ArgentOSDocs

Gateway Security

Sandboxing, tool policies, and exec approval workflows.

Overview

The gateway enforces security policies that control what the agent can do. This includes sandboxing command execution, restricting tool access, and requiring user approval for dangerous operations.

Security Modes

Unrestricted

All tools are available with no approval required. Suitable for trusted environments where the agent has full system access.

{
  "agents": {
    "defaults": {
      "security": {
        "mode": "unrestricted"
      }
    }
  }
}

Sandboxed (Default)

Tools are available but dangerous operations require user approval. This is the recommended mode for most deployments.

{
  "agents": {
    "defaults": {
      "security": {
        "mode": "sandboxed"
      }
    }
  }
}

Locked

Only safe tools (memory, tasks) are available. Command execution and browser are disabled. Suitable for customer-facing agents.

{
  "agents": {
    "defaults": {
      "security": {
        "mode": "locked"
      }
    }
  }
}

Tool Policies

Fine-grained control over individual tools:

{
  "agents": {
    "defaults": {
      "toolPolicies": {
        "exec": {
          "mode": "approval-required",
          "blockedPatterns": ["rm -rf", "sudo", "chmod 777"],
          "allowedPaths": ["/Users/sem/projects/"]
        },
        "browser": {
          "mode": "allowed",
          "blockedDomains": ["banking.example.com"]
        },
        "memory_store": {
          "mode": "allowed"
        }
      }
    }
  }
}

Policy Modes

ModeBehavior
allowedTool executes without approval
approval-requiredUser must approve each use
blockedTool is not available

Exec Approval Flow

When the agent requests a command that requires approval:

  1. The command is displayed to the user (in dashboard or channel)
  2. User reviews the command
  3. User approves or rejects
  4. If approved, the command executes normally
  5. If rejected, the agent is informed and can try an alternative

Gateway Authentication

Protect the WebSocket API from unauthorized access:

{
  "gateway": {
    "auth": {
      "enabled": true,
      "token": "your-secret-token"
    }
  }
}

Without authentication, anyone with network access to the gateway port can send messages to your agent.

Recommendations

  • Personal use: Sandboxed mode with approval for destructive commands
  • Team use: Sandboxed mode with restricted paths
  • Customer-facing: Locked mode with only safe tools
  • Development: Unrestricted mode for rapid iteration

Heartbeat System

Periodic agent wake-ups for autonomous task work and proactive check-ins.

Remote Access

Access your ArgentOS gateway remotely via Tailscale, SSH tunnels, or reverse proxies.

On this page

OverviewSecurity ModesUnrestrictedSandboxed (Default)LockedTool PoliciesPolicy ModesExec Approval FlowGateway AuthenticationRecommendations