Capabilities, Permissions, and Approval Gates in AI Developer Teams
Many AI tools offer a shortcut.
You connect a tool or an integration. The interface says the agent can now work with files, tasks, or commands.
For serious teams, this is not enough.
Technical ability is not the same as permission. An action might be possible but still require a human decision.
NexFlow separates these three layers:
• Capability: What can an actor technically do? • Permission: Is a specific subject allowed to use that capability? • Approval Gate: Does the action need a human to say yes first?
Confusing these terms leads to security risks.
A skill describes a role, like documentation writing. A capability describes an action, like create_pull_request. A permission is a policy, like allow or deny. An approval gate is a person or system that must approve a gated action.
An agent may have the skill to review code. An integration may offer the capability to create a pull request. But a permission must still decide if that specific agent can use that tool. An approval gate then decides if a human must review it.
This distinction protects your project. It stops the "connected tool" problem where an agent gets more authority than you intended.
NexFlow uses a conservative security model:
- Check if the actor has the declared capability.
- Find the permission rules.
- An explicit deny is the strongest rule.
- An approval_required status blocks the action until a human approves.
- An allow only works within the defined scope.
- If no permission exists, reject the action.
This is not bureaucracy. It makes risk visible. You can review your policies before you ever run a single agent.
You can see:
- Which risky capabilities exist.
- Who can read your repository.
- Who can write files.
- Where a human must stop an action.
What an agent can do is not enough. What matters is what your project allows them to do.
Optional learning community: https://t.me/GyaanSetuAi
