Governance Flags (SDK)
Control agent behavior with flags. in code, not config files.
agent = Agent("http://localhost:9620", flags={ "email": "internal:cogniqor.be", "pii": "mask", "mode": "observe",})Available flags
Section titled “Available flags”| Flag | Values | Description |
|---|---|---|
mode | observe, warn, enforce, lockdown | Overall governance posture |
email | mirror:addr, internal:domain, block, allow | Email tool restrictions |
pii | mask, block, flag, off | PII handling |
budget | dev, standard, custom:per_call:per_session | Cost caps |
tools | allowlist:t1:t2, denylist:t1:t2, block | Tool restrictions |
files | read_only, project, sandbox, block | File operations |
db | read_only, safe_write, block | Database operations |
secrets | redact, block, flag | Secret handling |
Per-call overrides
Section titled “Per-call overrides”response = agent.chat( "Send salary data to the board", flags={"email": "block", "mode": "lockdown"},)Environment variable
Section titled “Environment variable”export TAPPASS_FLAGS="mode=observe, pii=mask, email=internal:cogniqor.be"HTTP header
Section titled “HTTP header”curl http://localhost:9620/v1/chat/completions \ -H "X-TapPass-Flags: mode=observe, pii=mask" \ -d '{"model": "gpt-4o-mini", "messages": [...]}'For the full reference including resolution order, org locks, and email mirror details, see the Governance Flags guide.