AI Risk Engine
Tool execution guardrails, approval history, and analytics
Guardrail Tier Matrix
Auto-Execute (Read-Only)
Read-only operations that execute automatically without any approval or logging overhead.
Query Devices— Search and filter devices
Get Device Details— Get comprehensive device info
Analyze Metrics— Time-series metrics analysis
Get Active Users— Active user sessions
Get User Experience Metrics— Login performance and session trends
Manage Alerts (List/Get)— View alerts
Get Security Posture— Security posture scores
Query Audit Log— Search audit logs
Analyze Disk Usage— Filesystem analysis
File Operations (List/Read)— List and read files
Disk Cleanup (Preview)— Preview cleanup candidates
Auto-Execute + Audit
Low-risk mutations that execute automatically but are logged to the audit trail.
Manage Alerts (Acknowledge)— Acknowledge alerts
Manage Alerts (Resolve)— Resolve alerts
Manage Services (List)— List services on device
Requires Approval
Destructive or mutating operations that require explicit user approval before execution.
Execute Command— Execute system commands on device
Run Script— Run scripts on up to 10 devices
Manage Services (Start/Stop/Restart)— Mutate device services
Security Scan (Quarantine/Remove/Restore)— Threat management actions
File Operations (Write/Delete/Mkdir/Rename)— Mutate files on device
Disk Cleanup (Execute)— Execute disk cleanup
Create Automation— Create automation rules
Network Discovery— Network discovery scan
Blocked
Operations that are never allowed, such as cross-organization data access.
Cross-Org Access— Any operation targeting resources outside the current organization
Tool Execution Analytics
Tier 3 Approval History
Rate Limit Configuration
Execute Command
devices.execute
Run Script
scripts.execute
Security Scan
devices.execute
Network Discovery
devices.execute
Create Automation
automations.write
File Operations
devices.execute
Manage Services
devices.execute
Analyze Disk Usage
devices.read
Disk Cleanup
devices.execute