This guide explains the AI Tools and Permissions model that powers Bliro's agentic integrations. It is intended for IT, security, and CRM stakeholders who want to understand how Bliro's AI agents act on third-party systems and how that activity is controlled.
Overview
Bliro's AI agents act on connected Integrations (CRM, calendar, communication platforms, and others) through a fixed set of tools. Each tool represents one specific action on one specific object type, and each tool has a permission level that controls when, if ever, Bliro's agents may use it. Tools and permissions are configured by organization administrators and apply across the entire Bliro organization.
What is a Tool
A tool is a single, well-defined action on a specific object in a connected system. Each tool is defined by three fields:
Field | Description |
Title | Auto-generated as |
Description | A natural-language description that tells Bliro's AI agent when the tool is appropriate to pick. |
Permission | One of Always Allow, Ask for Permission, or Deny. See below. |
Tools follow a strict one-object-per-operation constraint: a single tool always performs exactly one operation (Read, Create, or Update) on exactly one object type. Multi-step actions are composed by the AI agent from several tool calls.
Predefined and Custom Tools
Each agentic integration ships with a predefined catalog of tools with sensible default permissions, so the integration is usable immediately after connecting.
For CRM integrations, administrators can additionally create custom tools by selecting a CRM object that is not yet covered. Bliro automatically generates the corresponding Read, Create, and Update tools for that object. Custom tool creation is currently available for CRM integrations only.
Permission Levels
Every tool, predefined or custom, must have exactly one of three permission levels.
Level | Behavior | Default applied to |
Always Allow | Bliro's AI agent may invoke the tool without prompting the user. Best for low-risk read operations. | Read tools |
Ask for Permission | Each invocation pauses until the user approves it. Best for any action with side effects. | Create and Update tools |
Deny | The tool is disabled. Bliro's AI agents cannot invoke it under any circumstance. | None. Admin-selected when stricter control is required |
How "Ask for Permission" Works
When a tool is set to Ask for Permission, Bliro's AI agent never runs the tool without explicit user consent for that specific invocation. The approval prompt is delivered in-context, depending on how the user is interacting with the agent:
In the agent chat: an overlay appears above the chat input showing the requested action and its parameters. The user approves or declines before the action proceeds.
In a phone-call session with the agent: the agent explicitly asks the user for verbal permission to perform the action before doing so.
If the user does not respond, the action is not executed. Approval is per-invocation: a previous "yes" does not authorize future invocations of the same tool.
Enforcement
Permission decisions are enforced by Bliro's infrastructure, not by the language model's adherence to instructions. Two layers operate together:
Tool gating at the model boundary. Tools that are denied or that have not been added to the configuration at all are never exposed to the AI agent's tool list. The model literally cannot "see" them and therefore cannot call them.
Server-side authorization on every call. Every tool invocation the model does emit is independently authorized by Bliro's backend against the current permission configuration before being dispatched to the third-party system. A call that somehow reached this layer for a denied tool would be rejected.
Both layers hold simultaneously, so a tool that is denied cannot be executed under any circumstance even if the AI agent "wanted" to, or if a prompt injection attempted to convince it otherwise.
Where to Configure
Tools and permissions are managed per integration:
In Bliro, open Integrations and select the relevant integration (for example, Microsoft Dynamics or HubSpot).
Use the Tools & Permissions section to add, remove, or reconfigure tools and to change permission levels.
(CRM only) Click Add tool to create new tools by selecting a CRM object. Bliro will automatically generate the Read, Create, and Update tools for that object.
Only organization administrators can change these settings. Changes apply to the entire Bliro organization.
Contact and Help
Questions about how a specific tool behaves, or how to harden defaults for your organization? Contact [email protected].