title: "Policies overview" description: "Learn how to define and manage conditional security and usage policies for your MCP gateway."
Policies overview
Policies in AgentLink let you enforce guardrails that control how AI agents interact with your connected tools and APIs.
Each policy defines one or more conditions (based on user attributes, tool parameters, or context) and an action that determines how the request is handled — for example, Deny, Request approval, or Step up authentication.
Key concepts
| Concept | Description |
|---|---|
| Policy | A rule that governs whether a specific action is permitted, denied, or requires additional verification. |
| Conditions | Logical expressions that define when the policy applies. |
| Actions | The outcome applied when conditions are met — Deny, Step up, or Request approval. |
| Approval flow | A predefined flow of approvers configured under the Approval Flows tab. |
| Policy targeting | Defines the scope — which users, roles, or contexts the policy applies to. |
Example use cases
- Deny creating expenses above a certain threshold.
- Require approval for sensitive tool actions (e.g.,
delete_customer). - Enforce stronger authentication (step-up MFA) for external API access.
- Restrict data operations to specific user roles or departments.
How policies work
When an AI agent attempts to execute a tool:
- The MCP Gateway evaluates all active policies matching that tool.
- Each policy’s conditions are checked using attributes based on the tool's schema such as:
user.roleamount//Deny creating expenses above a certain threshold, the tools's schema accept 'amount' as a parameter
- If a policy matches, the defined action is applied.
Example flow: AI Agent → MCP Gateway → Policy Engine → Tool
Actions
| Action | Description |
|---|---|
| Deny | The request is blocked and an error is returned to the agent. |
| Request approval | The request is paused until an approver approves or rejects it, using the defined approval flow. |
| Step up | The user must re-authenticate or complete a stronger verification step. |