agents.md icon indicating copy to clipboard operation
agents.md copied to clipboard
Published 5 days ago verified publisher icon agentsmd

Proposal: Structured Tool Permissions

Open darth-kcaj opened this issue 1 month ago • 1 comments

Summary The current agents.md spec relies on natural language to define boundaries (e.g., "Do not delete files"), which is non-deterministic and hard for tooling to enforce. I propose adding a structured configuration section (likely in YAML frontmatter) to explicitly define tool permissions.

Proposed Implementation Introduce a permissions block in the YAML frontmatter of AGENTS.md files. This allows agent runners to programmatically enforce safeguards before the LLM even attempts an action.

Example AGENTS.md

---
version: 1.0
permissions:
  files:
    read: allow
    edit: ask  # Requires user confirmation
    delete: deny
  shell:
    # Allow specific safe commands, deny others
    allow: ["ls", "npm test"]
    default: deny
  browser:
    allow: ["https://docs.python.org/*"]
---

# Agent Instructions
(Normal natural language context goes here...)

Open for discussion - thoughts?

darth-kcaj avatar Nov 24 '25 05:11 darth-kcaj

Agree. Also we could add a required "description" field, it would allow models to parse the top part of the file instead of reading the whole thing each time. In the case of multiple agents.md it would save a lot of context window.

qchantel avatar Dec 17 '25 10:12 qchantel