> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getunbound.ai/llms.txt
> Use this file to discover all available pages before exploring further.
# Onboarding Playbook
> A guided tour of the platform — what each part does, and how to get value in your first hour
Your AI coding tools — Claude Code, Cursor, Codex, Copilot, and more — now route through Unbound. We see every prompt, every terminal command, and every MCP tool call your agents make, and we enforce your policies **inline, before anything runs**. Nothing changes for your users. Everything changes for your security team.
This playbook walks you through what's in the platform, what each part is for, and how to get value fast.
## 1. Getting started (5 minutes)
Go to your Unbound gateway at [gateway.getunbound.ai](https://gateway.getunbound.ai) — or your organization's custom tenant domain, if you have one.
Open **Connect → AI Coding Tools**, pick your tool, and follow the one-line setup. For Claude Code and Codex, choose **Subscription** mode — keep your existing Claude / OpenAI subscription while Unbound observes and enforces via hooks.
Open **Connect → Device Deployment**, choose the tool and platform (macOS / Windows), and copy the single MDM install command. It deploys Unbound to every user on a device with no per-user setup.
Once a tool is connected, its activity starts flowing into Unbound immediately.
## 2. The dashboard — your home base
Your landing page is an at-a-glance health view of your whole org: devices and tools connected, agentic activity (terminal commands and MCP calls), how many actions were blocked / warned / allowed, total spend, and recommendations. It's built to be skimmed — start here each day, then click into whatever needs attention.
## 3. See what your AI tools are actually doing
Before you write a single policy, get visibility. Open **AI Tools Discovery → Summary**. This is your mission control: it inventories every AI tool detected across your org and flags risk.
**Three things to check on day one:**
Unsanctioned AI tools users installed on their own. Review the list and decide what's approved.
Users running with auto-accept *and* no deny rules *and* sandboxing off — the highest-risk setups. The **Permissions** sub-page shows exactly who.
MCP servers whose publisher is *unofficial* or *unknown*. The **MCP Servers** sub-page flags each one so you can spot shadow MCP.
The other sub-pages — **Users, Tools, Tool Rules, Skills, Setup** — let you drill into per-user detail. You don't need them on day one.
## 4. Tool Policies — guardrails on what AI can do
Tool Policies govern the **actions** AI agents take — the terminal commands they run and the MCP tools they call — and stop the dangerous ones before they execute. Find them under **Policies → Tool Policies**.
### What each action does
| Action | Stops the operation? | Logged? | What your user sees |
| -------------------------- | -------------------- | ------- | ------------------------------------------------------------------------------------------------------------------------ |
| **Audit** | No | Yes | Nothing — it runs normally and you get a log entry |
| **Warn** | No | Yes | A warning, then it proceeds |
| **Block** | Yes | Yes | An error explaining the block |
| **Require Slack Approval** | Pauses | Yes | A Slack DM to approve or deny; the agent retries after the decision (needs the [Slack integration](/integrations/slack)) |
**Warn** is supported on **Claude Code** and **Copilot**. On other tools, use **Audit** or **Block** instead.
If your users run agentic workflows, start with **Audit** to learn what's normal, then tighten to **Warn** / **Block**. A hard **Block** mid-chain returns an error that can interrupt a multi-step agent task.
### Three ways to create a policy
1. **Guided form (UI).** Open **Policies → Tool Policies** and click **Create Policy**, then choose **Terminal Commands** or **MCP Actions**. Build the rule with dropdowns: **When** (command family) → **If** (field to match + pattern) → **Then** (action) → optionally scope to **User Groups**. A live preview shows the rule in plain English as you build it.
2. **Describe it in plain English.** The create dialog has a *"Describe a policy or paste a command…"* box. Type what you want — e.g. *"Block any database command that drops or truncates"* — and Unbound fills in the form.
3. **Ask your AI agent (CLI).** Any user onboarded with the Unbound CLI can ask their agent (Claude Code, Cursor, Codex) to create the policy. The agent runs the `unbound` CLI for you. Requires the CLI installed and logged in with an Admin role.
```bash theme={null}
unbound policy tool create-mcp \
--name "Block destructive GitHub actions" \
--mcp-server github \
--mcp-action-type destructive \
--action BLOCK \
--custom-message "Destructive GitHub actions are blocked — contact your admin."
```
### Command families you can target (terminal commands)
Unbound classifies every command an agent runs into a **family**, grouped by area:
| Area | Families |
| -------------- | ---------------------------------------------------------------------------------- |
| **System** | Update System File, Environment Setup, Package Management, Build Operation |
| **Filesystem** | Read File, Write File, Delete File |
| **Process** | Process Management, Execute Script, Update Cron |
| **Network** | Remote Access, Data Transfer, Remote Execution, Container Operation |
| **Cloud** | Cloud Read, Cloud Provision, Cloud Destroy, Cloud IAM, Cloud Secrets, Cloud Config |
| **Security** | Access Password, Privilege Escalation, Environment Exposure |
| **Git** | Git Action |
| **Database** | Database Read, Database Write, Database Admin |
Each family matches on specific fields — e.g. **Database Admin** matches on *database, table, operation, environment*; **Delete File** matches on *path*.
### Examples and recommended policies
Terminal-command and MCP examples, plus the recommended day-one set — each with a prompt you can give your agent to see the policy fire.
## 5. Where to find things
| You're looking for | Go to |
| ---------------------------------------------------------- | --------------------------------------- |
| Every request / prompt through the gateway | **Logs** |
| Terminal commands AI executed (family, risk, policy match) | **Analytics → Tool Use → Terminal Run** |
| MCP tool calls AI made | **Analytics → Tool Use → MCP Actions** |
## 6. Settings you should know (admins)
Under **Settings**:
* **Integrations** — connect **Slack** (required for the *Require Slack Approval* action).
* **Policy Enforcement** — choose what happens **if Unbound is ever unreachable**: **Allow** (operations run as usual — the default) or **Block** (operations are denied). Pick based on your risk tolerance.
* **Users & User Groups** — invite teammates, assign roles (Admin / Member), and create groups to **scope policies** to specific teams.
## 7. Troubleshooting
* **Policy not firing?** Confirm it's **Active** and scoped to the right user group (empty = everyone).
* **MCP policy not matching?** Check the exact MCP server name on the **MCP Servers** page.
* **Command classified differently than you expected?** Open the command in **Analytics → Tool Use → Terminal Run** — the family and risk score are shown on every entry.
* **"Require Slack Approval" not prompting?** Connect Slack under **Settings → Integrations**.
Questions? Reach us in Slack or email [support@unboundsecurity.ai](mailto:support@unboundsecurity.ai).