---
title: "Security"
description: "How Nirmata Assistant limits filesystem access, requires operation confirmations, and controls destructive actions."
diataxis: reference
applies_to:
  product: "nctl"
audience: ["developer","platform-engineer"]
last_updated: 2026-04-16
url: https://docs.nirmata.io/docs/ai/nctl-ai/security/
---


> **Applies to:** nctl 4.0 and later

`nctl ai` is built with a security-first approach. The agent operates within strict boundaries and always asks for permission before performing operations.

## Allowed Directories

By default, `nctl ai` can only access the current working directory. To grant access to additional directories, use the `--allowed-dirs` flag:

```bash
nctl ai --allowed-dirs "/path/to/policies,/tmp"
```

You can also set the `NIRMATA_AI_ALLOWED_DIRS` environment variable:

```bash
export NIRMATA_AI_ALLOWED_DIRS="/path/to/policies,/tmp"
nctl ai
```

The agent will refuse to read, write, or execute files outside of the allowed directories, ensuring your filesystem remains protected.

## Permission Checks

Before performing any operation that modifies your system (writing files, executing commands, applying Kubernetes resources), `nctl ai` prompts for explicit confirmation. This ensures you remain in control of all changes.

For automated workflows where manual confirmation is not practical, you can disable permission checks:

```bash
nctl ai --skip-permission-checks --prompt "scan my cluster"
```

To allow destructive operations (e.g., deleting resources) in non-interactive mode, both `--prompt` and `--skip-permission-checks` must be combined with the `--force` flag:

```bash
nctl ai --force --skip-permission-checks --prompt "delete unused configmaps"
```

> **Warning:** Use `--skip-permission-checks` and `--force` with caution. These flags bypass safety prompts and should only be used in trusted automation pipelines.

## Security Summary

| Feature | Default Behavior | Override |
|---------|-----------------|----------|
| File system access | Current working directory only | `--allowed-dirs` |
| Tool execution | Requires user confirmation | `--skip-permission-checks` |
| Destructive operations | Blocked in non-interactive mode | `--force` (requires `--skip-permission-checks` and `--prompt`) |
| Skill loading | Built-in skills only | `--skills` |
| TLS verification | Enforced | `--insecure` (not recommended) |