or listing group memberships.
The agent proposes the action and waits for a technician to approve or deny it before proceeding. The approval request is sent through your connected ticketing or messaging integration (Jira comment, ConnectWise ticket note, Slack DM, etc.). Use this for write operations like adding a user to a group, creating an account, or sending an email.
The tool is completely unavailable to the agent. It won’t appear in the agent’s skill set, and any attempt to call it is rejected. Use this for tools you never want the agent to use, such as destructive operations like deleting users or accounts.

How to set policies

Policies are configured on each integration’s detail page — there is no separate Policies tab. Open MSP Settings → Integrations and click into a connected integration. The detail page lists every tool the integration provides with a policy selector next to each one. For each tool, select the policy you want from the dropdown. Changes are saved when you click Save and are pushed to the agent’s configuration automatically.
Start conservative: review the defaults after connecting a new integration, and set any unfamiliar write operations to approval_needed until you’re confident in the agent’s behavior.

Manager approval

For tools set to approval_needed, you can optionally also require manager approval. When Manager Approval is enabled on a specific tool:
  1. A technician approval request is created (as always for approval_needed tools).
  2. A linked manager approval request is also created.
  3. Both the technician and the requester’s manager must approve before the agent executes the action.
This is useful for high-impact operations like provisioning admin accounts or granting access to sensitive systems. Enable it per-tool on the integration’s detail page by toggling the Manager Approval switch alongside the policy dropdown.

Default policies

When you first connect an integration, policies are seeded automatically for every tool that integration provides. The seeding logic uses a combination of explicit annotations and verb analysis to classify each tool:
Tool typeDefault policy
Read operations (get, list, search, fetch)auto
Write operations (create, update, delete, add, send, reset)approval_needed
These are starting points. You should review them and adjust based on your clients’ requirements and risk tolerance.
Policy enforcement is hard—it happens in the backend before any API call is made. The agent cannot work around a policy by rephrasing a request or calling a tool indirectly.