DocumentationAgent Action Firewall
GitHub

Configuration Guide

Fine-tune Agent Action Firewall for your specific security requirements and workflow needs.

Client Configuration

Full Configuration Options

TypeScript
import { AgentFirewallClient } from '@agent-action-firewall/sdk';

const client = new AgentFirewallClient({
  // Required
  baseUrl: 'https://api.agentactionfirewall.com',
  apiKey: process.env.AGENT_FIREWALL_API_KEY!,
  agentId: 'my-ai-agent',

  // Optional: Timeouts
  timeout: 30000,           // Request timeout in ms (default: 30000)
  approvalTimeout: 300000,  // Approval wait timeout in ms (default: 5 min)

  // Optional: Retry configuration
  retries: 3,               // Number of retries (default: 3)
  retryDelay: 500,          // Initial retry delay in ms (default: 500)

  // Optional: Logging
  debug: false,             // Enable debug logging (default: false)
});

Environment Variables

VariableRequiredDescription
AGENT_FIREWALL_API_KEYYesYour API key from the dashboard
AGENT_FIREWALL_BASE_URLNoAPI base URL (default: cloud endpoint)
AGENT_IDYesUnique identifier for your agent
SUPABASE_SERVICE_ROLE_KEYYes (API)Supabase service role key — required by the API for MFA admin operations
EMAIL_APPROVAL_HMAC_SECRETYes (API)HMAC secret for signing email-approve tokens (min 32 chars). Required when email approval is enabled.

Policy Configuration

Default Policy Behavior

By default, all actions are evaluated against your organization's policies. The default policy is deny - actions must explicitly match an allow rule.

Risk Level Thresholds

TypeScript
// Actions are classified by risk level
type RiskLevel = 'low' | 'medium' | 'high' | 'critical';

// Configure auto-approval thresholds in your policy
// - low: Auto-approved
// - medium: May require approval based on policy
// - high: Typically requires approval
// - critical: Always requires approval

Approval Workflow Settings

Timeout Configuration

Configure how long actions wait for approval before timing out. This can be set per-organization in the dashboard under Settings > Approval Workflow.

  • Default Timeout: 24 hours
  • Minimum: 5 minutes
  • Maximum: 7 days

Escalation Rules

Set up automatic escalation when approvals are pending too long:

  • Send reminders after 1 hour
  • Escalate to secondary approvers after 4 hours
  • Auto-deny or escalate to admin after 24 hours

Integration Settings

Notification Channels

Configure where approval notifications are sent. Multiple channels can be active simultaneously.

JSON
{
  "notifications": {
    "slack": {
      "enabled": true,
      "channel": "#agent-approvals",
      "mentionOnHigh": ["@security-team"]
    },
    "email": {
      "enabled": true,
      "recipients": ["approvers@company.com"]
    }
  }
}

Next Steps