Permissions & Policies

Agents get scopes, not
the keys to everything

govern.sh evaluates every tool call against policy before it executes. Grant the exact actions each agent needs, cap what it can spend, and let the Policy Enforcement Point deny the rest — in single-digit milliseconds.

Scoped access

Least privilege, per agent, per tool

Replace the god-mode API key with a matrix your security team can actually read. Every agent gets an explicit grant for every tool — allow, deny, or require approval — and anything not granted is denied by default.

Default deny — an agent can only do what a policy explicitly grants

Grants scoped to actions and amounts, not whole APIs — refund up to $500, never charge

Change a grant once and it applies fleet-wide on the very next call

StripeGmailPostgresSlackGitHub
Atlas
Ledger Ops
Helpdesk
Deploy
Allow Approval Denied
payments-guardrail.yml
1policy: payments-guardrail
2applies_to: refund-agent
3rules:
4 - action: stripe.refund
5 max_amount: $500
6 require_approval: amount > $250
7 - action: db.write
8 scope: orders.refunds only
9audit: signed_receipt(ed25519)
Policy as code

Reads like English, enforces like infrastructure

Policies live in version control next to the agents they govern. Nine lines declare what an agent may touch, how much it may spend, and when a human signs off — and the engine compiles them to real-time enforcement.

Declarative policies your whole team can review — shipped through the same PR flow as any other code

Versioned history, so you always know exactly which policy governed any past action

Approval thresholds route high-stakes calls to a human automatically — no extra glue code

Enforcement

A gate on the hot path that never becomes the bottleneck

The Policy Enforcement Point sits between your agents and their tools, evaluating every call before it executes — as a lightweight sidecar or an in-process SDK call.

PEP
Policy Engine

In-line, not after the fact

Enforcement happens on the call path. A denied action is a prevented action — not a finding in next week's log review.

Decision latency
8.40ms
−92.4% (103.2ms)
1,218 decisions · last 22 days

Sub-10ms decisions

Median policy decisions land in 8.4ms and keep getting faster. Your agents will not notice the gate — until it saves them.

Blocked before the API call

Denied actions never reach the provider — no rollbacks, no cleanup scripts, no incident channel at 2am.

Spend caps built in

Budgets evaluate inside the same decision, so a runaway loop stops at the cap — not on the invoice.

Every verdict signed

Allow, deny, or hold — each decision lands in the audit trail as a chained, Ed25519-signed receipt.

Give your agents scopes, not secrets.

Write your first policy in nine lines and watch it enforce on the very next call. Free for your first three agents.