Prevent Unrestricted Tool Access with Smart Agent Governance

Move beyond “all or nothing” tool access with Agent Constraints – intelligent IF-THEN policies that provide precise control over agent autonomy and prevent unrestricted tool access in your organization’s systems. Balance productive agent autonomy with security through conditional, context-aware restrictions.Why Agent Constraints?
  • Conditional Logic: Define precise conditions under which tools can be used
  • Flexible Actions: AUDIT or BLOCK tool usage based on context
  • Defense in Depth: Works alongside guardrails for comprehensive protection
  • Enterprise-Grade: Immediate policy enforcement with detailed compliance tracking

How Agent Constraints Work

Agent Constraints introduce intelligent pre-execution policies that evaluate conditions before allowing tool usage. These policies can help you prevent excessive agency by AI agents while maintaining your operational workflows. Policy Constraints can be defined on a Tool Definition or specific parameters.

Policy Actions

AUDIT

Log and monitor tool usage for compliance tracking.

BLOCK

Prevent unauthorized tool executions entirely.

Common Policy Examples

  • Email Security - Constrain all Email Tool calls to addresses outside of your organization’s domain.
  • Database Protection - Prevent SQL query executions for database INSERT and DROP statements.
  • File System Protection - Disallow agents from updating file content
  • Compliance Monitoring - Audit all tool calls that involve customer-facing accounts
  • Data Access Management - Constrain CRM Queries to specific non-sensitive tables

Setting Up Agent Constraints

1

Access Agent Constraints

  • Navigate to Agent Constraints in your left navigation menu under Runtime Security
  • Click “New Policy” to start building
2

Define Scope

  • Choose scope: All Projects, Specific Projects, or an AI Gateway
3

Define IF Conditions

  • Select tools: Which tools this policy applies to. As you start typing tool names, auto-complete will list the available tools in your selected scope.
  • Set parameters: Define the specific parameter conditions that trigger the policy.
4

Set Action

  • AUDIT: Log executions for monitoring and compliance
  • BLOCK: Prevent execution entirely
5

Apply and Monitor

  • Save and activate your policy (takes effect immediately)
  • Monitor violations in Agent Constraint Enforcements feed
  • Adjust as needed based on usage patterns and feedback
Getting Started: Begin with AUDIT policies to understand tool usage patterns before implementing BLOCK actions. This helps you fine-tune policies without disrupting workflows.

Tracking Policy Violations

Navigate to Feeds in your left menu, select Agent Constraint Enforcement, then use the top filters to refine your view. You can investigate individual records to see more details about a specific policy and the user that triggered the violation.