Features

Everything agents
need — governed

From policy evaluation to human approval to immutable audit logs. Outcall gives you complete control over what your agents can do.

Declarative rules for every tool call

Policy Engine

Define exactly what each agent is allowed to do. Rules are evaluated per agent, per tool, and per environment. Layer base policies with environment-specific overrides.

Rule-based and declarative policy definitions in YAML or JSON
Allow/deny lists per agent identity, per executor, per environment
Policy composition: base layer + environment overrides
Policy testing: dry-run evaluation against sample requests
Hot reload: policy changes take effect without restart

policy-engine

# policy.yaml
version: "1"
agents:
  clawie-dev:
    executors:
      bash:
        allow:
          - pattern: "npm *"
          - pattern: "git status"
        deny:
          - pattern: "rm -rf *"
          - pattern: "* --force"
      file:
        allow:
          - path: "./src/**"
        deny:
          - path: "/etc/**"
          - path: "~/.ssh/**"

Deny-by-default protection

Guardrails

Five built-in pattern guards that fire before policy evaluation. These catch the most dangerous agent behaviors regardless of what the policy says.

Force push detection: blocks git push --force to any remote
Protected branch guard: flags direct pushes to main/master
Shell injection detection: blocks shell=True subprocess calls
Path traversal guard: catches ../ sequences in file operations
Secret exposure detection: intercepts environment variable reads for known secret patterns

guardrails

# guardrails.yaml
version: "1"
guardrails:
  - id: no-force-push
    match: { tool: git, args_pattern: "--force" }
    action: deny
    message: "Force push is blocked by policy"

  - id: protected-branch
    match: { tool: git, branch_pattern: "^(main|master|prod)$" }
    action: ask
    timeout: 30s

  - id: no-shell-injection
    match: { tool: bash, shell_eq: true }
    action: deny

Human in the loop, wherever you are

Approval System

When a tool call hits an 'ask' rule, Outcall routes an approval request to your configured channel. Approve or deny in seconds from web, Telegram, or Discord.

Web UI: visual approval dashboard with full request context
Telegram: instant mobile approvals via bot message
Discord: team approvals in your server channel
Configurable timeout: auto-deny or auto-approve on timeout
Escalation rules: escalate to a secondary approver after N seconds
Full approval audit trail: who approved, when, from where

approval-system

# approval.yaml
version: "1"
approval:
  channels:
    - type: telegram
      bot_token: ${TELEGRAM_BOT_TOKEN}
      chat_id: ${TELEGRAM_CHAT_ID}
    - type: discord
      webhook_url: ${DISCORD_WEBHOOK_URL}
  timeout: 60s
  on_timeout: deny
  escalation:
    after: 30s
    to: secondary-approver

Typed, sandboxed capability handlers

Tool Marketplace

Every executor is a typed capability handler with a permission manifest. Built-in executors cover the most common agent needs. Author custom executors with a simple TypeScript interface.

8 built-in executors: bash, file-read, file-write, http, browser, db-query, git, process
Each executor declares its capabilities in a typed manifest
Per-executor permission configuration in your policy file
Custom executor authoring: implement ExecutorContract in TypeScript
Sandbox mode: run executors in isolated environments
Rate limiting per executor, per agent

tool-marketplace

// custom-executor.ts
import type { ExecutorContract } from "@outcall/sdk";

export default {
  name: "notion-write",
  version: "1.0.0",
  capabilities: ["write:notion-page"],
  permissions: {
    required: ["NOTION_TOKEN"],
    optional: ["NOTION_WORKSPACE_ID"],
  },
  async execute(input, context) {
    const { page_id, content } = input;
    // ... implementation
    return { success: true, page_id };
  },
} satisfies ExecutorContract;

Immutable record of every agent action

Audit Trail

Every tool call attempt — whether allowed, denied, or approved — is written to an append-only audit log. Export to JSON or CSV. Configure retention per environment.

Log schema: agent ID, tool, inputs, policy decision, approval status, timestamp
Append-only: log entries cannot be modified or deleted in retention window
Export formats: JSON lines, CSV, structured query
Retention policy: configurable per environment (default: 90 days)
Structured query: filter by agent, tool, decision, date range
Webhook delivery: stream log entries to your SIEM

audit-trail

// log entry schema
{
  "id": "evt_01J9X2K...",
  "timestamp": "2026-03-26T14:32:01Z",
  "agent_id": "clawie-dev",
  "executor": "bash",
  "input": { "command": "npm run build" },
  "guardrail_result": "pass",
  "policy_decision": "allow",
  "approval_status": null,
  "outcome": "executed",
  "duration_ms": 4821
}

Drop in to any agent runtime

Integrations

Outcall works as a proxy layer between your agent and its tools. No changes to your agent code required — point its tool calls at the Outcall endpoint.

Clawie: first-class integration, built-in executor routing
LangChain: ToolWrapper adapter for any LangChain tool
OpenAI Agents SDK: function call interceptor
Custom runtimes: HTTP proxy mode — no SDK required
Docker: official image with all built-in executors
Environment variables: zero-config credential injection

integrations

# Clawie integration (clawie.yaml)
executors:
  provider: outcall
  endpoint: http://localhost:7821
  api_key: ${OUTCALL_API_KEY}
  policy: ./policy.yaml

# LangChain integration
from outcall.langchain import OutcallToolWrapper
tool = OutcallToolWrapper(
    tool=your_tool,
    policy="./policy.yaml"
)

Ready to govern your agents?

Start with the free core tier or jump straight to the Pro dashboard.

Read the docs View pricing

Everything agentsneed — governed