Skip to main content
Policies are coming soon. Talk to us if you’d like early access.
Policies let you move beyond observing what agents do, to actively controlling them. Each policy defines conditions that match tool calls, and an action to take when those conditions are met.

Example policies

Block all writes and deletions on GitHub

A single policy covers the full GitHub surface. No need to enumerate individual tools or API calls.SET CONDITIONSWHEN an agent makes a tool call   IF Integration: GitHub   IF Operation: Write or DeleteACTION Block

Require human approval before deleting a Linear issue

Target a specific tool call for tighter control over high-impact actions.SET CONDITIONSWHEN an agent makes a tool call   IF Integration: Linear   IF Tool: Delete issueACTION Require human approval

Alert when Cursor makes any delete call

Scope a policy to a specific agent without applying the same rule org-wide.SET CONDITIONSWHEN an agent makes a tool call   IF Agent: Cursor   IF Operation: DeleteACTION Alert

Alert when an unsanctioned agent is discovered

Fire the moment a disallowed agent appears in your inventory, before it has made any tool calls.SET CONDITIONSWHEN an agent is discovered   IF Agent review status: DisallowedACTION Alert

Supported integrations

Policies cover both MCP server calls and CLI commands. A policy on Git covers git commit, git push, git clean, and every other git command, regardless of whether the agent invoked it through an MCP server or directly from the CLI.
GitHubAtlassianNotionGoogle DriveGmailLinearDropboxDatadogGit
More integrations are being added. If you need support for a specific one, reach out.

How policies work

Oso maintains a built-in catalog of known tools for each supported integration, with each tool classified by operation type: Read, Write, or Delete. When you write a policy condition, you target an integration and an operation type, and Oso applies it across every tool in that category automatically.

Conditions

Policies are triggered by one of two events. When an agent makes a tool call - match on any combination of tool criteria (integration, call type, name, review status) and agent criteria (name, review status). When an agent is discovered - fires the moment a new agent appears in your inventory, before it has made any tool calls.

Actions

  • Alert - generate an alert and notify via Slack.
  • Block - prevent tool calls from executing, enforced centrally at the network level, regardless of what the agent or user has configured.
  • Require human approval - hold the agent’s request until a designated reviewer approves or denies it.

Get early access

Policies are in active development. Reach out to get involved in the early access program.