Skip to main content

Agents

Agents are autonomous systems that:
  • Ingest unstructured context
  • Decide which actions to take and tools to invoke based on context
  • Operate within a session, maintaining context across multiple steps
  • Participate in workflows with scoped responsibilities and permissions

Tools

Tools represent concrete, side-effecting capabilities an agent can invoke. Tools:
  • Define what actions an agent is capable of performing (for ex. creating or updating tickets, reading or writing records, posting messages to external systems)
  • Are invoked explicitly at runtime
  • Are individually authorized and audited

Actions

An action is a single invocation of a tool by an agent. Actions:
  • Are evaluated independently
  • Carry full execution context
  • Produce observable effects
All authorization, auditing, and risk analysis is centered on actions.

Workflows

A workflow is a sequence of agent decisions and actions that accomplish a task. Workflows may:
  • Span multiple agents
  • Branch or retry
  • Accumulate risk across steps
Oso for Agents treats workflows as inspectable objects.

Automated Least Privilege

Static roles do not scale to agent behavior. Agents operate probabilistically, execute actions at high concurrency, and may select tools or parameters in unexpected ways. Oso for Agents enforces least privilege based on observed execution, rather than relying solely on prompts or static configuration. Permissions are evaluated deterministically at each action and can be narrowed as behavior becomes clearer over time. Least privilege is achieved through:
  • Explicit tool boundaries
  • Action-level authorization
  • Continuous observation of agent access patterns