Skip to content

Assistant governance

Tool permissions, budgets, and quiet hours for an individual assistant.

Available on
  • Desktop
  • Web Portal

Each assistant has its own governance settings: which tools it can use, how much it’s allowed to spend, and when it’s allowed to wake. These layer on top of the global tool rules and any organization-wide rules.

Tool permissions

Each tool the agent might call has one of three verdicts: Allow, Ask, or Deny. These verdicts are configured through Glueprint’s governance system, which composes the final answer for any given tool call.

Common patterns:

  • A “researcher” assistant: deny bash, allow read-only file tools.
  • A “deployer” assistant: allow kubectl get, ask on kubectl apply, deny rm -rf.
  • An “infrastructure-watch” assistant on a CLI daemon: allow routine reads, ask on writes outside the workbench.

How rules compose

For any given tool call, Glueprint resolves the final verdict by layering rules in this order:

  1. Organization rules (set by your administrator).
  2. Global rules (account-wide defaults).
  3. Team-level overrides (if the assistant is on a team).
  4. Project-level overrides (if the working directory is associated with a specific project).
  5. Per-assistant rules.

Later layers refine earlier ones. The result is the assistant’s effective permissions for the call. Pure deny verdicts in any layer block the call; the lowest layer that returns Allow or Ask wins.

Token budget

You can cap how many tokens an assistant is allowed to consume per day or per week. When the budget hits, the assistant stops accepting new wakes for the period and posts a note in chat.

Set the budget on the assistant’s Settings: there are separate daily and weekly limits.

Quiet hours

Quiet hours are time windows when the assistant won’t wake, even if a routine fires. Use this to keep an assistant from working overnight, or from sending you notifications on weekends.

Pick a start time and an end time. The window wraps midnight if the end is earlier than the start. If a routine would fire during quiet hours, it’s deferred until the next allowed window.

On the portal

The portal exposes the same per-assistant settings on the assistant detail view. Organization-wide governance lives in Settings > Governance at the account level; that page is admin-only.

On mobile

Mobile lets you change the daily/weekly token budget and the quiet-hours window. The detailed tool permission rules are managed on desktop or portal.

PreviousExtensions
NextSessions started by an assistant