Permissions System
Control what your agents can do with granular permissions. Set global defaults, per-tool rules, and per-agent overrides for complete security.
Permission Levels
Each tool can be set to one of three permission levels. Choose the right balance between automation and control.
Always Allow
Tool runs automatically without asking for permission. Best for safe, read-only operations.
- • Reading files and directories
- • Searching and analyzing code
- • Running safe commands (ls, git status, etc.)
- • Web searches and API calls
Ask First
Agent requests your permission before running the tool. You can approve, deny, or allow for the entire session.
- • Writing or modifying files
- • Running commands that change state
- • Installing packages or dependencies
- • Actions that cost money (API calls)
Never Allow
Tool is completely blocked. The agent cannot use it even if requested.
- • Deleting files or directories
- • System-level operations
- • Network access (if working offline)
- • Any dangerous or destructive operations
Tool Categories
Tools are organized into categories. You can set permissions for entire categories or individual tools.
File Operations
Read, write, edit, delete files and directories
Command Execution
Run shell commands and scripts
Network & Web
Make HTTP requests, browse the web
Computer Use
Control mouse, keyboard, and screen
Per-Agent Permission Overrides
Set custom permissions for individual agents that override global settings. Useful for untrusted agents or specialized workflows.
How it works:
Agent-specific permissions always override global settings. This allows fine-grained control.
Example: Sandboxed Agent
Global: File operations allowed
Agent override: File operations blocked
Example: Trusted Agent
Global: Commands need approval
Agent override: Commands auto-allowed
- 1. Go to the agent's settings
- 2. Navigate to the Permissions tab
- 3. Toggle "Use custom permissions"
- 4. Configure tool permissions for this agent
Permission Prediction
AI-Powered Permission Suggestions
CogTog can analyze your task and predict what tools the agent will need. Review and approve permissions upfront to avoid constant interruptions.
How it works:
- 1. You describe a task to CogTog
- 2. CogTog analyzes the task and predicts needed tools
- 3. You review and pre-approve permissions
- 4. Agent runs without constant permission prompts
Security Best Practices
Start restrictive, relax as needed
Begin with "Ask First" for most tools, then allow specific safe operations after you understand the workflow.
Never auto-allow destructive operations
Always require approval for file deletion, process killing, and system-level commands.
Use per-agent permissions for untrusted agents
If testing a new agent or workflow, create a sandboxed agent with restricted permissions.
Review permission requests carefully
Read what the agent wants to do before approving. If something seems wrong, deny it and investigate.
Use session-level approvals for repetitive tasks
When the agent needs to repeat the same operation many times, approve it for the session to reduce interruptions.
Regularly audit permissions
Periodically review your permission settings and revoke unnecessary access.
Default Permissions
CogTog ships with sensible defaults. Safe read operations are allowed, while write and destructive operations require approval.
Auto-Allowed by Default
- • Reading files
- • Listing directories
- • Searching code
- • Web searches
- • Safe git commands (status, log, diff)
- • Memory operations
Requires Approval by Default
- • Writing/editing files
- • Deleting files
- • Running shell commands
- • Installing packages
- • Network requests
- • Computer use (mouse, keyboard)