Policies

Control what Chalie can do on its own and what requires your approval, across every context.

You decide what Chalie can do

Policies are Chalie’s permission system. Every action Chalie takes — sending an email, controlling a smart-home device, storing a memory — is governed by a policy rule that you control. You decide what happens automatically, what needs your approval, and what is blocked entirely.

Quick examples:

  • Allow Chalie to search your email without asking, but require approval before sending.
  • Block background tasks from ever deleting memories.
  • Let external integrations read your calendar but nothing else.

The three states

Every policy rule has one of three states:

  • Allow — Chalie performs the action immediately, no confirmation needed. Best for read-only actions and things you trust completely.
  • Ask — Chalie pauses and shows you a permission card describing what it wants to do. You approve or deny each time. This is the default for most sensitive actions.
  • Deny — the action is blocked outright. Chalie won’t attempt it and won’t ask. The blocked action is logged so you can review it later.

The four contexts

Chalie runs in different contexts depending on who or what triggered the action. Each context has its own set of policy rules, so you can be permissive when you’re actively chatting but restrictive when Chalie is running in the background.

Chat

The default context when you’re talking to Chalie directly. Most read actions (searching email, checking weather, browsing the web) are set to Allow by default. Actions that have real-world consequences — sending emails, controlling devices, modifying calendar events — default to Ask.

Subagent

When Chalie spawns a background worker to handle part of a task (like researching a topic or summarising a document), that worker runs under the subagent context. By default, subagent policies mirror chat policies, so the same approval rules apply.

Background

Background tasks run without you present — things like scheduled briefings, pattern detection, and memory consolidation. Since there’s no one to click “approve”, any action set to Ask in this context is automatically denied. Most actions default to Deny here. Only safe, non-destructive operations like storing a memory are allowed by default.

External agent

When an external application communicates with Chalie through its API, actions run under the external agent context. This is the most restrictive by default — nearly everything is denied. You explicitly allow only the actions you want external integrations to perform.

Configuring policies

Open the Brain dashboard (🧠 icon in the sidebar) and click Policies in the Brain sidebar. You’ll see the four contexts listed as sub-items — Chat, Subagent, Background, and External agent — click one to view and edit its rules.

The Policies page in the Brain dashboard showing action categories and their Allow/Ask/Deny states

Actions are grouped into categories:

  • Browser — interact with page, monitor page, render page, take screenshot
  • Calendar — get event, list events, update event
  • Code — run sandboxed code
  • Contacts — get contact, list contacts
  • Documents — list, view, search, create, upload, delete, restore documents
  • Email — search, read, send, reply, draft, forward, manage email
  • Home — get device state, list devices, control devices, list and trigger automations, subscribe events
  • Lists — list all, view, create, add items, check items, remove items, clear, rename, delete
  • Memory — recall, store, forget, reflect on memory
  • News & Weather — search news, weather lookup
  • Places — save, list, look up, delete saved places
  • Scheduling — list, search, create, cancel schedules
  • Search & Tools — web search, read content, search programming docs, look up Chalie docs
  • Skills — list, create, edit, delete custom skills
  • Subagent — spawn subagent
  • Ubiquiti — list network devices, list connected clients, get device info/health, block/disconnect client, restart/locate device, manage WiFi networks, manage port forwarding, manage traffic rules, authorize guest access

Set each action to Allow, Ask, or Deny. Changes take effect immediately — no restart required.

Permission requests

When an action’s policy is set to Ask and Chalie wants to perform it, a permission card slides up at the bottom of the interface. The card shows:

  • The action name (e.g. “Send Email”)
  • A one-line description of what Chalie intends to do
  • Allow and Deny buttons

Chalie waits for your response before proceeding. There is no auto-timeout — it will wait as long as needed. If you deny, the action is logged and Chalie is told the action was denied so it can adjust.

Common setups

Hands-free assistant

If you trust Chalie to act autonomously during chat, set all email, calendar, and home actions to Allow in the Chat context. You’ll still have Background and External agent locked down by default.

Cautious mode

Set everything to Ask in the Chat context. Chalie will always check with you before taking any action. This is useful if you’re sharing your Chalie instance or want full visibility into what it does.

Background-safe

If you want scheduled tasks to send emails or control devices without manual approval, selectively change those specific actions to Allow in the Background context. Keep everything else denied.

System and internal tools

Some of Chalie’s internal tools — like find_tools and find_skills — are marked as system tools. These bypass the policy system entirely because they’re part of Chalie’s core reasoning loop. You won’t see them in the Policies page and they cannot be blocked.