Permissions & Approvals

Tentarc enforces permissions in control plane, not as best-effort UI hints.

Permission modes

Explore: read/discover only; no mutating side effects.
Ask: mutating actions require explicit user approval.
Auto: pre-authorized mutation within configured boundaries.

Approval object shape

Mutating intent requires a structured approval payload:

{
  "approvalId": "appr_8e7...",
  "instanceKey": "ws_prod:session:s_42",
  "reason": "write file + run command",
  "scope": {
    "paths": ["/workspace/src"],
    "commands": ["npm run build"]
  }
}

User response is a control intent:

approve
reject
approve_once_with_constraints

Why this is runtime-level

If approval is only UI-level, duplicate windows or retries can bypass intent integrity.
Control-plane enforcement guarantees that unapproved side effects never enter data plane.

Recommended policy

default to Ask in team/shared workspaces
use Auto only with narrow boundaries
store approval decision as an auditable event for replay/debugging

Runtime: Instance Lifecycle

Revisit lifecycle transitions and control intents.

Jump →

Next: Idempotency & Admission

Prevent duplicate side effects before execution.

Continue →

Share feedbackLast updated: Mar 6, 2026

Was this page helpful?Yes No