Familiar logo
Familiar usefamiliar.com
Documentation / Fleet

Execution Tiers

Understand the different permission levels for agents.

Execution Tiers

Fleet uses a layered permission system. The execution tier is the base layer that determines what tools and commands agents can use by default.

Available Tiers

Restricted

The most conservative tier. Agents can only use safe, read-only operations.

Allowed:

  • Safe bash commands (ls, pwd, cat, etc.)
  • Read files
  • List directories
  • Take screenshots
  • Browser view-only (no clicking or typing)

Requires approval: Most other operations

Use for: Agents you don't fully trust, or when you want maximum control

Read-Only

Expanded read access for inspection and research tasks.

Allowed:

  • All Restricted tier operations
  • Search operations (grep, find)
  • Web fetch (retrieve web pages)
  • Web search
  • Full browser navigation (view only)

Use for: Research agents, code reviewers, documentation tasks

Read/Write

Standard development tier. Agents can create, modify, and delete files.

Allowed:

  • All Read-Only tier operations
  • Write, edit, and delete files
  • Create sub-agents
  • Workspace operations
  • Vault access (read secrets)
  • Schedule tasks
  • Agent management
  • Trigger management

Use for: Building, coding, content creation

Setting Your Default Tier

  1. Open Settings (Cmd+,)
  2. Go to Security
  3. Choose a default execution tier
  4. All new agents will use this tier

Per-Agent Override

Each agent can have its own execution tier that overrides the global default.

Via UI

  1. Open agent → Settings (gear icon)
  2. Go to Permissions
  3. Override execution tier
  4. Save

Via AGENT.md

permissions:
  execution_tier: read_only

Combining with Permission Rules

Execution tiers provide the base permissions. Permission Rules let you fine-tune by adding or removing specific tool access.

Example: Allow npm commands in Restricted tier:

permissions:
  execution_tier: restricted
  rules:
    - "Bash(npm install)"
    - "Bash(npm test)"

Tier Inheritance

When an agent spawns sub-agents:

  1. Sub-agents inherit parent's execution tier by default
  2. Sub-agents can be more restrictive but not less
  3. Use allowed_subagents to control which agents can be spawned

Non-Interactive Triggers

For triggers that run without user interaction (schedules, file watchers, daemons):

  • Agent must have appropriate execution tier pre-configured
  • No approval prompts are possible
  • Use rules to pre-approve specific tool patterns
permissions:
  execution_tier: read_write
  rules:
    - "Bash(npm run build)"
    - "Bash(git commit*)"

Next Steps