← Dashboard

Permissions & Gates

Chapter 5: What Keeps the Agent Safe

Model
Bash
rm -rf /
No gate. No protection.
Step 1

What Happens Without Gates

Model decides to clean up temp files. Generates rm -rf /. Bash tool executes it. No confirmation. No sandbox. Your filesystem is gone. This isn't hypothetical. It's the default without permission gates.

Step 2

Gates on Every Wire

The fix: put a gate between the model's intent and the tool's execution. Three flavors: Auto (safe, let it through), Ask (pause for human approval), Sandbox(run in isolation, can't escape).

Step 3

Three Permission Tiers

Click any tool to see its gate in action. Read-only tools auto-approve. File-modifying tools need confirmation. System-level tools run in a sandbox.

The tier determines the gate, not the model, not the user. The harness.

Step 4

Separate the Brain from the Hands

The model (brain) runs in unrestricted space. It can think anything. The execution (hands) runs in a sandboxed boundary. The gate wall ensures that thinking about rm -rfcan't become doing it without passing through permission checks.

Step 5

How Real Products Handle It

Claude Code uses an allowlist plus bash sandboxing. Cursor asks per file write. Manus runs everything in a full VM. The model literally can't affect the host machine. Different trade-offs, same principle: gates on wires.