# Scopes

# Scopes & Roles

Scopes are fine-grained `resource:action` strings enforced per tool call.
Roles have default scope bundles. Effective scopes for a request are the
intersection of the credential scopes and the role defaults.

## Role defaults

| Role | Default scopes |
| --- | --- |
| `viewer` | `artifacts:read`, `context:read`, `data:read`, `assets:read`, `observability:read`, `workflows:read`, `workflows:complete`, `prompts:list`, `prompts:use`, `conversations:read`, `config:read`, `knowledge_base:read`, `metrics:read`, `connections:read`, `notifications:read`, `pages:read`, `notion_sync:read` |
| `editor` | `artifacts:read`, `context:read`, `data:read`, `assets:read`, `observability:read`, `workflows:read`, `workflows:complete`, `prompts:list`, `prompts:use`, `conversations:read`, `config:read`, `knowledge_base:read`, `metrics:read`, `connections:read`, `notifications:read`, `pages:read`, `notion_sync:read`, `artifacts:write`, `artifacts:delete`, `context:write`, `context:delete`, `context:ask`, `context:query`, `data:write`, `assets:write`, `assets:delete`, `workflows:write`, `workflows:delegate`, `conversations:write`, `conversations:delete`, `knowledge_base:write`, `knowledge_base:delete`, `connections:write`, `connections:delete`, `pages:write`, `pages:delete`, `pages:embed`, `notion_sync:write`, `notion_sync:delete` |
| `admin` | `artifacts:read`, `context:read`, `data:read`, `assets:read`, `observability:read`, `workflows:read`, `workflows:complete`, `prompts:list`, `prompts:use`, `conversations:read`, `config:read`, `knowledge_base:read`, `metrics:read`, `connections:read`, `notifications:read`, `pages:read`, `notion_sync:read`, `artifacts:write`, `artifacts:delete`, `context:write`, `context:delete`, `context:ask`, `context:query`, `data:write`, `assets:write`, `assets:delete`, `workflows:write`, `workflows:delegate`, `conversations:write`, `conversations:delete`, `knowledge_base:write`, `knowledge_base:delete`, `connections:write`, `connections:delete`, `pages:write`, `pages:delete`, `pages:embed`, `notion_sync:write`, `notion_sync:delete`, `team:read`, `team:write`, `team:delete`, `config:write`, `pages:admin`, `webhooks:read`, `webhooks:write`, `webhooks:delete`, `observability:write`, `notifications:write`, `versioning:read`, `versioning:write` |
| `owner` | `artifacts:read`, `context:read`, `data:read`, `assets:read`, `observability:read`, `workflows:read`, `workflows:complete`, `prompts:list`, `prompts:use`, `conversations:read`, `config:read`, `knowledge_base:read`, `metrics:read`, `connections:read`, `notifications:read`, `pages:read`, `notion_sync:read`, `artifacts:write`, `artifacts:delete`, `context:write`, `context:delete`, `context:ask`, `context:query`, `data:write`, `assets:write`, `assets:delete`, `workflows:write`, `workflows:delegate`, `conversations:write`, `conversations:delete`, `knowledge_base:write`, `knowledge_base:delete`, `connections:write`, `connections:delete`, `pages:write`, `pages:delete`, `pages:embed`, `notion_sync:write`, `notion_sync:delete`, `team:read`, `team:write`, `team:delete`, `config:write`, `pages:admin`, `webhooks:read`, `webhooks:write`, `webhooks:delete`, `observability:write`, `notifications:write`, `versioning:read`, `versioning:write`, `billing:read`, `billing:write`, `platform:read`, `platform:write`, `platform:admin` |

## Tool matrix

Cells list tool IDs that require the given scope.

