Permissions

Permission policy engine, pattern matching, and escalation rules.

Permissions decide whether a tool call is auto-allowed, denied, or escalated for user confirmation.

Actions

allow: run automatically
ask: require user approval
deny: block execution

Rule Shapes

You can set a single action:

{
  "permission": "ask"
}

Or per-permission rules:

{
  "permission": {
    "*": "ask",
    "read": "allow",
    "edit": "deny"
  }
}

Or granular pattern rules:

{
  "permission": {
    "bash": {
      "*": "ask",
      "git *": "allow",
      "rm *": "deny"
    },
    "edit": {
      "*": "deny",
      "packages/web/src/content/docs/*.mdx": "allow"
    }
  }
}

Matching Semantics

wildcard matcher supports * and ?
rules are evaluated with last-match wins semantics
a trailing " *" in patterns is treated as optional argument tail

Permission Keys

Schema-defined keys include:

read
edit (covers write/edit/patch/multiedit behavior)
glob
grep
list
bash
task
external_directory
todoread
todowrite
question
webfetch
websearch
codesearch
lsp
doom_loop
skill
plus additional tool IDs via catch-all

Home Expansion

Permission patterns expand:

~/...
$HOME/...

before evaluation.

Risk Guardrails (Hard Overrides)

Before normal rule matching, AlphaBase applies risk checks:

destructive bash signatures are auto-denied
writes to protected system/security paths are denied
mutating operations outside workspace boundaries escalate to approval

This means risk policy can override an allow rule.

External Directory Boundary

Paths outside the workspace require explicit approval/allow via external_directory patterns.

{
  "permission": {
    "external_directory": {
      "~/projects/personal/**": "allow"
    }
  }
}

Approval Outcomes

When prompted, users choose:

once
always
reject

always persists scoped approval rules and can unblock pending requests in the same session.

Agent-Level Overrides

agent.<name>.permission merges over global permission policy for that agent.

{
  "permission": {
    "bash": "ask"
  },
  "agent": {
    "build": {
      "permission": {
        "bash": "allow"
      }
    }
  }
}