// AGENT TYPE / SUPPORT AGENTS

Your support agents act on every customer. Make sure they only do what you allow.

A customer-support agent reads tickets, updates records, and emails customers through MCP, driven by whatever a customer types. Route it through PolicyLayer and every action is checked against your policy before it runs.

GATE SUPPORT ACTIONS → Free to start. No card required.

For platform and security teams running AI agents in production.

// THE PROBLEM

A support agent takes its instructions from strangers.

It rarely looks like a breach. It looks like good service.

The agent can touch every customer

Connect your CRM and support desk and the agent can delete records, send emails, and update contacts, for anyone.

The instruction arrives as a ticket

A customer message reads "delete my account and email everyone my note." Public, untrusted input becomes a task.

It just runs

PII leaves, records vanish, and it looks like the agent simply helped.

// THE SURFACE AREA

The tools a support agent reaches for.

The CRM and support-desk calls a customer-facing agent makes. PolicyLayer governs each one.

Salesforce

delete_org CRITICAL
deploy_metadata HIGH

Pipedrive

delete_deal CRITICAL
delete_lead CRITICAL

Freshdesk

remove_freshdesk_account CRITICAL
create_freshdesk_ticket HIGH

HubSpot

batch_update_objects HIGH
batch_create_objects HIGH

Browse every write tool →

// HOW POLICYLAYER WORKS

PolicyLayer sits between your support agents and your customers.

Drop PolicyLayer into your MCP request path. Your agents keep their tools. You keep control. Core concepts →

⬡

AGENT

Calls tools via MCP

tool_call

◆

POLICYLAYER

Enforces before execution

postgres.run_query read_only = true

ALLOW DENY RATE-LIMIT APPROVE

if allowed

⬢

MCP SERVER

Stripe, AWS, Postgres...

Add Stripe, GitHub, Postgres, Slack, AWS, or any other MCP server.

Define policy

Set defaults, rate limits, denials, approvals, hidden tools, and argument-level conditions.

Issue grants

Give each person, agent, CI job, or environment its own scoped token tied to a named policy.

Connect client

Paste the PolicyLayer proxy URL into your MCP client config. Agents keep the same tools. PolicyLayer enforces your rules before calls execute.

// ON EVERY CALL

What PolicyLayer enforces, on every call.

Approval gates

Bulk deletes and emails to external customers wait for human sign-off before they run.

Per-identity scopes

Each agent's token carries only the records and actions you grant. A triage agent reads tickets; only an escalation agent edits accounts.

Argument-level rules

Inspect the call: deny bulk deletes, require approval to email an external address, redact PII fields from results. Writing policies →

Rate caps

Cap how many customers an agent can email or update an hour.

Deterministic, deny by default

Rules run as code, first denial wins. The same call gets the same decision every time.

// POLICY EDITOR

You decide what every customer action can do.

Build policy around the fields that matter (record type, recipient, PII) in the visual editor. Allow, deny, rate-limit, or require approval, per tool. Writing policies →

PolicyLayer visual policy editor with allow, deny, hide and custom rules

No bulk deletes

Deny deletes that affect more than one record.

Approval to email

Emails to external addresses wait for a human.

Redact PII

Strip email and phone fields from tool results.

Internal only

Allow messages only to internal domains.

Action throttle

No more than 50 customer updates an hour, per token.

// THE PLATFORM

Not just rules. A platform.

Whatever your agents touch, the same engine, audit, and access model is doing the work underneath every rule you write.

Deterministic engine

Rules run as code, not model judgement: argument-level conditions, quotas, deny-by-default. The same call gets the same decision every time.

Writing policies →

Separation of duties

Your security or compliance team writes and attaches policy without ever holding the upstream credentials or grant tokens.

Roles →

Tamper-proof audit

Every call is logged with its decision and the rule that fired, attributed to the identity, in an append-only record. Argument values are redacted, never stored.

Logs & security →

Credentials never reach the agent

Upstream secrets are encrypted at rest and injected by the gateway. The agent only ever holds a scoped token.

Logs & security →

Per-identity access

Every person and agent connects with its own scoped grant. Rotate or revoke any one of them instantly, without disrupting the rest.

Core concepts →

Live in minutes

Hosted gateway. Point your clients at it, register a server, issue a token. Nothing to install.

Quick start →

//FAQ

Support agents and MCP questions.

How does PolicyLayer help when a customer tries to manipulate the agent?+

PolicyLayer does not rely on the model resisting the instruction. Whatever a ticket says, the agent still cannot make a call your policy denies: a bulk delete, an external email, or a PII-exposing read is stopped at the gateway regardless of the prompt.

Does PolicyLayer slow down customer-ops calls?+

Policy is evaluated in memory before the call is forwarded, so the overhead is negligible. Allowed calls pass straight through to your CRM or support desk.

Where do my CRM credentials live?+

Upstream credentials are encrypted at rest and injected by the gateway. Your agents only ever hold a scoped token, never your CRM credentials.

Do my agents lose any tools?+

No. Agents keep the same tools and schemas. PolicyLayer enforces policy on each call (allow, deny, rate-limit, or require approval), apart from any tools you deliberately hide.

Can I see what my agents actually did?+

Yes. Every call through the gateway is logged with the tool, its arguments, and the allow or deny decision. State-changing dashboard actions are recorded in a separate admin audit log.

// RELATED

Govern the same calls from another angle.

Let agents serve customers without leaking their data.

Approval gates, PII redaction, argument-level rules, and a tamper-proof audit log on every customer action. Route your existing CRM and support MCP servers through the gateway, live in minutes.

GATE SUPPORT ACTIONS →

Free to start. No card required.