Tools and Permissions
Without tools, an agent can only talk. With tools, it can inspect files, edit code, run commands, browse documentation, and verify work. That is where coding agents become genuinely useful, and where risk enters.
Common Tool Types
Section titled “Common Tool Types”- file read and edit tools
- shell or terminal execution
- browser or web fetch tools
- search and retrieval tools
- MCP-backed tools and resources
Why Permissions Matter
Section titled “Why Permissions Matter”The same agent that can fix a test can also run the wrong command, read the wrong file, or follow a malicious instruction from untrusted content. That is why modern coding agents emphasize sandboxing, approval prompts, and least privilege.
Good Defaults
Section titled “Good Defaults”- Start with the minimum access needed.
- Grant network access only when current external information is required.
- Be careful with write access outside the repo.
- Review elevated or destructive commands manually.
- Treat secrets and production systems as separate trust zones.
When To Grant More Access
Section titled “When To Grant More Access”Give the agent more access when the task truly needs it, such as:
- installing dependencies
- running an integration test suite
- browsing current docs or release notes
- using browser automation for UI validation
The key is that additional access should serve a specific task, not become a permanent habit.