Skip to content

Trust & Permissions

Pencel gives you fine-grained control over what your agents can do and which integrations they can access. The trust system is designed around a simple principle: start locked down, then open up gradually as you build confidence.

Trust tiers for connections

Every integration connection in Pencel has a trust tier that reflects how much confidence you have in it.

TierMeaningApproval behavior
VerifiedBuilt and maintained by Pencel or the service provider. Thoroughly reviewed.You can auto-approve tools with high confidence.
PartnerBuilt by a trusted third party. Reviewed for compatibility and basic safety.Auto-approve selectively. Review unfamiliar tools.
CommunityBuilt by the community. Minimal formal review.Start with manual approval for every tool call.

TIP

Trust tiers are informational — they help you decide how much autonomy to give a connection. Pencel does not enforce different behavior based on the tier. You control the actual permissions through tool approval settings.

Per-connection tool approval

Each connection exposes a set of tools (actions the agent can take through that integration). You control which tools run automatically and which require your approval every time.

Auto-approve specific tools: For tools you have tested and trust, turn on auto-approval. The agent can use these without asking you first. This is best for read-only or low-risk actions.

Manual approval for each use: For tools that modify data, send messages, or perform irreversible actions, keep manual approval on. The agent will pause and show you exactly what it plans to do before proceeding.

Example for a GitHub connection:

ToolRecommended approval
List repositoriesAuto-approve
Search issuesAuto-approve
Read file contentsAuto-approve
Create issueManual approval
Create pull requestManual approval
Delete branchManual approval

WARNING

Auto-approving write operations (create, update, delete) on external systems means the agent can take those actions without your review. Only auto-approve write tools after you have seen them work correctly multiple times.

Connection status

Connections can be in different states that control whether agents can use them:

  • Connected: The connection is live and agents can use its tools (subject to approval settings).
  • Connecting: The connection is being established. Tools are not yet available.
  • Disconnected: The connection exists but is not available to agents. No tools from this connection appear in the agent's toolkit.
  • Needs Re-auth: Credentials have expired and need to be refreshed. Tools are unavailable until you re-authenticate.
  • Error: The connection failed (service unavailable, configuration issue). Pencel will not attempt to use tools from errored connections.

You can disconnect a connection at any time without deleting it. This is useful when you want to temporarily remove access to an integration without losing its configuration.

Agent enabled skills as scope limiters

Beyond connection-level controls, you can limit which tools each agent has access to through the enabled skills setting on the agent itself.

This creates a second layer of control:

  1. Connection level: Which tools exist and which are auto-approved.
  2. Agent level: Which tools this specific agent is allowed to use.

Even if a connection has 20 auto-approved tools, an agent with limited enabled skills will only see and use the ones you have allowed.

When to limit agent skills:

  • A report-writing agent does not need Slack messaging tools.
  • A data analysis agent should not have access to email-sending tools.
  • A read-only reviewer should not have artifact creation tools.

INFO

Limiting enabled skills also reduces the number of tool definitions sent to the AI model, which lowers token costs and can improve the agent's focus on the tools that matter.

The graduated trust model

The recommended approach to trust in Pencel follows a simple progression:

Stage 1: Full manual approval

When you first set up a connection or agent, keep all tool approvals manual. Watch what the agent tries to do and verify the actions are correct.

Stage 2: Auto-approve read operations

After you have seen the agent use read-only tools correctly several times, auto-approve those. This speeds up routine tasks while keeping write operations under your control.

Stage 3: Auto-approve trusted write operations

For write operations you have seen succeed consistently (like creating reports or updating specific records), enable auto-approval. Keep manual approval for anything destructive (deletes, bulk updates, external messages).

Stage 4: Full trust for proven workflows

For mature, well-tested workflows running on trusted connections, you may choose to auto-approve all tools. This gives you fully automated workflows — but only reach this stage after thorough testing.

WARNING

Never jump to Stage 4 with a new connection or untested workflow. The graduated approach exists because AI agents can behave unpredictably with new data or edge cases. Build trust incrementally.

Quick reference

ControlWhere to set itWhat it does
Trust tierConnection settingsIndicates the review level of the integration (informational)
Tool auto-approvalConnection settings, per toolControls whether a specific tool runs without asking
Enabled skillsAgent settingsLimits which tools the agent can see and use
Risk toleranceAgent settingsAffects how cautiously the agent approaches decisions
Plan approvalAgent settingsControls whether the agent shows its plan before executing

These controls work together. A conservative setup uses low risk tolerance, required plan approval, limited enabled skills, and manual tool approval. An efficient setup relaxes these controls selectively for proven, low-risk workflows.