Restrict procedure access
By default, every Handbook procedure is available to every AI agent in your tenant. That’s the right starting point for most teams — write a procedure, every agent uses it. But there are cases where a procedure should be scoped:
- A refund policy that only your billing specialists are allowed to apply.
- An escalation playbook meant for one specific Agent Stack, not the default Sidekick.
- A confidential procedure that contains sensitive details and shouldn’t surface broadly.
Access rules cover all three.
Where access rules live
Access rules can be attached at two levels:
- Per category — a rule on the category applies to every procedure in it.
- Per procedure — a rule on a single procedure applies only to that procedure.
Use a category-level rule when the entire group is restricted (the Refunds category should be billing-specialist-only). Use a procedure-level rule when only one entry in an otherwise-public category is restricted.
Both rule levels stack. A procedure in a restricted category, with its own additional rule, is reachable only by agents that satisfy both rules.
1. Open the procedure (or category)
Go to Handbook in the main navigation.
For a per-procedure rule, click into the procedure to open it. For a per-category rule, open the Manage Categories panel and find the category.
2. Click the shield icon
In the procedure editor (or next to the category in the panel), find the shield icon. Its tooltip reads Edit access rules.
Click it. The access rules panel expands.
3. Choose a rule type
You have two independent levers — toggle Confidential, or restrict scope to specific agents. They can be combined.
Toggle Confidential
The Confidential toggle marks the procedure (or category) as sensitive. Confidential procedures are hidden from agents that aren’t explicitly allowed to see confidential content. Useful for:
- Internal escalation contacts (“If the case touches a VIP, call the on-call manager — extension 4012.”)
- Policy details you don’t want surfaced casually (“Maximum goodwill credit is 15% of order value.”)
Restrict scope
The scope picker lets you say “only these specific agents can use this procedure.” Two scope types are supported:
- Main agent — the default Sidekick / specialist behavior across your tenant. Add this when a procedure should be available to your default AI behavior but not to specific specialist Agent Stacks.
- Agent config — a specific Agent Stack or Specialist Agent. Add this when a procedure is built for one agent and shouldn’t bleed into others.
Multiple scope entries can stack. A procedure can be scoped to “Main agent” plus three named Agent Stacks — every agent in that set sees it; nobody outside does.
4. Save the rule
Click Save in the access rules panel. The rule applies immediately. The AI starts honoring it within seconds.
5. Verify the restriction
The fastest test:
- Open Sidekick on a conversation handled by an agent the rule excludes.
- Trigger the procedure’s scenario in the conversation.
- Confirm Sidekick doesn’t surface the procedure.
Then repeat with an agent the rule includes — the procedure should appear normally.
If you’re unsure which Agent Stack handles a conversation, check the conversation’s metadata or the routing rules that sent it there.
Removing a rule
Open the access rules panel again. Each rule entry has a delete affordance. Removing all rules returns the procedure (or category) to its default open-to-everyone state.
Common gotchas
- A category rule plus a procedure rule means both must pass. If you’ve scoped a procedure to one specific agent, then move it into a category restricted to a different agent, the procedure becomes unreachable by everyone. Audit before moving procedures between restricted categories.
- Confidential isn’t a security boundary. It’s an AI-behavior signal — the AI won’t surface confidential procedures broadly, but if you need hard access control on the content, don’t paste sensitive secrets into the Handbook. Reference them by location (“see the operator runbook in 1Password”).
- There’s no role tag. Unlike the Knowledge Base, the Handbook doesn’t use a role taxonomy. Scope is the only restriction mechanism. If you need role-based separation, organize Agent Stacks by team and scope procedures to those stacks.