Permissions
Control what Synoppy can do in your projects with fine-grained permissions.
Permission Model
Synoppy uses a three-tier permission system for each tool:
Ask
Synoppy asks for permission before each use
Allow
Tool can be used without asking
Block
Tool is completely disabled
Tool Permissions
| Tool | Description | Default |
|---|---|---|
read | Read files and directories | Allow |
write | Create or modify files | Ask |
bash | Execute shell commands | Ask |
delete | Delete files or directories | Ask |
web | Search the web | Allow |
fetch | Fetch URLs | Ask |
Managing Permissions
View current permissions:
bash
/permissionsIn project config (synoppy.json):
json
{
"allowedTools": ["read", "write", "bash"],
"blockedTools": ["delete"]
}Session Permissions
When Synoppy asks for permission, you have several options:
yAllow this action once
nDeny this action
aAllow all uses of this tool for this session
!Allow and add to project config (permanent)
Security Best Practices
Do
- Review bash commands before allowing execution
- Use project config to set consistent permissions
- Block tools you never want Synoppy to use
Don't
- Blindly allow all bash commands
- Give write access to sensitive directories
- Allow network access to untrusted URLs
Trusted Directories
Synoppy can only operate within the current project directory by default. Files outside this directory require explicit permission.
This sandbox behavior helps prevent accidental modifications to system files or other projects.