| Resource \ Action | read | write | delete | admin | ask | query | delegate | complete | list | use | execute | embed |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| `artifacts` | `agent_blueprint.get`<br>`agent_blueprint.list`<br>`operation.get`<br>`operation.list` (+9) | `knowledge_base.star`<br>`knowledge_base.unstar`<br>`prompts.artifact.compose_campaign`<br>`prompts.artifact.draft_weekly_report` (+2) | - | - | - | - | - | - | - | - | - | - |
| `context` | `author_profile.get`<br>`author_profile.list`<br>`context.audience_filters`<br>`context.channels` (+12) | `context.remember`<br>`prompts.context.remember_this` | - | - | `context.ask` | `context.query_substrate`<br>`prompts.context.state_of_business` | - | - | - | - | - | - |
| `context_entries` | `context.review_kit`<br>`context_entry.get`<br>`context_entry.list`<br>`prompts.context.review_context` | `context_entries.write`<br>`prompts.context.capture_competitive_intel`<br>`prompts.context.save_insight`<br>`prompts.context.update_entry` | - | - | - | - | - | - | - | - | - | - |
| `content` | - | - | - | - | - | - | - | - | - | - | - | - |
| `data` | `company.get`<br>`company.list`<br>`company.search`<br>`console.issues_inbox.list` (+33) | `social.connect_account`<br>`social.create_subject`<br>`social.delete_subject`<br>`social.disconnect_account` (+5) | - | - | - | - | - | - | - | - | - | - |
| `assets` | - | - | - | - | - | - | - | - | - | - | - | - |
| `team` | `team.get_settings`<br>`team.list_domains`<br>`team.list_invitations`<br>`team.list_members` | `team.add_domain`<br>`team.invite`<br>`team.resend_invitation`<br>`team.update_member_role` (+1) | `team.remove_domain`<br>`team.remove_member`<br>`team.revoke_invitation` | - | - | - | - | - | - | - | - | - |
| `webhooks` | `prompts.webhook.debug_delivery`<br>`prompts.webhook.webhook_health_check`<br>`webhook.get`<br>`webhook.list` (+1) | `webhooks.test_fire`<br>`webhooks.write` | - | - | - | - | - | - | - | - | - | - |
| `billing` | - | - | - | - | - | - | - | - | - | - | - | - |
| `config` | `authors.get`<br>`authors.linkedin_status`<br>`authors.list`<br>`authors.voice_status` (+9) | `authors.create`<br>`authors.delete`<br>`authors.refresh_linkedin`<br>`authors.regenerate_voice` (+15) | - | - | - | - | - | - | - | - | - | - |
| `observability` | - | - | - | - | - | - | - | - | - | - | - | - |
| `workflows` | `agent_profile.list`<br>`agent_run.get`<br>`agent_run.list`<br>`blueprint_backtest.get` (+15) | `agents.cancel`<br>`agents.resume`<br>`knowledge_base.make_living` | - | - | - | - | `agents.backtest_blueprint`<br>`agents.fork_blueprint`<br>`agents.preview_backtest`<br>`agents.run_blueprint` (+4) | `finish` | - | - | - | - |
| `conversations` | - | `conversations.create`<br>`conversations.turns.append`<br>`conversations.turns.cancel`<br>`conversations.turns.resume` (+1) | - | - | - | - | - | - | - | - | - | - |
| `platform` | - | - | - | - | - | - | - | - | - | - | - | - |
| `knowledge_base` | `knowledge_base.chat`<br>`knowledge_base.diff`<br>`knowledge_base.get`<br>`knowledge_base.get_access` (+11) | `knowledge_base.make_living`<br>`knowledge_base.update`<br>`knowledge_base.upload` | `knowledge_base.delete` | - | - | - | - | - | - | - | - | - |
| `keys` | - | - | - | - | - | - | - | - | - | - | - | - |
| `oauth_clients` | - | - | - | - | - | - | - | - | - | - | - | - |
| `audit_log` | - | - | - | - | - | - | - | - | - | - | - | - |
| `versioning` | - | `blueprints.create`<br>`blueprints.delete`<br>`blueprints.promote_output`<br>`blueprints.unarchive` (+4) | - | - | - | - | - | - | - | - | - | - |
| `prompts` | - | - | - | - | - | - | - | - | `prompts.system.getting_started`<br>`prompts.system.research_playbook`<br>`system.list_prompts` | `system.use_prompt` | - | - |
| `metrics` | `metrics.evaluate` | - | - | - | - | - | - | - | - | - | - | - |
| `external_search` | - | - | - | - | - | - | - | - | - | - | `external_search.execute`<br>`external_search_jobs.read_stream` | - |
| `workspaces` | `workspaces.get`<br>`workspaces.list`<br>`workspaces.list_joinable_by_domain` | `workspaces.add_member`<br>`workspaces.create`<br>`workspaces.delete`<br>`workspaces.join_by_domain` (+5) | - | - | - | - | - | - | - | - | - | - |
| `connections` | `connections.get`<br>`connections.get_status`<br>`connections.list`<br>`connections.list_catalog` (+1) | `connections.connect`<br>`connections.reconnect`<br>`connections.update` | `connections.disconnect` | - | - | - | - | - | - | - | - | - |
| `pages` | `pages.get`<br>`pages.get_template`<br>`pages.list`<br>`pages.list_templates` (+2) | `pages.archive`<br>`pages.create`<br>`pages.update` | `pages.delete` | - | - | - | - | - | - | - | - | `pages.mint_embed_token` |
| `notifications` | `notifications.list_recipients`<br>`notifications.list_sends` | `notifications.email_member` | - | - | - | - | - | - | - | - | - | - |
| `notion_sync` | `notion_sync.get`<br>`notion_sync.list_pages`<br>`notion_sync.list_sends`<br>`notion_sync.status` | `notion_sync.backfill`<br>`notion_sync.configure` | `notion_sync.unsync` | - | - | - | - | - | - | - | - | - |