Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.oktolabs.ai/llms.txt

Use this file to discover all available pages before exploring further.

Custom permissions

You can create custom permissions when a built-in preset is too broad or too narrow. Start from the closest preset, then remove or add explicit flags for the agent’s job.

When to use custom permissions

Use custom permissions for hybrid roles, read-only reporting agents, automation that should touch only one namespace, or temporary agents used for a single migration or audit.

Creating a custom agent in the web UI

Open the board’s agent settings, create or edit an agent, choose custom permissions, then save the selected flags. Export MCP config after the agent exists. 
okto-pulse init --agents reporting-agent

Wrote .mcp.json with selected agent entries.

Setting flags with dot notation

Use source flag names exactly. Examples: 
board.read
spec.entity.read
card.validation.read
kg.query.decision_history
Avoid granting wildcard-like groups unless the agent actually needs every child capability.

Board-level overrides

Board overrides restrict an agent further on a specific board. They are useful for shared agents that need broader access on one board and read-only access on another.

Example: read-only reporting agent

A reporting agent usually needs:
  • board.read, board.activity_read, and board.analytics_read
  • spec.entity.read, sprint.entity.read, and card.entity.read
  • kg.query.* read flags relevant to the report
  • no *.submit, *.delete, or kg.session.commit flags
Last modified on May 8, 2026