Per-tool permissions
Each app exposes a set of tools — the individual actions your assistant can perform (search contacts, send a message, delete a record…). For every tool, per connected account, you choose one of three policies:| Policy | Meaning |
|---|---|
| Allow | The tool runs when needed, without asking |
| Ask every time | Your assistant must get your approval before each use |
| Block | The tool is disabled entirely |
Presets
Rather than setting dozens of tools one by one, apply a preset to the whole account:- Allow read tools — read-only tools run freely; anything that changes data asks first.
- Confirm write actions — ask before tools can change data.
- Block all tools — disable everything, then re-enable just what you want.
- Reset all to defaults — back to the recommended policy.
Approvals in practice
When your assistant hits a tool set to Ask every time, it pauses and asks you before acting — “I’m ready to update these 14 HubSpot records, shall I go ahead?” — and proceeds only on your yes. Every integration action is also recorded, so there’s always an answer to “what did the assistant actually do in that app?”How credentials are handled
- Sign-ins happen with the app itself (OAuth) — the platform never sees your password, and API keys are stored in secure credential storage, not in conversation history.
- Credentials are kept outside prompts entirely: they’re only used at the moment your assistant invokes an allowed tool, and even the code your assistant writes can’t read the raw values.
- Your assistant will never ask you to paste a password or API key into chat, or to read one aloud on a call. Anything sensitive goes through the Integrations tab.