Skip to main content
TripleBits Apprentice - Software for Agents

Menu

Sign In Register

Permissions And Guardrails Security Model

Understand the Apprentice security model across deterministic controls, permission modes, capabilities, AI guardrails, external MCP tools, and safe setup defaults.

17 views

Permissions And Guardrails Security Model

Apprentice combines deterministic controls with optional AI guardrails.

Use deterministic controls for hard boundaries. Use guardrails as an extra review layer for sensitive actions.

Deterministic Controls

Deterministic controls include:

  • Directory mounts.
  • Read-only and read-write volume modes.
  • Capabilities.
  • Permission mode.
  • Command allow/block lists.
  • Website allow/block lists.
  • External MCP tool policies.
  • Saved permission patterns.
  • Budget and runtime limits.
  • Queue and concurrency limits.

These controls are predictable and should be your first line of defense.

Permission Modes

Permission modes include:

  • Ask for Approval.
  • Auto-Accept Safe Operations.
  • Deny All.
  • YOLO / Allow All Operations.

Use Ask for Approval for new agents. Use YOLO only for trusted agents in tightly scoped or disposable workspaces.

Capabilities

Capabilities disable whole tool families, such as filesystem, shell process, web network, browser, memory, tasks, messaging, scheduler, notifications, and external MCP tools.

If a capability is off, matching tools can be blocked before normal prompts.

Guardrails

AI Guardrails can evaluate actions by category:

  • General.
  • Filesystem.
  • Execution.
  • Network.

Rules can block, warn, or log.

Guardrails add latency and model calls. They are useful for sensitive workflows, but they are not a replacement for deterministic controls.

For a new agent:

  1. Start with Ask for Approval.
  2. Mount only needed folders.
  3. Use RO unless writes are required.
  4. Disable unnecessary capabilities.
  5. Set a small budget if using paid models.
  6. Add guardrails only where extra review is valuable.
  7. Review Activity after the first run.

External MCP Tools

External MCP tools deserve special attention.

Enable only the MCP servers the agent needs. Start tools at Ask, then move specific tools to Allow only after reviewing real usage.

Use Deny for tools unrelated to the agent's job.

Troubleshooting

If an action is blocked, check capabilities, blocked rules, guardrails, and per-tool MCP policy.

If an action runs too easily, switch the permission mode, remove saved approvals, or move tools back to Ask.

If guardrails are slow, narrow the triggers or rely on deterministic controls for lower-risk agents.

Next Step

After the security model is configured, run a manual test and inspect Activity before enabling schedules or integrations.