Configuring Custom Abilities
Custom abilities allow you to precisely control Alan's behavior. In the configuration, you define a prompt that determines Alan's behavior when using this ability. Optionally, you can add HTTP tools to enable Alan to access external services.
To configure a custom ability in Alan, the following settings are available to you:
Title
Assign a descriptive title for the ability. The title helps you manage abilities and assists users in selecting abilities in their chats. Additionally, Alan can use the title to recognize whether the ability is relevant for a chat request.
Description
The description of the ability provides users with additional information about the purpose and functionality of the ability. The description helps you manage abilities and assists users in selecting abilities in their chats. In addition, the description can be used by Alan to recognize the ability for relevant chat requests.
Prompt
In the prompt field, you describe the desired behavior of the ability. The prompt is provided to Alan as an instruction when using this ability and controls how Alan responds to requests.
Formulate the prompt clearly and precisely to describe the desired behavior as accurately as possible. Use the prompt to also explain to Alan how to use the optionally added HTTP tools and which services are connected with them, so that Alan can use these tools effectively.
HTTP Tools
Optionally, you can add HTTP tools to the ability. HTTP tools allow Alan to send HTTP requests to external services and retrieve or transmit data.
By default, a new HTTP tool is configured to access any URL (https://*) with all HTTP methods allowed and no additional HTTP headers set. To restrict access to specific URLs, limit the allowed HTTP methods, or set required HTTP headers (e.g., for authentication), you can customize the configuration of each HTTP tool with the following settings.
Note
Restricting HTTP access through the configuration of HTTP tools is important to ensure that Alan can only access intended services and prevent unwanted behavior.
We therefore recommend carefully configuring the HTTP tools and only granting the necessary permissions that Alan needs to perform the desired tasks while explaining the usage of the HTTP tools and the connected services clearly in the prompt to ensure that Alan can use them effectively and securely.
Title
A descriptive title for the tool that describes its function.
Base URL
This field specifies the base URL to which Alan is allowed to send requests. Alan can only send requests to URLs that start with this prefix. All prefixes must start with https:// to ensure that the requests are sent over a secure connection.
Allowed HTTP Methods
Specify which HTTP methods (e.g., GET, POST, PUT, DELETE) Alan may use for this tool.
HTTP Headers
HTTP headers can be configured for each tool and are sent with every request. Each header consists of:
- Title: The name of the header (e.g.,
Authorization,X-API-Key). This cannot be changed after saving. - Value: The value of the header. The value is stored encrypted and cannot be retrieved after saving. However, it can be reset or deleted.
HTTP headers are suitable for authentication against external services, e.g., by passing an API key or token, as well as for specifying Content-Type or other meta information required for the requests.
Protection Status
For custom abilities, the protection status is determined automatically. If no HTTP tools are configured, the ability is considered a secure data connection. As soon as HTTP tools are added, the ability is considered an insecure data connection.
The protection status provides users with guidance on whether they can use sensitive, internal company information in a chat with this ability. If it is a secure data connection, users can "chat securely"; otherwise, they will see a notice indicating that "external services" are used to generate chat responses and they should handle sensitive information with care.
The protection status also determines whether a manual usage approval for this ability is required by default. For secure data connections, automatic usage approval is granted by default; otherwise, manual usage approval is required by default.