Model Restrictions

Workspace model restrictions let owners and admins control which AI providers and models agents in the workspace are allowed to use. Any chat request that would run on a disallowed provider or model is rejected before the agent loop starts.

How it works

Two columns on the workspaces table store the restrictions:

Column	Type	Behavior when `NULL`
`allowed_providers`	`JSONB` (string array)	Any provider is permitted
`allowed_models`	`JSONB` (string array)	Any model is permitted

When a chat request arrives, the gateway resolves the agent's provider and modelId from its config. If either value is not in the corresponding allowlist (and the allowlist is non-null), the request is rejected with 403 Forbidden.

Setting restrictions

Use PUT /workspaces/:id/restrictions. Requires owner or admin role.

bash

curl -X PUT http://localhost:3000/workspaces/ws_abc123/restrictions \
  -H "Authorization: Bearer ${JWT_TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{
    "allowedProviders": ["claude", "openai"],
    "allowedModels": ["claude-opus-4-6", "claude-sonnet-4-6", "gpt-4o"]
  }'

Restricting by provider only

Omit allowedModels (or set it to null) to allow any model from the specified providers:

bash

# Restrict to Claude models only (any Claude model)
curl -X PUT http://localhost:3000/workspaces/ws_abc123/restrictions \
  -H "Authorization: Bearer ${JWT_TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{ "allowedProviders": ["claude"] }'

Removing all restrictions

Set both fields to null to restore unrestricted access:

bash

# Remove all model restrictions (set back to unrestricted)
curl -X PUT http://localhost:3000/workspaces/ws_abc123/restrictions \
  -H "Authorization: Bearer ${JWT_TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{ "allowedProviders": null, "allowedModels": null }'

Error response

When an agent's provider or model is blocked, the chat endpoint returns:

json

{
  "error": "Provider \"openai\" is not allowed in this workspace"
}
// or
{
  "error": "Model \"gpt-4o-mini\" is not allowed in this workspace"
}

Common use cases

Goal	Configuration
Cost control — cap spend by restricting to cheaper models	`allowedModels: ["claude-haiku-4-5-20251001"]`
Data residency — use only on-prem or specific regional inference	`allowedProviders: ["local"]`
Compliance — prohibit unapproved third-party APIs	`allowedProviders: ["claude"]`
Standardize — enforce one model across all workspace agents	`allowedModels: ["claude-sonnet-4-6"]`

ℹRestrictions apply to all agents in the workspace including background heartbeat runs and scheduled agents. The check happens in the chat route before the agent loop, so no tokens are consumed on a blocked request.