Zum Inhalt springen
NeoXamAgents

How to set tool policies and permissions

Declare allow, ask, or deny per tool, and control network egress per environment.

Every tool an agent declares carries one of three policies. Allow executes without interruption. Ask pauses the run for an explicit human approval. Deny blocks the tool entirely — the agent cannot call it.

Safe defaults for sensitive actions

Irreversible side effects — posting a message, creating a ticket, sending an email, running shell commands — default to ask or deny. Setting allow on a sensitive tool requires a written rationale, and that requirement is enforced when the change is reviewed in the Catalog.

Beta

The ask pause flow ships with the V1 Beta. The runtime today enforces allow-only: it executes allow-listed tools and refuses anything else.

Environments control the network

Each agent runs in a declared environment that sets its network egress policy — unrestricted, limited to an allowlist of hosts, or fully offline — and its pre-installed packages. Environments are referenced from the descriptor and auditable in the Catalog.

Changing a policy

Policies live in the agent's descriptor, so changes follow the same governed path as any other change: a reviewed pull request on the Catalog, with evals re-run before the new version serves.

Still stuck?

Tell us what you were trying to do and where it failed — screenshots and run IDs help. A human follows up.