Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/omnigent-ai/omnigent/llms.txt

Use this file to discover all available pages before exploring further.

Policies are declarative gates that evaluate every agent action at specific enforcement points and return one of three verdicts: ALLOW (the action proceeds), DENY (the action is blocked and the agent receives an error), or ASK (the action is paused for your approval — approved becomes ALLOW, refused becomes DENY). Multiple policies can be active at once; they compose in declaration order, and a DENY from any policy short-circuits the rest.
Session policies evaluate first and can enforce stricter rules than the agent spec or server defaults — a user-level policy can DENY an action before spec or admin policies ever run.

Policy trust levels

Policies are configured at three levels, each serving a different persona.
LevelWho sets itHowEvaluated
Server-wideAdminpolicies block in server config YAML, or REST APILast
Agent specAgent developerpolicies block in agent YAMLMiddle
SessionEnd userSession info panel in the web UI, or chatFirst
Session policies evaluate before spec policies, which evaluate before server-wide policies. This means a session-level DENY short-circuits the rest of the chain.

Configuring server-wide policies

Server-wide policies act as organizational guardrails and apply to every session on the server.
1

Add policies to your server config

# server_config.yaml
policies:
  session_budget:
    type: function
    handler: omnigent.policies.builtins.cost.cost_budget
    factory_params:
      max_cost_usd: 10.00
      ask_thresholds_usd: [5.00]
  global_rate_limit:
    type: function
    handler: omnigent.policies.builtins.safety.max_tool_calls_per_session
    factory_params:
      limit: 200
2

Register any custom policy modules (optional)

If you use policies outside the builtins, register their module paths so they appear in the registry:
# server_config.yaml
policy_modules:
  - myorg_policies
  - github_mcp_policy
3

Start the server

omnigent server --config server_config.yaml
You can also add or remove policies at runtime through the REST API. For example, to create a server-wide policy: 
curl -X POST http://localhost:6767/v1/policies \
  -H "Content-Type: application/json" \
  -d '{
    "name": "global_rate_limit",
    "type": "python",
    "handler": "omnigent.policies.builtins.safety.max_tool_calls_per_session",
    "factory_params": {"limit": 200}
  }'

Adding policies to an agent spec

Policies declared in an agent YAML apply to every session that uses that agent. They are evaluated in declaration order: 
name: github_agent
prompt: You are a coding assistant with access to GitHub.

executor:
  harness: claude-sdk
  model: databricks-claude-sonnet-4-6

tools:
  github:
    type: mcp
    url: https://api.githubcopilot.com/mcp/

policies:
  limit_tool_calls:
    type: function
    handler: omnigent.policies.builtins.safety.max_tool_calls_per_session
    factory_params:
      limit: 100
  github_access:
    type: function
    handler: omnigent.policies.builtins.github.github_policy
    factory_params:
      write_repos:
        - myorg/my-repo
      write_branches:
        - "feature/*"
  google_policy:
    type: function
    handler: omnigent.policies.builtins.google.gdrive_policy
    factory_params:
      read_all: true
      allow_create: true
Each policy entry requires type ("function") and handler (a dotted Python import path). Add factory_params when the handler is a factory that accepts configuration.

Adding policies to a session

Session-level policies let you customize agent behavior for your current task without modifying the spec or server config. There are two ways to add them:
  • Web UI — Open the session’s info panel to browse available policies and toggle them on or off.
  • Chat — Tell the agent directly, for example: “Add a policy that asks me before running shell commands.” The agent uses its built-in sys_add_policy tool to configure it.

