Safety Scopes And Governance

Connecting Gmail for a read-only summarizer agent, the operator requests full mail read/write/send scopes.

Request the minimal OAuth scopes the task needs (read-only for a summarizer); avoid write/send/admin scopes unless required. Over-broad scopes expand the damage from any compromise or injection. Verify the configured scope set per integration.

Compliance needs a tamper-evident record of which agent ran which action for which user.

Log every execute with entity_id, action, arguments (secrets redacted), outcome, and timestamp to a durable audit store. The log must be reconstructable per user/action and must not contain credentials. Retain per the compliance policy.

A support agent only ever needs to read tickets and post comments, but the toolset includes delete-ticket and admin actions.

Enforce an action allowlist so the agent can invoke only the approved actions; exclude destructive/admin actions from the toolset entirely. Enforce at the integrator boundary (and confirm whether server-side enforcement is available [REQUIRES-VERIFICATION]) — do not rely on the model to 'choose not…