Skip to main content

Agent permissions & trust

MeetLoyd is built on a simple security principle: least privilege, deny by default. An agent can only do what you have explicitly allowed — nothing more. There is no "open by default," and no hidden access.

Agents start with nothing

A new agent has no access to your repos, connectors, wallets, or data. Access is granted deliberately, at the smallest scope that does the job. If a permission was never granted, the agent simply can't see or use that resource — it's invisible to them, not merely blocked.

Progressive approval — you grant as agents work

By default, new workspaces run in progressive mode: when an agent needs a permission it doesn't have yet, it doesn't silently fail and it doesn't get blanket access. It requests exactly that one permission, and you approve (or deny) it in a click — from an in‑app prompt, the approvals inbox, or a push notification. Approved access is recorded and reused; you're never asked twice for the same thing.

This gives you three things at once:

  • Visibility. You see what your agents are actually trying to do — no more "it's not working" mystery. Every request names the agent, the action, and the resource.
  • Control. You decide, in plain terms, exactly what each agent can and cannot do.
  • A smooth path to lockdown. Because the right permissions accumulate as you work, you can later switch a workspace to strict enforcement with no disruption — everything legitimate was already approved.

Not sure whether to approve a request? Ask Loyd — it can explain what the agent is trying to do and why.

Grant the right level, not just access

Permissions aren't all-or-nothing. You grant the precise level required:

  • Read-only vs. read-write — let an agent read a repo or a wallet without the ability to change or spend.
  • Spending and usage limits — cap an agent at, say, $500/month, or a set number of actions per day. Granting wallet access is one decision; granting it a monthly budget is another.

The goal is always the smallest footprint that gets the work done — which keeps your blast radius small if anything ever goes wrong.

Built to fail safe

If the permission service is ever unavailable, MeetLoyd fails closed — it denies, rather than letting actions through unchecked. An outage locks things down; it never accidentally opens them. (For teams that need to keep low‑risk, read‑only operations running during an outage, this behaviour is configurable per workspace as part of your disaster‑recovery settings.)

Everything is on the record

Every grant, denial, and approval is audited — who approved what, when, and for which agent — so you always have a complete, reviewable trail of what your agents are allowed to do.