Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.visiqlabs.com/llms.txt

Use this file to discover all available pages before exploring further.

Controls what your agents can do. Every tool call passes through policy evaluation before executing — permit, deny, or route to a human for approval. There is no additional code beyond the visiq() call shown in the Quickstart.

How ALLOW intercepts tool calls

When visiq() wraps your executor, it installs a LangChain callback handler that fires at handleToolStart — before any tool function body runs. The flow:
  1. Agent decides to call a tool (e.g., issue_refund with { amount: 500 })
  2. ALLOW evaluates the tool name + arguments against a locally cached rule bundle
  3. Permit — tool runs normally, agent receives the result
  4. Deny — tool call is blocked, agent sees [VisIQ] Blocked: <reason>
  5. Approval required — agent pauses, a human approves or rejects in the dashboard, then execution resumes
Rule bundles are compiled OPA/Rego policies synced from the ALLOW backend. Evaluation is local and sub-millisecond — no network round-trip on the hot path.

Key concepts

Rules

Define what each agent can and cannot do. Write rules in natural language (ALLOW compiles to Rego) or raw Rego directly. Conditions match on tool name, arguments, agent ID, and custom metadata.

Human-in-the-Loop

Route sensitive tool calls to humans for real-time approval. The agent pauses until a decision is made in the dashboard queue. Configurable timeouts and notification channels.

Audit trail

Every decision is logged with agent ID, tool name, arguments, rule matched, and outcome. Immutable and queryable via the API.

Fail-closed

If the backend is unreachable and no cached decision exists, the call is denied. ALLOW never silently permits an unevaluated tool call.

Three modes

ModeBehavior
enforceBlock denied tool calls, route HITL actions to humans (default)
auditEvaluate and log all decisions but always permit — safe for rollout
offBypass ALLOW entirely — all tool calls proceed without evaluation
Start with audit mode. Observe what tools your agent reaches for, build rule coverage from real traffic, then switch to enforce.

Next steps

Rules

Define what your agents can and cannot do.

Human-in-the-Loop

Route sensitive actions to humans for approval.

API Reference

REST API for rules, decisions, agents, and audit log.

SDK Reference

Complete visiq() API — options, framework detection, error behavior.