Tentarc LogoDocs

Permissions

Permissions are not about slowing you down. They prevent three common failures:

  • silent changes you didn’t intend
  • risky mutations leaking into production
  • team workflows with no clear approval trail

In Tentarc, permissions simply mean this: side effects stay controlled.

Three modes to remember

  • Explore: read-only exploration
  • Ask to Edit: asks before risky changes
  • Auto: automatic execution with no per-action prompt

How to choose

  • use Ask to Edit as your default team mode
  • use Explore for analysis-only sessions
  • use Auto only when the flow is trusted, isolated, and reversible

Rule of thumb: if unsure, stay conservative; if proven safe, then widen autonomy.

Why this works

  • approvals are scoped to what was actually requested
  • “always allow” can stay session-local instead of globally leaking
  • execution remains auditable after the fact

Under the hood

Tentarc uses a strict sequence:

proposal -> approve -> execute

And safe hard-blocks core write tools (Write, Edit, MultiEdit, NotebookEdit).

If you need fine-grained control, add allowlists in workspace/source permissions.json.

Practical guidance

  • set Ask to Edit as the default baseline
  • reserve Auto for verified, repetitive, low-risk flows
  • keep production-sensitive work explicit and reviewable
Previous: Session

Revisit how sessions preserve execution continuity.

← Back
Next: Agent API

Understand how model connectivity shapes capability and cost.

Continue →
Share feedbackLast updated: Mar 6, 2026
Was this page helpful?YesNo