Agents and permissions

You can use agents to divide ownership across spec writing, implementation, validation, QA, and reporting. Permissions make that division enforceable at the tool layer.

What is an agent in Pulse

An agent is an API-key-backed identity with a name, objective, description, active flag, board access, and resolved permission set. The MCP server authenticates the key and checks permissions before executing tools.

The permission model

Pulse uses dotted granular flags such as spec.move.draft_to_review, card.validation.submit, and kg.query.decision_history. The current registry contains 270 enabled leaf flags in source.

Five built-in presets

The core operating roles are:

Preset	Use it for
Full Control	Solo or trusted admin work.
Spec	Ideation, refinement, spec content, sprint planning, and card breakdown.
Executor	Normal card implementation through `validation`, without gate submission.
QA	Test scenarios and test card lifecycle.
Validator	Spec, sprint, and task gates.

The source also includes Reporter and Sprint Manager presets for read-heavy and sprint-owner roles.

Board roles vs agent-level flags

Agent-level flags define the maximum capability. Board-level overrides restrict that capability on a specific board; they do not expand it. This ceiling model prevents a board override from turning a narrow agent into a broader one.

Managing agents

Use the web UI for day-to-day setup. Use the CLI to export MCP config after agents exist:

okto-pulse init --agents

Wrote .mcp.json with MCP server entries for available agents.

Last modified on May 8, 2026

Decisions The ADLC pipeline

​Agents and permissions

​What is an agent in Pulse

​The permission model

​Five built-in presets

​Board roles vs agent-level flags

​Managing agents

​Related pages