Tools & Permissions

Gestura is an agentic system, which means it can use tools to affect the real world. This page explains how to reason about those capabilities safely before you start enabling more power.

Permission levels

Gestura operates under one of three global permission levels, configured in config.yaml.

• Sandbox: safest mode for reading and analysis without side effects.
• Restricted: balanced mode where side-effect actions require explicit confirmation.
• Full: autonomous mode for trusted environments where you want minimal pausing.

Built-in capability areas

• Files: reading, writing, searching, listing, and targeted edits.
• Shell: running commands with visibility into what will execute.
• Git: inspecting repository state and helping with version-control tasks.
• Web: fetching pages and searching for information when internet access is allowed.
• Screen: optional context from screenshots or screen capture when enabled.

How to decide what to enable

• Start with the least powerful permission level that still lets you work efficiently.
• Enable high-impact tools only for sessions or projects that actually need them.
• Keep sensitive capabilities such as screen access and permission editing off until you need them.
• Use approvals as a collaboration feature, not as a nuisance to bypass.

Extending with MCP

Beyond built-in tools, you can add any Model Context Protocol (MCP) server to give Gestura new capabilities such as filesystem access, external APIs, databases, or project-specific automations.

Use CLI MCP & Tools if you want the practical setup and validation commands.

Good operating habits

• Review tool scope before connecting a new server.
• Keep project-only tools project-scoped.
• Audit your config when a tool behaves unexpectedly.
• Use diagnostics before raising the permission level out of frustration.