Controls what an agent is allowed to do. Permissions can be configured with fine-grained controls for different tool types, or with a custom callback for complex logic.
Security Note: Permission fields are immutable after construction. This prevents adversarial code from modifying permissions at runtime. All fields use active bindings that reject modification attempts.
Active bindings
modePermission mode (see PermissionMode). Read-only after construction.
file_readAllow file reading. Read-only after construction.
file_writeAllow file writing. Can be TRUE, FALSE, or a directory path. Read-only after construction.
bashAllow bash command execution. Read-only after construction.
r_codeAllow R code execution. Read-only after construction.
webAllow web requests. Read-only after construction.
install_packagesAllow package installation. Read-only after construction.
max_turnsMaximum number of turns before stopping. Read-only after construction.
max_cost_usdMaximum cost in USD before stopping. Read-only after construction.
can_use_toolCustom permission callback. Read-only after construction.
Methods
Method new()
Create a new Permissions object.
Usage
Permissions$new(
mode = "default",
file_read = TRUE,
file_write = NULL,
bash = FALSE,
r_code = TRUE,
web = FALSE,
install_packages = FALSE,
max_turns = 25,
max_cost_usd = NULL,
can_use_tool = NULL
)Arguments
modePermission mode
file_readAllow file reading
file_writeAllow file writing (TRUE, FALSE, or directory path)
bashAllow bash commands
r_codeAllow R code execution
webAllow web requests
install_packagesAllow package installation
max_turnsMaximum turns
max_cost_usdMaximum cost
can_use_toolCustom callback function
Method check()
Check if a tool is allowed to execute.
Usage
Permissions$check(tool_name, tool_input, context = list())Arguments
tool_nameName of the tool
tool_inputArguments passed to the tool
contextAdditional context (e.g., working_dir, tool_annotations)