Skip to main content

Permissions

The current foundation answers safe Discord liveness messages and has the first privileged admin surface: /permissions. Use Bot Commands for command syntax, examples, responses, and failure cases. This page is the permission model reference. Capability foundation is now present:
  • guild owner and Discord ADMINISTRATOR can receive admin override
  • role grants use Discord role IDs, not role names
  • direct user grants are allowed for explicit exceptions
  • missing identity, ambiguous identity, and missing capability fail closed
  • audit events are validated so secret-looking metadata is rejected
  • /permissions lets authorized admins grant or revoke capabilities for a Discord role or user
/permissions is role-first:
  • role create: create a Discord role and grant a Gigi capability preset
  • role assign: assign a Discord role to a user
  • role unassign: remove a Discord role from a user
  • role grant: grant one capability to a role
  • role revoke: revoke one capability from a role
  • role grant-preset: grant multiple preset capabilities to a role
  • role revoke-preset: revoke multiple preset capabilities from a role
  • user grant: grant a direct user exception
  • user revoke: revoke a direct user exception
The command is protected by capability.manage. A Discord server administrator can bootstrap grants through admin override, then use Discord roles for normal access control. Direct user grants remain available for rare audited exceptions. Role create, assign, and unassign require Discord server-level bot permissions. Being the only user in a channel, or being the person who runs the command, does not grant Gigi authority to edit roles. If Gigi replies Could not update Discord role. Check Gigi has Manage Roles and role hierarchy is high enough.:
  • open Discord server settings
  • open Roles
  • find Gigi’s bot role
  • enable Manage Roles
  • drag Gigi’s bot role above any role it must assign, remove, or manage
role create mainly needs Manage Roles. role assign and role unassign also depend on hierarchy: Gigi cannot assign or remove a role equal to or higher than its own highest role. Future Discord slices should keep the earlier authority rule: surface is presentation, not authority. DM, slash commands, message commands, buttons, and external app triggers must resolve the same guild identity and capability model before doing work.

Planned Capability Shape

CapabilityWhat it allows
plugin.installInstall or configure guild external app integrations
plugin.run.<id>Use an approved external app command or trigger
capability.manageGrant or revoke role/user capabilities
job.adminInspect, retry, or cancel durable jobs
job.readList durable jobs through approved agent tooling
job.scheduleSchedule allowed durable jobs through confirmation-gated agent tooling
job.writeCancel queued or failed durable jobs through confirmation-gated agent tooling
web.searchRun capped public web searches through approved agent tooling
web.fetchFetch capped public text or HTML content through SSRF-filtered agent tooling
agent.analyticsView aggregate guild agent-runtime stats
agent.reply_latency.manageEnable or disable the guild reply latency footer
memory.read.guildRead permitted guild memory scope
memory.manage.guildEnable guild memory channels, configure retention, queue sync, and purge memory
relay.dispatchAsk Gigi to send a mediated message
relay.receiveReceive mediated messages from Gigi
llm.provider.writeSet, rotate, or delete guild-scoped provider credentials
llm.provider.testTest a guild-scoped provider credential without viewing it
llm.provider.selectChoose active guild provider/model
The LLM provider store should be multi-owner internally, with guild, user, and tenant credential owners. V0 exposes only guild-scoped provider credentials through the capabilities above. V1 can add personal BYOK, but a personal key pays for reasoning only; it does not grant plugin, memory, relay, job, or capability-management authority.

Presets

PresetCapabilities
gigi-admincapability.manage, plugin.install, job.admin, job.read, job.schedule, job.write, web.search, web.fetch, agent.analytics, agent.reply_latency.manage, llm.provider.write, llm.provider.test, llm.provider.select, memory.read.guild, memory.manage.guild
plugin-managerplugin.install
job-operatorjob.read, job.schedule, job.write
web-readerweb.search, web.fetch
llm-managerllm.provider.write, llm.provider.test, llm.provider.select
memory-readermemory.read.guild
memory-managermemory.read.guild, memory.manage.guild
relay-userrelay.dispatch, relay.receive

Rules To Preserve

  • Do not grant extra authority because the request came from DM.
  • Do not grant extra authority because an external app created the command.
  • Resolve guild, member, channel, role, and target user conservatively.
  • Map capabilities by Discord role ID or user ID, never mutable role names.
  • Prefer Discord role grants; use direct user grants only for rare exceptions.
  • Keep external app permissions auditable by guild and manifest version.
  • Keep sensitive actions private or confirmation-gated.
  • Fail closed when identity or target resolution is ambiguous.
  • Never expose raw provider credentials; provider keys are write-only.
  • Do not silently fall back between guild, user, and tenant provider credentials.
  • Do not let personal BYOK process guild context unless guild policy and the user explicitly allow it.
  • Keep guild memory off by default and enabled per channel.
  • Do not ingest DMs, private threads, group DMs, or deleted content into guild memory.
  • Enforce channel visibility as well as memory.read.guild before returning memory results.