Permissions
Permissions
PermissionPolicy, StaticPermissionPolicy, human-in-the-loop pause and resume, RunCheckpoint, and SessionPermissionCache.
Permissions gate tool calls before execution. Every pending tool invocation is evaluated against a PermissionPolicy that returns a Decision: allow, deny, or require human approval.
The runner integrates policy with guardrails (middleware docs) and durable checkpoints so channel bots and desktop hosts can pause a run, surface an approval UI, and resume with runAgentResume.
Decision shape
interface Decision {
allowed: boolean;
requires_approval: boolean;
matched_rule_id?: string;
reason?: string;
}| Outcome | allowed | requires_approval | Runner behavior |
|---|---|---|---|
| Allow | true | false | Invoke the tool |
| Deny | false | false | Return an error result to the model |
| Ask (HITL) | false | true | Pause run, mint checkpoint, wait for human |
Quick start
import { Maniac, StaticPermissionPolicy } from "@maniac-ai/agents";
const policy = new StaticPermissionPolicy(
[{
id: "approve-chat-writes",
principal: "*",
scope: { toolset: "chat", arg_constraints: [] },
effect: "require_approval"
}],
{ allowed: true, requires_approval: false } // default: allow everything else
);
const app = new Maniac({ model, memory, policy });Set policy on the Maniac constructor for app-wide defaults, or on individual Agent specs to override per agent.
Topics
- Policies —
PermissionPolicy,StaticPermissionPolicy, rule effects, path constraints - HITL & checkpoints — pause/resume,
RunCheckpoint,SessionPermissionCache,RunCheckpointStore
API reference
Generated TypeDoc: permissions module.