Scopes & Roles

Scopes are fine-grained resource:action strings enforced per tool call. Roles have default scope bundles. Effective scopes for a request are the intersection of the credential scopes and the role defaults.

Role defaults

Role	Default scopes
`viewer`	`artifacts:read`, `context:read`, `data:read`, `assets:read`, `observability:read`, `workflows:read`, `workflows:complete`, `prompts:list`, `prompts:use`, `conversations:read`, `config:read`, `knowledge_base:read`, `metrics:read`, `connections:read`, `notifications:read`, `pages:read`, `notion_sync:read`
`editor`	`artifacts:read`, `context:read`, `data:read`, `assets:read`, `observability:read`, `workflows:read`, `workflows:complete`, `prompts:list`, `prompts:use`, `conversations:read`, `config:read`, `knowledge_base:read`, `metrics:read`, `connections:read`, `notifications:read`, `pages:read`, `notion_sync:read`, `artifacts:write`, `artifacts:delete`, `context:write`, `context:delete`, `context:ask`, `context:query`, `data:write`, `assets:write`, `assets:delete`, `workflows:write`, `workflows:delegate`, `conversations:write`, `conversations:delete`, `knowledge_base:write`, `knowledge_base:delete`, `connections:write`, `connections:delete`, `pages:write`, `pages:delete`, `pages:embed`, `notion_sync:write`, `notion_sync:delete`
`admin`	`artifacts:read`, `context:read`, `data:read`, `assets:read`, `observability:read`, `workflows:read`, `workflows:complete`, `prompts:list`, `prompts:use`, `conversations:read`, `config:read`, `knowledge_base:read`, `metrics:read`, `connections:read`, `notifications:read`, `pages:read`, `notion_sync:read`, `artifacts:write`, `artifacts:delete`, `context:write`, `context:delete`, `context:ask`, `context:query`, `data:write`, `assets:write`, `assets:delete`, `workflows:write`, `workflows:delegate`, `conversations:write`, `conversations:delete`, `knowledge_base:write`, `knowledge_base:delete`, `connections:write`, `connections:delete`, `pages:write`, `pages:delete`, `pages:embed`, `notion_sync:write`, `notion_sync:delete`, `team:read`, `team:write`, `team:delete`, `config:write`, `pages:admin`, `webhooks:read`, `webhooks:write`, `webhooks:delete`, `observability:write`, `notifications:write`, `versioning:read`, `versioning:write`
`owner`	`artifacts:read`, `context:read`, `data:read`, `assets:read`, `observability:read`, `workflows:read`, `workflows:complete`, `prompts:list`, `prompts:use`, `conversations:read`, `config:read`, `knowledge_base:read`, `metrics:read`, `connections:read`, `notifications:read`, `pages:read`, `notion_sync:read`, `artifacts:write`, `artifacts:delete`, `context:write`, `context:delete`, `context:ask`, `context:query`, `data:write`, `assets:write`, `assets:delete`, `workflows:write`, `workflows:delegate`, `conversations:write`, `conversations:delete`, `knowledge_base:write`, `knowledge_base:delete`, `connections:write`, `connections:delete`, `pages:write`, `pages:delete`, `pages:embed`, `notion_sync:write`, `notion_sync:delete`, `team:read`, `team:write`, `team:delete`, `config:write`, `pages:admin`, `webhooks:read`, `webhooks:write`, `webhooks:delete`, `observability:write`, `notifications:write`, `versioning:read`, `versioning:write`, `billing:read`, `billing:write`, `platform:read`, `platform:write`, `platform:admin`

Tool matrix

Cells list tool IDs that require the given scope.

