See the blast radius before you ship
Every tool, data source, and action an agent can reach is visualized on a single canvas. Tighten scope with clicks; policy-as-code is generated behind the scenes.
The hardest thing to audit about an agent is what it could do, not what it did. Visual permission scoping flips the problem: the full reachable surface is rendered on one screen, and narrowing it is a visual operation anyone can review — not a YAML file only platform engineers read.
How scoping works
- 01
Render the reachable set
Studio traces every tool the agent could call, every data source it could read, every action it could commit.
- 02
Narrow with intent
Click to remove anything the agent doesn't need. Studio regenerates the policy and explains the change.
- 03
Lock and review
Scope is reviewed like a config change — diffable, signable, and attached to the agent's deploy artifact.
Capabilities
Least-privilege default
New agents start with nothing. Every grant is explicit and visible.
Change diffs
Scope changes produce a clean before/after diff for security review — no hunting through YAML.
Reviewer mode
Security teams can review scope without deploy permissions, approving changes in-line.
Drift detection
When an agent's actual tool use drifts from its declared scope, the delta is flagged as an anomaly.