> ## Documentation Index
> Fetch the complete documentation index at: https://www.osohq.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Policies

> Define rules that control what AI agents are allowed to do across your organization.

<Note>
  Policies are coming soon. Talk to us if you'd like early access.
</Note>

Policies let you move beyond observing what agents do, to actively controlling them. Each policy defines conditions that match tool calls, and an action to take when those conditions are met.

## Example policies

<CardGroup cols={1}>
  <Card title="Block all writes and deletions on GitHub" icon="ban">
    A single policy covers the full GitHub surface. No need to enumerate individual tools or API calls.

    **SET CONDITIONS**

    <span style={{display:"inline-block",backgroundColor:"#f3f4f6",border:"1px solid #e5e7eb",borderRadius:"9999px",padding:"2px 10px",fontSize:"12px",fontWeight:"600",color:"black"}}>WHEN</span> an agent makes a tool call

       <span style={{display:"inline-block",backgroundColor:"#f3f4f6",border:"1px solid #e5e7eb",borderRadius:"9999px",padding:"2px 10px",fontSize:"12px",fontWeight:"600",color:"black"}}>IF</span> Integration: GitHub

       <span style={{display:"inline-block",backgroundColor:"#f3f4f6",border:"1px solid #e5e7eb",borderRadius:"9999px",padding:"2px 10px",fontSize:"12px",fontWeight:"600",color:"black"}}>IF</span> Operation: Write or Delete

    **ACTION**

    <Icon icon="ban" iconType="solid" /> **Block**
  </Card>

  <Card title="Require human approval before deleting a Linear issue" icon="user-check">
    Target a specific tool call for tighter control over high-impact actions.

    **SET CONDITIONS**

    <span style={{display:"inline-block",backgroundColor:"#f3f4f6",border:"1px solid #e5e7eb",borderRadius:"9999px",padding:"2px 10px",fontSize:"12px",fontWeight:"600",color:"black"}}>WHEN</span> an agent makes a tool call

       <span style={{display:"inline-block",backgroundColor:"#f3f4f6",border:"1px solid #e5e7eb",borderRadius:"9999px",padding:"2px 10px",fontSize:"12px",fontWeight:"600",color:"black"}}>IF</span> Integration: Linear

       <span style={{display:"inline-block",backgroundColor:"#f3f4f6",border:"1px solid #e5e7eb",borderRadius:"9999px",padding:"2px 10px",fontSize:"12px",fontWeight:"600",color:"black"}}>IF</span> Tool: Delete issue

    **ACTION**

    <Icon icon="user-check" iconType="solid" /> **Require human approval**
  </Card>

  <Card title="Alert when Cursor makes any delete call" icon="bell">
    Scope a policy to a specific agent without applying the same rule org-wide.

    **SET CONDITIONS**

    <span style={{display:"inline-block",backgroundColor:"#f3f4f6",border:"1px solid #e5e7eb",borderRadius:"9999px",padding:"2px 10px",fontSize:"12px",fontWeight:"600",color:"black"}}>WHEN</span> an agent makes a tool call

       <span style={{display:"inline-block",backgroundColor:"#f3f4f6",border:"1px solid #e5e7eb",borderRadius:"9999px",padding:"2px 10px",fontSize:"12px",fontWeight:"600",color:"black"}}>IF</span> Agent: Cursor

       <span style={{display:"inline-block",backgroundColor:"#f3f4f6",border:"1px solid #e5e7eb",borderRadius:"9999px",padding:"2px 10px",fontSize:"12px",fontWeight:"600",color:"black"}}>IF</span> Operation: Delete

    **ACTION**

    <Icon icon="bell" iconType="solid" /> **Alert**
  </Card>

  <Card title="Alert when an unsanctioned agent is discovered" icon="triangle-exclamation">
    Fire the moment a disallowed agent appears in your inventory, before it has made any tool calls.

    **SET CONDITIONS**

    <span style={{display:"inline-block",backgroundColor:"#f3f4f6",border:"1px solid #e5e7eb",borderRadius:"9999px",padding:"2px 10px",fontSize:"12px",fontWeight:"600",color:"black"}}>WHEN</span> an agent is discovered

       <span style={{display:"inline-block",backgroundColor:"#f3f4f6",border:"1px solid #e5e7eb",borderRadius:"9999px",padding:"2px 10px",fontSize:"12px",fontWeight:"600",color:"black"}}>IF</span> Agent review status: Disallowed

    **ACTION**

    <Icon icon="bell" iconType="solid" /> **Alert**
  </Card>
</CardGroup>

## Supported integrations

Policies cover both MCP server calls and CLI commands. A policy on Git covers `git commit`, `git push`, `git clean`, and every other git command, regardless of whether the agent invoked it through an MCP server or directly from the CLI.

