Policy Actions
Every policy has an action that determines what happens when its rules match a tool call.
Allow
Auto-approve the tool call immediately without user intervention.
When to Use
- Whitelisting known-safe operations
- Speeding up common workflows
- Overriding more restrictive default policies
Example Use Cases
# Allow reading any file in the project
tool_name equals "Read"
AND
tool_input.file_path starts_with "/Users/dev/myproject"
→ Action: Allow
# Allow git status and log commands
tool_name equals "Bash"
AND
tool_input.command matches "^git (status|log|diff|branch)"
→ Action: Allow
Note
Allow policies are useful for creating "fast paths" through operations you trust completely.
Deny
Block the tool call entirely. The agent receives an error message.
When to Use
- Blocking dangerous operations
- Protecting sensitive files
- Enforcing security boundaries
Deny Messages
You can provide a custom message that explains why the action was denied:
Action: Deny
Message: "Destructive operations on production data are not allowed.
Please use the staging environment instead."
Example Use Cases
# Block force pushes
tool_name equals "Bash"
AND
tool_input.command contains "push"
AND
tool_input.command contains "--force"
→ Action: Deny
→ Message: "Force pushing is disabled. Please use regular push."
# Block access to credentials
tool_input.file_path matches "\.(pem|key|credentials)$"
→ Action: Deny
→ Message: "Access to credential files is not permitted."
Warning
Use Deny carefully. Overly restrictive policies can block legitimate work. Consider using Ask first to understand usage patterns.
Ask
Pause the tool call and wait for manual approval via the dashboard.
When to Use
- Operations that need human review
- Learning what your agents are doing
- High-risk but sometimes necessary operations
The Approval Flow
- Agent makes a tool call
- Policy matches with Ask action
- Request appears in your dashboard
- You review the details and approve or deny
- Agent continues or receives denial
Example Use Cases
# Review all file deletions
tool_name equals "Bash"
AND
tool_input.command contains "rm"
→ Action: Ask
# Review changes to CI/CD config
tool_input.file_path matches "\.(yaml|yml)$"
AND
tool_input.file_path contains ".github"
→ Action: Ask
Tip
Ask is the safest default for new policies. It lets you observe and learn before committing to Allow or Deny.
Choosing the Right Action
| Scenario | Recommended Action |
|---|---|
| Known-safe, frequent operations | Allow |
| Known-dangerous, never allowed | Deny |
| Uncertain, needs review | Ask |
| Learning agent behavior | Ask |
| Production-critical changes | Ask or Deny |
| Development convenience | Allow |
Priority Interaction
Remember that policies are evaluated in priority order. A high-priority Allow can override a lower-priority Deny:
Priority 100: Allow tool_name="Read" (always allow reads)
Priority 50: Deny tool_input.file_path contains "secret"
In this case, reading a file with "secret" in the path would be allowed because the higher priority Allow policy matches first.
Warning
Be careful with high-priority Allow policies. They can inadvertently bypass security rules.
Next Steps
- How Policies Work - Understanding evaluation flow
- Rule Conditions - Building effective rules