A context is the slice of your world an agent is allowed to see — and, separately, allowed to act on. Those are two different grants, and keeping them separate is the core of the mynd permission model.
Read vs. act
- read — the agent can load this data into a run. Nothing leaves the runtime.
- act — the agent can do things: send, create, modify. Every act permission is per-tool and per-verb.
- Nothing is both by default. A calendar context with read does not get calendar.create until you say so.
Granting
Grants happen at connect time and can be narrowed any time after. The connect screen shows exactly what each scope unlocks in plain language — if a sentence there is unclear, that is a bug, report it.
y0 context show priya/morning
# docs read
# calendar read, events.create
# tasks read, tasks.update
# mail read (drafts only — no send)How enforcement works
Permissions are enforced in the runtime, not in the prompt. An agent that decides to send an email without mail.send does not get a refusal from a model — the call never executes, and the attempt is written to the run log. You can audit every denied call in the trace.
Rule of thumb: grant read generously, grant act reluctantly, and review grants quarterly under Settings → Contexts.