Common Use Cases
Step-by-step workflows for common Console tasks. Each workflow shows which tabs to use and in what order.
Debug a Denied Request
When an agent call fails with a policy denial, use this workflow to understand why.
Find the denial in Logs
Go to Logs → Denials tab. Filter by agent or time range to find the specific denial event.
Trace the request flow
Go to Traces → Request Flow. Find the request and view the complete event sequence to see where it failed.
Understand policy resolution
Go to Traces → Policy Trail. See which policies were evaluated and how they combined to produce the denial.
Modify policy if needed
Go to Policies. Find and edit the relevant policy, or use the Policy Assistant to create a new rule.
Tabs used: Logs → Traces → Policies
Set Up Team Access Control
Create hierarchical policies to control what different teams can access.
Plan your policy hierarchy
Decide on your structure: company → business unit → team → user. Parent policies set defaults, children can only narrow permissions.
Create parent policy
Go to Policies → Add Policy. Use the Policy Assistant to describe your company-wide defaults.
Create team policies that extend parent
Create child policies with extends: "company:acme". Add team-specific constraints that narrow the parent permissions.
Connect to your identity provider
Go to Settings → Identity Bridge. Configure SSO so users automatically get the right policy based on their groups.
Tabs used: Policies → Settings
Handle Attestation Requests
Review and approve/deny human-in-the-loop attestation requests from agents.
Check pending attestations
Go to Activity. The Attestations panel shows pending requests awaiting approval.
Review the request details
Click on an attestation to see: requesting agent, requested capability, justification, and any context the agent provided.
Approve or deny
Click Approve to grant the capability (with optional time_to_live or use limits), or Deny to reject the request.
Track attestation usage
Go to Traces → Attestation Chains to see how approved attestations are being used.
Tabs used: Activity → Traces
Generate Compliance Evidence
Export audit trails and verify signatures for compliance audits.
Access the audit trail
Go to Logs → Audit Trail. These events are cryptographically signed and tamper-evident.
Verify signatures
Click any event and use the Verify button to validate the cryptographic signature and hash chain integrity.
Configure OTEL export
Go to Settings → OTEL & Logs. Set up export to your SIEM or log aggregation system for long-term retention.
Review attestation history
Go to Logs → Attestations for a complete record of all approval workflows and access grants.
Tabs used: Logs → Settings
Monitor Agent Health
Track agent registrations, spot issues, and understand system activity.
Check the Activity dashboard
Go to Activity. The stats bar shows active agents, and the graph shows request volume over time.
Review registered agents
Go to Agents. See all agents with their type, status, tools, and last activity time.
Check for connection issues
Go to Traces → Agent Lifecycle. See registration/unregistration events to spot agents dropping off.
Investigate specific agent
Click an agent in the registry to see its full details, available tools, and recent request history.
Tabs used: Activity → Agents → Traces