Tool permissions

Coding agents have a long list of capabilities: read files, write files, run commands, search, fetch URLs, call MCP tools. Tool permissions decide what runs without asking, what asks every time, and what the agent isn’t allowed to do at all.

The model

Glueprint groups agent capabilities into a set of permission tags (for example, gp.file.read, gp.session.start). Each tag is placed in one of three lists in your governance config:

• Allowed — the agent can use these without prompting.
• Ask — the agent has to pause and wait for your approval.
• Denied — the agent isn’t allowed to use these at all.

Out of the box, read-oriented tags are in Allowed, and a small number of action-oriented tags (like starting a session or sending a channel message) are in Ask. Denied starts empty.

Where to configure

Per-agent governance lives inside each agent card under Settings > Agents. Per-assistant governance lives on the assistant’s Settings tab; rules there refine the agent defaults for that specific assistant.

Organization-wide rules live in the portal under Settings > Governance and apply to every assistant on the account.

How rules compose

When the agent tries a capability, Glueprint walks the layers in this order:

1. Organization rules (set by your administrator).
2. Global rules (account-wide defaults).
3. Team overrides (if the assistant is on a team).
4. Project overrides (if the working directory has its own project rules).
5. Per-assistant overrides.

A Denied verdict in any layer blocks the tool. Lower layers refine the verdicts of higher layers.

On the portal

The portal exposes the same agent and assistant governance UI. Organization-wide rules under Settings > Governance are admin-only.

Related topics

• Permissions and approvals for what happens at runtime when the agent pauses for input.
• Assistant governance for per-assistant rules.
• SSO and Enterprise.