Each agent has allowed_spokes in its agent.json. The list is a hard gate — if a spoke is not on it, the agent cannot call any tool in that spoke, even if the LLM tries to.
Default
The exec heads come with curated lists (see exec team). Your custom agents start empty — explicitly toggle on what you need.
Per-tool permissions inside a spoke
Allowed_spokes is the spoke-level gate. Inside a spoke, you can further restrict which actions are allowed in Tools → per-agent permissions. See Permissions.
How to think about scope
- Give an agent only what it needs. A RenewalsBot does not need lead-hunter or demo-forge.
- Spokes that touch external systems (ghl, channel-bridge) deserve extra thought — that is where outbound writes happen.
- The vault spokes (agent-vault, client-vault) are safe posture — always fine.