<div style={{display: "flex", flexWrap: "wrap", gap: "24px", alignItems: "center", margin: "16px 0"}}>
  <img src="https://mintcdn.com/osoinc/cYMS27IAOLqEra6m/images/integrations/logos/github.svg?fit=max&auto=format&n=cYMS27IAOLqEra6m&q=85&s=77274203c0a609d364de7b62671ab03b" style={{height: "40px", width: "40px", backgroundColor: "white", borderRadius: "6px", padding: "4px"}} alt="GitHub" title="GitHub" width="16" height="16" data-path="images/integrations/logos/github.svg" />

  <img src="https://mintcdn.com/osoinc/cYMS27IAOLqEra6m/images/integrations/logos/atlassian.svg?fit=max&auto=format&n=cYMS27IAOLqEra6m&q=85&s=f9f864faf4a385f16244d260bbd06c2e" style={{height: "40px", width: "40px", backgroundColor: "white", borderRadius: "6px", padding: "4px"}} alt="Atlassian" title="Atlassian" width="48" height="48" data-path="images/integrations/logos/atlassian.svg" />

  <img src="https://mintcdn.com/osoinc/cYMS27IAOLqEra6m/images/integrations/logos/notion.svg?fit=max&auto=format&n=cYMS27IAOLqEra6m&q=85&s=fd9dbb50de02dcae11b91f6bd7e1ced9" style={{height: "40px", width: "40px", backgroundColor: "white", borderRadius: "6px", padding: "4px"}} alt="Notion" title="Notion" width="800" height="800" data-path="images/integrations/logos/notion.svg" />

  <img src="https://mintcdn.com/osoinc/cYMS27IAOLqEra6m/images/integrations/logos/google_drive.png?fit=max&auto=format&n=cYMS27IAOLqEra6m&q=85&s=ddfc6d631ad0563da8a9e25ad3a227ac" style={{height: "40px", width: "40px", backgroundColor: "white", borderRadius: "6px", padding: "4px"}} alt="Google Drive" title="Google Drive" width="330" height="295" data-path="images/integrations/logos/google_drive.png" />

  <img src="https://mintcdn.com/osoinc/cYMS27IAOLqEra6m/images/integrations/logos/gmail.png?fit=max&auto=format&n=cYMS27IAOLqEra6m&q=85&s=6d7b6e257714c98f355d5d1971d35d55" style={{height: "40px", width: "40px", backgroundColor: "white", borderRadius: "6px", padding: "4px"}} alt="Gmail" title="Gmail" width="330" height="248" data-path="images/integrations/logos/gmail.png" />

  <img src="https://mintcdn.com/osoinc/cYMS27IAOLqEra6m/images/integrations/logos/linear.svg?fit=max&auto=format&n=cYMS27IAOLqEra6m&q=85&s=0171ea09be200893f5ba2be6c19c30ea" style={{height: "40px", width: "40px", backgroundColor: "white", borderRadius: "6px", padding: "4px"}} alt="Linear" title="Linear" width="24" height="24" data-path="images/integrations/logos/linear.svg" />

  <img src="https://mintcdn.com/osoinc/cYMS27IAOLqEra6m/images/integrations/logos/dropbox.svg?fit=max&auto=format&n=cYMS27IAOLqEra6m&q=85&s=7e0be549dc65098502cb3e06c992d304" style={{height: "40px", width: "40px", backgroundColor: "white", borderRadius: "6px", padding: "4px"}} alt="Dropbox" title="Dropbox" width="64" height="64" data-path="images/integrations/logos/dropbox.svg" />

  <img src="https://mintcdn.com/osoinc/cYMS27IAOLqEra6m/images/integrations/logos/datadog.svg?fit=max&auto=format&n=cYMS27IAOLqEra6m&q=85&s=3e25c55e7c6e09f502df0eefd1ad797d" style={{height: "40px", width: "40px", backgroundColor: "white", borderRadius: "6px", padding: "4px"}} alt="Datadog" title="Datadog" width="800" height="800" data-path="images/integrations/logos/datadog.svg" />

  <img src="https://mintcdn.com/osoinc/cYMS27IAOLqEra6m/images/integrations/logos/git.svg?fit=max&auto=format&n=cYMS27IAOLqEra6m&q=85&s=0d24bd80415b17b490ad13d55898b3dd" style={{height: "40px", width: "40px", backgroundColor: "white", borderRadius: "6px", padding: "4px"}} alt="Git" title="Git" width="800" height="800" data-path="images/integrations/logos/git.svg" />
</div>

More integrations are being added. If you need support for a specific one, reach out.

## How policies work

Oso maintains a built-in catalog of known tools for each supported integration, with each tool classified by operation type: **Read**, **Write**, or **Delete**. When you write a policy condition, you target an integration and an operation type, and Oso applies it across every tool in that category automatically.

### Conditions

Policies are triggered by one of two events.

**When an agent makes a tool call** - match on any combination of tool criteria (integration, call type, name, review status) and agent criteria (name, review status).

**When an agent is discovered** - fires the moment a new agent appears in your inventory, before it has made any tool calls.

### Actions

* **Alert** - generate an alert and notify via Slack.
* **Block** - prevent tool calls from executing, enforced centrally at the network level, regardless of what the agent or user has configured.
* **Require human approval** - hold the agent's request until a designated reviewer approves or denies it.

## Get early access

Policies are in active development. Reach out to get involved in the early access program.