Guardrails
You gave it Gmail access. What else did you just give it?
The scariest part of giving an agent access to your tools isn't what it might do on purpose. It's what it might do by accident. Civic defaults to the safest possible scope and requires explicit grants to expand.
Gmailagent connected
gmail:readRead emails
gmail:sendSend as you
deniedgmail:deleteDelete threads
deniedgmail:forwardAuto-forward
deniedgmail:manage_filtersCreate filters
deniedgmail:manage_labelsModify labels
deniedOne click. Six permissions you didn't ask for.
Most platforms grant full access the moment you connect a tool. You wanted to read emails. You got the keys to the entire account.
gmail:read
Read emails
you wanted thisgmail:send
Send as you
silently grantedgmail:delete
Delete threads
silently grantedgmail:forward
Auto-forward
silently grantedgmail:manage_filters
Create filters
silently grantedgmail:manage_labels
Modify labels
silently grantedYou connected one tool. You got six permissions. Five of them can cause damage you won't notice until it's too late.
Default deny. Explicit grant.
Civic Chat
1[you] Restrict Gmail to read-only. Block
2 sending, deleting, forwarding,
3 and creating filters.
4
5[nexus] Configured. Gmail guardrails set:
6 ✓ gmail:read — allowed
7 ✗ gmail:send — blocked
8 ✗ gmail:delete — blocked
9 ✗ gmail:forward — blocked
10 ✗ gmail:manage_* — blocked
Control that's actually useful
Safe by default. Powerful when you need it.
Set up guardrails in minutes. Sleep better tonight.