Restricting Attachments in Agent Inboxes
Three fields on a policy decide which attachments ever reach your email agent: { "name" : "Locked-down agent inbox" , "limits" : { "limit_attachment_size_limit" : 26214400 , "limit_attachment_count_limit" : 20 , "limit_attachment_allowed_types" : [ "application/pdf" , "image/png" ] } } Size (that's 25 MB in bytes), count per message, and an allowlist of MIME types. POST that to /v3/policies , attach the resulting policy_id to a workspace, and every Agent Account in the workspace enforces it on inbound mail from then on. Why an autonomous reader needs this more than you do When a human gets a suspicious attachment, there's a judgment step: weird sender, weird filename, don't open it. An email agent has no such instinct unless you build one — and the agents most worth building are exactly the ones that process attachments: parsing invoices, extracting resumes, reading shipped documents. That processing step is the attack surface. A hostile PDF aimed at your parser, a 10,000-page document aimed at your token budget, a zip bomb aimed at your storage — all of them arrive the same way legitimate input does. You can defend in application code, but then every consumer of the mailbox has to get it right, forever. Policy limits on Nylas Agent Accounts (a beta feature) enforce the constraint at the mailbox itself, before any of your code runs. One clarification that saves a support ticket: inbound rules can't do this job. Rules match on sender fields — from.address , from.domain , from.tld — and know nothing about what a message carries. Attachment control lives on the policy, and only there. From policy to enforced, end to end The policy applies through a workspace, not directly to a grant. The full wiring is three calls. Create the policy at /v3/policies , set it as the workspace's policy_id (a PATCH /v3/workspaces/{workspace_id} if the workspace already exists), then create the account into that workspace: curl --request POST \ --url "https://api.us.nylas.com/v3/connect/cus