Appearance
Trust & Permissions
Pencel gives you fine-grained control over what your agents can do and which integrations they can access. The trust system is designed around a simple principle: start locked down, then open up gradually as you build confidence.
Trust tiers for connections
Every integration connection in Pencel has a trust tier that reflects how much confidence you have in it.
| Tier | Meaning | Approval behavior |
|---|---|---|
| Verified | Built and maintained by Pencel or the service provider. Thoroughly reviewed. | You can auto-approve tools with high confidence. |
| Partner | Built by a trusted third party. Reviewed for compatibility and basic safety. | Auto-approve selectively. Review unfamiliar tools. |
| Community | Built by the community. Minimal formal review. | Start with manual approval for every tool call. |
TIP
Trust tiers are informational — they help you decide how much autonomy to give a connection. Pencel does not enforce different behavior based on the tier. You control the actual permissions through tool approval settings.
Per-connection tool approval
Each connection exposes a set of tools (actions the agent can take through that integration). You control which tools run automatically and which require your approval every time.
Auto-approve specific tools: For tools you have tested and trust, turn on auto-approval. The agent can use these without asking you first. This is best for read-only or low-risk actions.
Manual approval for each use: For tools that modify data, send messages, or perform irreversible actions, keep manual approval on. The agent will pause and show you exactly what it plans to do before proceeding.
Example for a GitHub connection:
| Tool | Recommended approval |
|---|---|
| List repositories | Auto-approve |
| Search issues | Auto-approve |
| Read file contents | Auto-approve |
| Create issue | Manual approval |
| Create pull request | Manual approval |
| Delete branch | Manual approval |
WARNING
Auto-approving write operations (create, update, delete) on external systems means the agent can take those actions without your review. Only auto-approve write tools after you have seen them work correctly multiple times.
Connection status
Connections can be in different states that control whether agents can use them:
- Connected: The connection is live and agents can use its tools (subject to approval settings).
- Connecting: The connection is being established. Tools are not yet available.
- Disconnected: The connection exists but is not available to agents. No tools from this connection appear in the agent's toolkit.
- Needs Re-auth: Credentials have expired and need to be refreshed. Tools are unavailable until you re-authenticate.
- Error: The connection failed (service unavailable, configuration issue). Pencel will not attempt to use tools from errored connections.
You can disconnect a connection at any time without deleting it. This is useful when you want to temporarily remove access to an integration without losing its configuration.
Agent enabled skills as scope limiters
Beyond connection-level controls, you can limit which tools each agent has access to through the enabled skills setting on the agent itself.
This creates a second layer of control:
- Connection level: Which tools exist and which are auto-approved.
- Agent level: Which tools this specific agent is allowed to use.
Even if a connection has 20 auto-approved tools, an agent with limited enabled skills will only see and use the ones you have allowed.
When to limit agent skills:
- A report-writing agent does not need Slack messaging tools.
- A data analysis agent should not have access to email-sending tools.
- A read-only reviewer should not have artifact creation tools.
INFO
Limiting enabled skills also reduces the number of tool definitions sent to the AI model, which lowers token costs and can improve the agent's focus on the tools that matter.
The graduated trust model
The recommended approach to trust in Pencel follows a simple progression:
Stage 1: Full manual approval
When you first set up a connection or agent, keep all tool approvals manual. Watch what the agent tries to do and verify the actions are correct.
Stage 2: Auto-approve read operations
After you have seen the agent use read-only tools correctly several times, auto-approve those. This speeds up routine tasks while keeping write operations under your control.
Stage 3: Auto-approve trusted write operations
For write operations you have seen succeed consistently (like creating reports or updating specific records), enable auto-approval. Keep manual approval for anything destructive (deletes, bulk updates, external messages).
Stage 4: Full trust for proven workflows
For mature, well-tested workflows running on trusted connections, you may choose to auto-approve all tools. This gives you fully automated workflows — but only reach this stage after thorough testing.
WARNING
Never jump to Stage 4 with a new connection or untested workflow. The graduated approach exists because AI agents can behave unpredictably with new data or edge cases. Build trust incrementally.
Quick reference
| Control | Where to set it | What it does |
|---|---|---|
| Trust tier | Connection settings | Indicates the review level of the integration (informational) |
| Tool auto-approval | Connection settings, per tool | Controls whether a specific tool runs without asking |
| Enabled skills | Agent settings | Limits which tools the agent can see and use |
| Risk tolerance | Agent settings | Affects how cautiously the agent approaches decisions |
| Plan approval | Agent settings | Controls whether the agent shows its plan before executing |
These controls work together. A conservative setup uses low risk tolerance, required plan approval, limited enabled skills, and manual tool approval. An efficient setup relaxes these controls selectively for proven, low-risk workflows.
