Because the Gateway lets people message an agent that can take real actions, it includes controls over who can reach it and what it's allowed to do. Configure these per channel in Settings → Gateway → Channel Security.
Who can DM the agent
The DM policy governs direct messages:
- Pairing (default) — unknown senders must complete a verification step before the agent responds.
- Open — the agent replies to any DM.
- Allowlist — only people you list (by email, user ID, @username, or phone number) can DM the agent.
Who can use it in groups
The group policy governs channels and group chats:
- Mention only (default) — the agent responds only when explicitly @mentioned.
- Allowlist — only specific groups or channels (by ID) can trigger the agent.
- Open — any mention from any group member triggers a response.
A separate Require @mention in group chats toggle (on by default) keeps the agent from replying to group messages that don't mention it.
Rate limiting
Set a per-sender rate limit (messages per minute) to prevent runaway or abusive usage. The default is a sensible cap that you can raise or lower.
Tool sandbox
You can restrict the agent's most powerful tools (file system, shell) when it's reached over messaging:
- Groups only (default) — restrict tools in group chats, full access in your own DMs.
- All sessions — restrict tools everywhere over the Gateway.
- Off — full tool access over messaging.
This lets a teammate ask questions in a Slack channel without being able to make the agent run shell commands on your Mac.
Recommended starting point
For most people:
- DM policy: Pairing, Group policy: Mention only, Require @mention: on
- Tool sandbox: Groups only
Then loosen or tighten based on who shares the channel.
Related
- Connecting Platforms — set up each channel
- Tools & Integrations — what the sandbox is protecting