Riggr

Connections and permissions

How to wire nodes and control exactly what the agent can do.

Connections and permissions

Lines between nodes carry permissions — that's how the Claude agent gets to act inside other nodes. This page is about the permission system via the chip. For the other kind of traffic (data flowing between nodes without involving the agent), see Typed ports.

Creating a connection

  1. Hover near a handle on the edge of a node. The handle lights up.
  2. Click and drag to a handle on the target node.
  3. Release. The line appears and gets saved with the workspace.

No cap. An Agent Terminal can be wired to dozens of nodes, each with its own permission.

The chip

In the middle of every line there's a small button — the chip. It represents the connector for that link. Clicking opens the list of permissions available for that pair of nodes.

The list varies by combination:

  • Agent → Codecode-read, code-write, code-read-write, code-open-file, code-full-access.
  • Agent → Terminalexecute only.
  • Agent → Databasedb-read-query, db-list-tables, db-describe-table, db-explain, db-sample-rows, db-count-rows, db-run-query, db-full-access, among others.
  • Agent → Gitgit-log, git-commit, git-full-access.
  • Agent → Dockerdocker-list, docker-control, docker-create-container, docker-pull-image, docker-logs-exec, docker-compose, docker-full-access.

Rule of thumb: always start with the most restrictive option. Loosen only when you need to.

The complete list, per node pair, is in Connector list.

Why it matters

Riggr assumes you're plugging in real tools. An agent with db-run-query on a production database can wreck things — db-read-query on the same database can't, it only SELECTs. Per-connection lets you decide case by case what the agent touches.

Another example: code-read-write on local code is reasonable; on a prod deploy, code-read is safer. Same connection, different decision.

How the agent "sees" connectors

When you start an Agent Terminal, Riggr:

  1. Collects every connected node and its permissions.
  2. Generates a list of tools with names like riggr_read_code_node_1, riggr_run_db_query_2, riggr_navigate_to_url_3.
  3. Spins up a local MCP server with those tools.
  4. Passes it to Claude Code via the --mcp-config flag.
  5. Injects a system prompt that lists the connected nodes and tells the agent to use those tools instead of trying to reproduce the work by hand.

The agent doesn't even know a canvas exists — to it, it's just a list of tools with descriptive names.

Agent-to-agent connections

You can wire one Agent Terminal to another. That enables a specific set of connectors:

  • agent-delegate — sends prompt, waits for reply. Useful for breaking complex tasks into focused sub-tasks.
  • agent-send — fire-and-forget. Sends and moves on.
  • agent-read-output — reads the other's output without interfering.
  • agent-interrupt — remote Ctrl+C.
  • agent-full-access — all of the above.

Use this when part of the work deserves a dedicated agent — a main agent for code that delegates everything database-related to an agent wired only to Database.

Removing a connection

Click the line and press Delete. The permission is gone immediately — if the Agent Terminal was running, its tools list refreshes and it loses that access. You need to restart the agent for it to "forget" tools it had already loaded.

Full inventory

The full list of every connector, per node pair, lives at Connector list.