Security
Applies to: nctl 4.0 and later
nctl ai is built with a security-first approach. The agent operates within strict boundaries and always asks for permission before performing operations.
Allowed Directories
By default, nctl ai can only access the current working directory. To grant access to additional directories, use the --allowed-dirs flag:
nctl ai --allowed-dirs "/path/to/policies,/tmp"
You can also set the NIRMATA_AI_ALLOWED_DIRS environment variable:
export NIRMATA_AI_ALLOWED_DIRS="/path/to/policies,/tmp"
nctl ai
The agent will refuse to read, write, or execute files outside of the allowed directories, ensuring your filesystem remains protected.
Permission Checks
Before performing any operation that modifies your system (writing files, executing commands, applying Kubernetes resources), nctl ai prompts for explicit confirmation. This ensures you remain in control of all changes.
For automated workflows where manual confirmation is not practical, you can disable permission checks:
nctl ai --skip-permission-checks --prompt "scan my cluster"
To allow destructive operations (e.g., deleting resources) in non-interactive mode, both --prompt and --skip-permission-checks must be combined with the --force flag:
nctl ai --force --skip-permission-checks --prompt "delete unused configmaps"
Warning: Use
--skip-permission-checksand--forcewith caution. These flags bypass safety prompts and should only be used in trusted automation pipelines.
Security Summary
| Feature | Default Behavior | Override |
|---|---|---|
| File system access | Current working directory only | --allowed-dirs |
| Tool execution | Requires user confirmation | --skip-permission-checks |
| Destructive operations | Blocked in non-interactive mode | --force (requires --skip-permission-checks and --prompt) |
| Skill loading | Built-in skills only | --skills |
| TLS verification | Enforced | --insecure (not recommended) |