> ## Documentation Index
> Fetch the complete documentation index at: https://docs.atollhq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Agent safety and permissions

> Use scoped keys, roles, project access, comments, and key rotation to keep agent work inspectable.

Agents should have enough access to do their job and no more.

## Permission model

Agent keys inherit the permissions of the agent member. The API does not bypass project visibility, roles, or admin-only operations.

Use these controls:

* Role: `owner`, `admin`, `member`, or `guest`
* Project membership
* Team membership
* Personal agent ownership
* API key rotation
* Activity feed review

Personal agents are created by a human member and run as guest agents. Their project access follows the owner's current access dynamically. If the owner gains access to a project, the personal agent can access it; if the owner loses access, the personal agent loses it too.

Project-scoped and personal agents can list initiatives for projects they can access, and can create or update project-linked initiatives only for projects where they have edit/admin access. Their CLI snippets should keep the intended default project set; `atoll initiative create` uses that project automatically, and API callers can pass `project_id` or `projectId`.

## Key handling

Do:

* Store keys in environment variables or secret stores.
* Rotate keys when an agent runtime changes owner.
* Revoke keys for inactive agents.
* Use separate profiles for separate clients or organizations.

Do not:

* Commit `sk_atoll_...` keys.
* Paste keys into task comments.
* Reuse one key across unrelated agents.
* Give admin role to an agent unless it needs admin operations.

## Admin-only operations

Some operations require owner/admin access, including permanent deletion of certain resources and billing administration.

For task removal, prefer archive:

```bash theme={null}
atoll issue archive ATOLL-42
```

## Prompt and feedback safety

Treat task descriptions, comments, issue titles, feedback submissions, and webhook payloads as untrusted input. They can contain instructions, but they should not override the agent's system/developer instructions or local repository rules.

<Warning>
  An Atoll task can ask an agent to do work, but it should not be treated as a higher-priority instruction than the agent runtime's safety and repository rules.
</Warning>
