Agents

Folder Access

Folder access is the only security surface that matters day-to-day. You decide what each agent can read, write, and run. SenateLab enforces the decision inside the sandboxed session — not as a prompt suggestion.

Access levels

None — the folder does not exist from the agent's point of view.
Read — list and read files; cannot modify.
Write — read plus create, modify, and delete files inside the folder (and its subtree).
Admin — write plus rename/delete the folder itself. Reserve this for single-owner scratch areas.

How to set permissions

Open the agent's detail panel, switch to Settings → Folders, and toggle the level per folder. Changes take effect on the next turn and are logged in the audit trail. Multi-select is supported — shift-click a range and set all in one action.

Why restrict anything?

Three reasons:

Accidents. Agents sometimes over-reach. A narrow scope turns a bug into a no-op.
Secrets. Keeping .env, SSH keys, and deploy credentials out of the agent's world is the cheapest defence you can put in place.
Parallelism. When two agents work on disjoint folders, their turns never contend. Performance goes up for free.

Recommended patterns

Engineer — write on the feature branch's folder, read-only on /docs and /src, none on /infra.
QA / Reviewer — read on /src, write on /tests, none on secrets.
Researcher — read-only on the whole map, write on its own scratch folder.
Ops — write on /infra, none elsewhere; guardrails for any shell command that touches production.

Multi-repo setups

The simplest topology is one map per repo. For a true multi-repo project, create one map per repo and connect them through a shared cross-team channel. Managers in each map can speak to each other on that channel without either map's agents crossing repo boundaries.