What are Agent Permissions?
The specific tools and operations an AI agent is authorised to perform — which MCP tools it can invoke, with what arguments, and under what constraints. Permissions define the boundary between what an agent is allowed to do and what is denied.
WHY IT MATTERS
Permissions are the granular building blocks of policy enforcement. While policies define the overall rules, permissions specify the individual capabilities: this agent can call read_file but not write_file, can invoke search but not delete.
The principle of least privilege applies directly: each agent should have only the permissions needed for its specific task. A research agent does not need write access. A code formatting agent does not need shell execution. A data analysis agent does not need filesystem access.
Permissions can be static (fixed in the YAML policy) or context-dependent (different policies applied for different sessions or tasks). The key is that they are defined by operators, not by the agent itself.
HOW POLICYLAYER USES THIS
Intercept implements agent permissions through YAML policy files. Each policy defines which tools are allowed or denied, with optional argument constraints. Permissions are enforced at the MCP proxy level — the agent cannot see or invoke tools that the policy denies. Default behaviour is deny-all: every permission must be explicitly granted in the YAML policy.