Denkeeper
Sessions & Permissions
Permission tiers
Every agent session operates in one of three tiers:
| Tier | Capabilities |
|---|---|
| Autonomous | All capabilities — intended for sandboxed environments |
| Supervised | Chat, memory, tools. Self-modification actions (create skills, modify schedules, update USER.md) require human approval |
| Restricted | Chat and read-only tools only. No memory writes beyond MEMORY.md |
Set the default tier globally:
[session]
tier = "supervised"
Or per-agent:
[[agents]]
name = "home-automation"
session_tier = "restricted"
Approval workflows
In supervised mode, actions like skill creation or schedule modification produce an approval request. The user is notified via Telegram (inline keyboard with Approve/Deny buttons) or the REST API.
Approval requests have a 24-hour TTL. Unapproved requests expire automatically.
Approval via Telegram
When the agent wants to create a skill, the user sees a message with inline buttons:
Approval required: Create skill “weather-check”
[Approve] [Deny]
Approval via API
# List pending approvals
curl -H "Authorization: Bearer dk_..." https://localhost:8080/api/v1/approvals
# Approve
curl -X POST -H "Authorization: Bearer dk_..." \
https://localhost:8080/api/v1/approvals/{id}/approve
Cost tracking
Denkeeper tracks LLM costs per session and globally:
[llm]
max_cost_per_session = 1.0 # USD
When the budget is exhausted, the agent refuses further LLM calls for that session. Fallback strategies can automatically switch to cheaper models before the limit is reached.
Prev
Writing SkillsNext
Security