Builtin policies

Safety

HandlerDescriptionKey parameters
omnigent.policies.builtins.safety.max_tool_calls_per_sessionDENYs after a total tool-call limit is reachedlimit (int, default 100)
omnigent.policies.builtins.safety.ask_on_os_toolsASKs before any sys_os_read, sys_os_write, sys_os_edit, or sys_os_shell call (and native equivalents)none
omnigent.policies.builtins.safety.block_skillsDENYs loading of specific skills by nameblocked (string[])
omnigent.policies.builtins.safety.enforce_sandboxForces a sandbox configuration on every agent startsandbox_type, allow_network, write_paths, read_paths, env_passthrough
omnigent.policies.builtins.safety.deny_pii_in_llm_requestScans user messages and LLM prompts for PII patternspii_types, action

Cost

HandlerDescriptionKey parameters
omnigent.policies.builtins.cost.cost_budgetASKs at soft thresholds; DENYs tool calls on expensive models once the hard limit is reachedmax_cost_usd, ask_thresholds_usd, expensive_models
omnigent.policies.builtins.cost.user_daily_cost_budgetSame behavior as cost_budget but tracks the session owner’s cumulative spend across all sessions for the current UTC daymax_cost_usd, ask_thresholds_usd, expensive_models

GitHub

HandlerDescriptionKey parameters
omnigent.policies.builtins.github.github_policyControls GitHub access via MCP tools and shell commands; restricts writes to specific repos and brancheswrite_repos, write_branches, read_all, read_repos

Google Workspace

HandlerDescriptionKey parameters
omnigent.policies.builtins.google.gdrive_policyControls Google Drive/Docs/Sheets/Slides accessread_all, allow_create, write_files
omnigent.policies.builtins.google.gmail_policyControls Gmail access — defaults to read + draft, no sendallow_read, allow_send, allow_drafts
omnigent.policies.builtins.google.gcalendar_policyControls Google Calendar access — defaults to read-onlyallow_read, allow_create_events, allow_modify_events

Working directory

HandlerDescriptionKey parameters
omnigent.policies.builtins.working_dir.block_working_dir_changesBlocks cd, pushd, git -C, and git worktree commandsblock_cd, block_worktree, allowed_dirs, action

Routing

HandlerDescriptionKey parameters
omnigent.policies.builtins.routing.deny_trivial_to_expensive_modelClassifies messages as TRIVIAL or COMPLEX and denies trivial tasks from using expensive modelsexpensive_models, classification_prompt

Full YAML examples

cap_calls:
  type: function
  handler: omnigent.policies.builtins.safety.max_tool_calls_per_session
  factory_params:
    limit: 50

Writing a custom policy

A policy is a Python callable that receives a PolicyEvent dict and returns a PolicyResponse dict (or None to abstain). 
from omnigent.policies.schema import PolicyEvent, PolicyResponse

def my_policy(event: PolicyEvent) -> PolicyResponse | None:
    if event["type"] != "tool_call":
        return None  # abstain on non-tool phases
    tool = event["data"]["name"]
    if tool == "dangerous_tool":
        return {"result": "DENY", "reason": "This tool is blocked."}
    return {"result": "ALLOW"}
For policies that need configuration, write a factory — a function that accepts parameters and returns the actual evaluator: 
def block_domains(blocked_domains: list[str]) -> callable:
    blocked = frozenset(d.lower() for d in blocked_domains)

    def evaluate(event: PolicyEvent) -> PolicyResponse | None:
        if event["type"] != "tool_call" or event["target"] != "web_fetch":
            return None
        url = event["data"]["arguments"].get("url", "")
        for domain in blocked:
            if domain in url.lower():
                return {"result": "DENY", "reason": f"Domain {domain} is blocked."}
        return {"result": "ALLOW"}

    return evaluate
The result field is the only required key in the response dict. Valid values are "ALLOW", "DENY", and "ASK". Return None to abstain and let the next policy in the chain evaluate. To make custom policies appear in the UI registry, export a POLICY_REGISTRY list from your module and register the module in the server config under policy_modules.

Builtin policy reference

Full parameter tables, default values, and YAML examples for every builtin policy.

Build docs developers (and LLMs) love

Get started for freeTalk to us