← Back to Settings

Tool Security

Fine-grained controls over what agents' tools can access — file paths, network endpoints, and shell commands.

On This Page

Path Sandbox

Restricts which file system paths agents can read from and write to. Prevents agents from accessing sensitive system files or other users' data.

SettingDescription
EnableToggle path sandboxing
Allowed PathsDirectories agents can access (e.g., /home/agent/workspace, /tmp)
Blocked PathsDirectories that are always blocked (e.g., /etc/shadow, ~/.ssh)
Default behavior: When disabled, agents can access any file the server process has permissions for. Enable sandboxing in production to enforce least-privilege file access.

SSRF Protection

Prevents Server-Side Request Forgery — agents making network requests to internal services, cloud metadata endpoints, or private IP ranges.

SettingDescription
EnableToggle SSRF protection
Block Private IPsBlock requests to 10.x.x.x, 172.16.x.x, 192.168.x.x, 127.x.x.x
Block Cloud MetadataBlock requests to 169.254.169.254 (AWS/GCP metadata endpoint)
Allowed Internal HostsInternal hosts that agents ARE allowed to reach (exceptions to the block rules)
Critical for cloud deployments: Without SSRF protection, a compromised agent could query the cloud metadata endpoint to steal IAM credentials, access tokens, and instance identity documents.

Command Sanitizer

Controls which shell commands agents can execute via the exec tool.

SettingDescription
EnableToggle command sanitization
ModeBlocklist (block specific commands) or Allowlist (only allow specific commands)
Blocked CommandsCommands agents cannot run: rm -rf, shutdown, reboot, mkfs
Allowed CommandsIn allowlist mode, only these commands can be executed

Audit Logging

Log all tool usage with optional API key redaction. Provides a trail of every tool invocation for forensics and compliance.

SettingDescription
EnableToggle tool audit logging
Redact API KeysAutomatically redact API keys, tokens, and passwords from log entries

Rate Limiting

Limits how frequently agents can invoke tools. Prevents runaway loops and resource exhaustion.

SettingDescription
EnableToggle tool rate limiting
Calls per MinuteMax tool calls per agent per minute
Calls per HourMax tool calls per agent per hour

Circuit Breaker

Automatically disables tools that are failing repeatedly. Prevents agents from wasting tokens retrying broken operations.

SettingDescription
EnableToggle circuit breaker
Failure ThresholdNumber of consecutive failures before a tool is disabled
Recovery TimeHow long before the tool is re-enabled for retry

Telemetry

Collect anonymous usage metrics for tool performance monitoring.

SettingDescription
EnableToggle telemetry collection
MetricsTool call counts, latency percentiles, error rates

Related Pages

AgenticMail Enterprise Documentation Report an issue