Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.goantiai.com/llms.txt

Use this file to discover all available pages before exploring further.

Step 1 — Find the denial in the audit log

Go to Audit Log and filter by event type oauth.token_denied and outcome failure. Click the event to see the full details including the exact input that was evaluated.

Step 2 — Use the What-If Tester

Go to Policies → [your policy] → What-If and enter the same request: 
Agent ID: [your agent's ID]
Action:   [the scope that was denied]
Resource: [the resource being accessed]
The result shows the exact rule and line number that made the decision.

Step 3 — Fix the policy

Update the policy in the editor. Use Shadow Mode to test the fix in production before activating:
  1. Update the policy with Shadow Mode on
  2. Monitor the audit log for 24 hours
  3. Click Activate when confident

Common denial reasons

ReasonFix
No policy assignedGo to agent Settings → Policies and assign one
Wrong scope formatUse lowercase colon-separated: stripe:customer:read
Agent is suspendedCheck the agent’s status badge
Policy in shadow modeShadow mode evaluates but doesn’t enforce — activate it
Rego syntax errorA policy with a syntax error defaults to deny — use Preview to validate