Resource \ Action	read	write	delete	admin	ask	query	delegate	complete	list	use	execute	embed
`artifacts`	`agent_blueprint.get`<br>`agent_blueprint.list`<br>`operation.get`<br>`operation.list` (+9)	`knowledge_base.star`<br>`knowledge_base.unstar`<br>`prompts.artifact.compose_campaign`<br>`prompts.artifact.draft_weekly_report` (+2)	-	-	-	-	-	-	-	-	-	-
`context`	`author_profile.get`<br>`author_profile.list`<br>`context.audience_filters`<br>`context.channels` (+12)	`context.remember`<br>`prompts.context.remember_this`	-	-	`context.ask`	`context.query_substrate`<br>`prompts.context.state_of_business`	-	-	-	-	-	-
`context_entries`	`context.review_kit`<br>`context_entry.get`<br>`context_entry.list`<br>`prompts.context.review_context`	`context_entries.write`<br>`prompts.context.capture_competitive_intel`<br>`prompts.context.save_insight`<br>`prompts.context.update_entry`	-	-	-	-	-	-	-	-	-	-
`content`	-	-	-	-	-	-	-	-	-	-	-	-
`data`	`company.get`<br>`company.list`<br>`company.search`<br>`console.issues_inbox.list` (+33)	`social.connect_account`<br>`social.create_subject`<br>`social.delete_subject`<br>`social.disconnect_account` (+5)	-	-	-	-	-	-	-	-	-	-
`assets`	-	-	-	-	-	-	-	-	-	-	-	-
`team`	`team.get_settings`<br>`team.list_domains`<br>`team.list_invitations`<br>`team.list_members`	`team.add_domain`<br>`team.invite`<br>`team.resend_invitation`<br>`team.update_member_role` (+1)	`team.remove_domain`<br>`team.remove_member`<br>`team.revoke_invitation`	-	-	-	-	-	-	-	-	-
`webhooks`	`prompts.webhook.debug_delivery`<br>`prompts.webhook.webhook_health_check`<br>`webhook.get`<br>`webhook.list` (+1)	`webhooks.test_fire`<br>`webhooks.write`	-	-	-	-	-	-	-	-	-	-
`billing`	-	-	-	-	-	-	-	-	-	-	-	-
`config`	`authors.get`<br>`authors.linkedin_status`<br>`authors.list`<br>`authors.voice_status` (+9)	`authors.create`<br>`authors.delete`<br>`authors.refresh_linkedin`<br>`authors.regenerate_voice` (+15)	-	-	-	-	-	-	-	-	-	-
`observability`	-	-	-	-	-	-	-	-	-	-	-	-
`workflows`	`agent_profile.list`<br>`agent_run.get`<br>`agent_run.list`<br>`blueprint_backtest.get` (+15)	`agents.cancel`<br>`agents.resume`<br>`knowledge_base.make_living`	-	-	-	-	`agents.backtest_blueprint`<br>`agents.fork_blueprint`<br>`agents.preview_backtest`<br>`agents.run_blueprint` (+4)	`finish`	-	-	-	-
`conversations`	-	`conversations.create`<br>`conversations.turns.append`<br>`conversations.turns.cancel`<br>`conversations.turns.resume` (+1)	-	-	-	-	-	-	-	-	-	-
`platform`	-	-	-	-	-	-	-	-	-	-	-	-
`knowledge_base`	`knowledge_base.chat`<br>`knowledge_base.diff`<br>`knowledge_base.get`<br>`knowledge_base.get_access` (+11)	`knowledge_base.make_living`<br>`knowledge_base.update`<br>`knowledge_base.upload`	`knowledge_base.delete`	-	-	-	-	-	-	-	-	-
`keys`	-	-	-	-	-	-	-	-	-	-	-	-
`oauth_clients`	-	-	-	-	-	-	-	-	-	-	-	-
`audit_log`	-	-	-	-	-	-	-	-	-	-	-	-
`versioning`	-	`blueprints.create`<br>`blueprints.delete`<br>`blueprints.promote_output`<br>`blueprints.unarchive` (+4)	-	-	-	-	-	-	-	-	-	-
`prompts`	-	-	-	-	-	-	-	-	`prompts.system.getting_started`<br>`prompts.system.research_playbook`<br>`system.list_prompts`	`system.use_prompt`	-	-
`metrics`	`metrics.evaluate`	-	-	-	-	-	-	-	-	-	-	-
`external_search`	-	-	-	-	-	-	-	-	-	-	`external_search.execute`<br>`external_search_jobs.read_stream`	-
`workspaces`	`workspaces.get`<br>`workspaces.list`<br>`workspaces.list_joinable_by_domain`	`workspaces.add_member`<br>`workspaces.create`<br>`workspaces.delete`<br>`workspaces.join_by_domain` (+5)	-	-	-	-	-	-	-	-	-	-
`connections`	`connections.get`<br>`connections.get_status`<br>`connections.list`<br>`connections.list_catalog` (+1)	`connections.connect`<br>`connections.reconnect`<br>`connections.update`	`connections.disconnect`	-	-	-	-	-	-	-	-	-
`pages`	`pages.get`<br>`pages.get_template`<br>`pages.list`<br>`pages.list_templates` (+2)	`pages.archive`<br>`pages.create`<br>`pages.update`	`pages.delete`	-	-	-	-	-	-	-	-	`pages.mint_embed_token`
`notifications`	`notifications.list_recipients`<br>`notifications.list_sends`	`notifications.email_member`	-	-	-	-	-	-	-	-	-	-
`notion_sync`	`notion_sync.get`<br>`notion_sync.list_pages`<br>`notion_sync.list_sends`<br>`notion_sync.status`	`notion_sync.backfill`<br>`notion_sync.configure`	`notion_sync.unsync`	-	-	-	-	-	-	-	-	-