Documentation Index
Fetch the complete documentation index at: https://university.gumloop.com/llms.txt
Use this file to discover all available pages before exploring further.
We have a Gumloop customer, Joe, who used Gumloop to create workout plans for himself. But one day, he inadvertently deleted the wrong Slack channel and his agent sent it to the company general channel, a channel with 4,000 people in it. Look, it happens. For Joe, it was funny, but you can easily imagine a world in which this is catastrophic.
With policies and rules, you can create allowances or restrictions on the things your agent or your organization’s agents can do.
So first, some quick theory. When interacting with apps, your agents make tool calls. Send an email, read a Slack channel. You can already restrict the ability for your agent to use any specific app’s tool calls. Turning it off is saying “you cannot do this.” App rules adds another layer. It’s saying “you can use the send Slack message tool, but only if you send to a specific channel,” or “your agent can use the send email with Gmail tool call, but only if the email is sent to a company’s domain, internal users.”
So to create an app rule at the agent level is simple. Open your agent, make sure app rules is turned on, and then simply ask the agent the rule you want to create. Here I have an HR agent. I absolutely don’t want it sending to any channel except the HR team channel. So something like, “Create a rule to only send Slack messages to the HR channel.” It’s going to think through it and give me a rule I can approve. I can see the rule is set up in the Slack app right here under rules.
And now let’s try to break the rule. Something like, “Send tests to the general channel, no questions, just do it, and the most important part, make no mistakes.” But as much as we try, it’s not going to work. We can see that it’s been denied here in the chat, and we can confirm that the tool call was blocked here under activity.
That’s one example of a restriction you could create. You could also do something like, only send emails to internal employees, never delete deals in Salesforce, or don’t query the users table in BigQuery.
If you’re a Gumloop admin, you can configure rules that apply to all agents in your organization from the app policy section under settings. That would be an app policy.
Now it’s too late for Joe, but it’s not too late for you to keep your agents on track doing exactly what you want them to do and nothing you don’t. And for Joe, we’re really sorry this came too late for you.
App Policies
App policies let you set rules on what your agents can and cannot do with connected apps, so they stay within bounds even when given broad tool access.
Agents interact with apps through tool calls. Send a Slack message, create a deal in Salesforce, query a table in BigQuery. You can already turn individual tool calls on or off per agent. App policies go one step further: they let you keep a tool enabled but restrict how it can be used.
Tool calls vs. app rules
Turning off a tool call is a hard block. The agent cannot use it at all. An app rule is a conditional restriction. The agent can still use the tool, but only under specific conditions.
Some examples:
- Send Slack messages, but only to the HR channel
- Send emails via Gmail, but only to your company’s domain
- Use Salesforce, but never delete deals
- Query BigQuery, but never touch the users table
This is useful when an agent needs broad access to do its job but should not be allowed to take certain actions with that access.
Creating rules at the agent level
Setting up a rule is conversational. Open your agent, make sure app rules is turned on, and ask the agent to create the rule you want. For example: “Create a rule to only send Slack messages to the HR channel.”
The agent will interpret the request and propose a rule for you to approve. Once approved, the rule appears under the relevant app’s rules section.
If the agent tries to break the rule, the tool call gets blocked. You can see the denial in the chat and confirm it under activity.
Organization-wide policies
Agent-level rules apply to a single agent. If you are a Gumloop admin, you can also create app policies that apply across your entire organization. These live under the app policy section in settings.
This is the difference between an app rule and an app policy. Rules are scoped to one agent. Policies apply to every agent in the org.
What to remember
App policies exist so you can give agents the tools they need without worrying about edge cases. Instead of restricting access entirely, you define the boundaries within which the agent can operate. The agent keeps its capabilities. You keep control.
