Capability Model (Permissions)
Configure tool permissions per agent — 4 modes, presets, and overrides
The capability model defines which actions an agent may technically perform — independent of what it says in content.
Open the Capability Model
Two paths: (1) In the Wizard — Step 5, or (2) In the Agent Drawer — Permissions section, click the edit icon.
📸 Screenshot: Permission editor in agent drawer
Categories and Tools
| Category | Tools | Risk Level |
|---|---|---|
| Communication | Send email, Slack message, SMS, calendar invite, trigger webhook | Medium |
| Data | Read DB, write DB, read file, write file, API call, vector DB | Low–High |
| Finance | Trigger payment, create invoice, modify budget, place order | High |
| System | Execute code, start container, modify config, trigger deployment, shell access | Critical |
The 4 Enforcement Modes
| Mode | HTTP Status | What Happens |
|---|---|---|
| Allow (ALLOW) | 200 | Action executes without restrictions |
| Deny (DENY) | 403 | Action is blocked. Agent receives error message. |
| Require Approval (REQUIRE_APPROVAL) | 202 | Action paused. Reviewer notified. Agent waits. |
| Log Only (LOG_ONLY) | 200 + Flag | Action executes but marked as governance_flagged. Appears in monitoring. |
Using Presets
Click Load Preset: Restrictive (all DENY except data read), Balanced (read: ALLOW, write: LOG_ONLY, finance: REQUIRE_APPROVAL, system: DENY), or Permissive (all ALLOW except finance and shell access).
Tool-Level Override
Open a category, click the dropdown on a specific tool to override its mode. An "Override" badge appears next to the tool.
Three-level hierarchy: Preset → Category Default → Tool-Level Override. More specific settings override more general ones.
AGT Export
Click Export → AGT Format to download the capability model as a Microsoft AGT-compatible JSON file.