ToShop DocsReview & Permissions
How ToShop gates every system-touching action behind your approval — and how to manage the rules.
ToShop's permission model is the line between "agent that suggests" and "agent that does." Every action that touches your files, your network, or another app passes through an approval check.
Two layers of permissions
Session grants approve a single action for the current session. They disappear when you quit ToShop.
Best for: one-off "just this once" approvals where you don't want the action to auto-run forever.
Persistent rules approve a pattern of actions — for example, "any read under ~/Documents/" or "any call to the GitHub extension". They're stored on your computer, and you can see and revoke them in Settings → Permissions.
Best for: actions you trust your agent to take repeatedly without re-prompting.
When you approve an action you'll be asked which level you want: Allow Once, Allow This Session, or Always Allow.
What gets gated
Every privileged action passes through approval
Read-only operations within explicitly-opened scopes don't ask. Everything else does.
Audit log
Every local tool execution is logged with timestamp, tool name, parameters (redacted where sensitive), status, and duration. View it in Settings → Local Tools and export when needed.
Revoking a rule
Settings → Permissions lists every persistent grant. You can:
Revoke a single rule
Remove just one entry. The next matching action will re-prompt.
Revoke all rules for one skill
Useful when retiring a skill or auditing its history.
Wipe everything
Reset all approvals to default. Every privileged action will re-prompt.