Tools, permissions & trust
The idea: Every tool call is the agent acting on the world — read, edit, run, search — and each result flows back into context. You gate permissions, scope what it can touch, and verify what it did.
What you'll be able to do: You can explain the tool loop and how to grant permissions and verify the agent's actions safely.
The problem it solves: The agent wants to run a command that could delete files. Do you just let it?
Builds on: The harness: the loop, made real
← Prompt caching: reuse the prefix · Next: Skills & on-demand context →
All lessons