Skip to main content

Overview

The gateway enforces security policies that control what the agent can do. This includes sandboxing command execution, restricting tool access, and requiring user approval for dangerous operations.

Security Modes

All tools are available with no approval required. Suitable for trusted environments where the agent has full system access.
{
  "agents": {
    "defaults": {
      "security": {
        "mode": "unrestricted"
      }
    }
  }
}

Tool Policies

Fine-grained control over individual tools: 
{
  "agents": {
    "defaults": {
      "toolPolicies": {
        "exec": {
          "mode": "approval-required",
          "blockedPatterns": ["rm -rf", "sudo", "chmod 777"],
          "allowedPaths": ["/Users/sem/projects/"]
        },
        "browser": {
          "mode": "allowed",
          "blockedDomains": ["banking.example.com"]
        },
        "memory_store": {
          "mode": "allowed"
        }
      }
    }
  }
}

Policy Modes

ModeBehavior
allowedTool executes without approval
approval-requiredUser must approve each use
blockedTool is not available

Exec Approval Flow

When the agent requests a command that requires approval:
1

Command displayed

The command is displayed to the user (in dashboard or channel)
2

User reviews

User reviews the command
3

User decides

User approves or rejects
4

Execution or alternative

If approved, the command executes normally. If rejected, the agent is informed and can try an alternative.

Gateway Authentication

Without authentication, anyone with network access to the gateway port can send messages to your agent. Always enable auth for production deployments.
{
  "gateway": {
    "auth": {
      "enabled": true,
      "token": "your-secret-token"
    }
  }
}

Recommendations

Personal use

Sandboxed mode with approval for destructive commands

Team use

Sandboxed mode with restricted paths

Customer-facing

Locked mode with only safe tools

Development

Unrestricted mode for rapid iteration