> ## Documentation Index > Fetch the complete documentation index at: https://docs.duckie.ai/llms.txt > Use this file to discover all available pages before exploring further. # Tools, Permissions, and Side Effects > Understand what agents can do, how access is controlled, and how to test actions safely Tools are the actions Duckie agents can perform. Some tools only read information. Others create visible or persistent changes in customer systems, internal systems, or Duckie itself. Treat every tool choice as a permissions decision: what should this agent be able to see, say, update, or trigger? ## Tool Categories | Tool type | What it does | | ---------------- | ------------------------------------------------------------------------------------------------------------------- | | **Duckie Tools** | Built-in actions such as Responder, Ask and Wait, Search Company Docs, Escalator, LLM Call, Save Value, and End Run | | **App Tools** | Actions from connected apps such as Zendesk, Slack, Intercom, HubSpot, Jira, Linear, Gmail, Plain, or Pylon | | **Custom Tools** | Your own HTTP-based tools for internal APIs and systems | | **MCP Servers** | MCP tools discovered from configured servers | Tools can search docs, read records, send messages, create tickets, update fields, call APIs, or return values to later workflow steps. ## Permissions Happen in Layers | Layer | What it controls | | ------------------------ | ------------------------------------------------------------------------------------------------- | | Connections | App tools depend on connected platforms in Settings > Connections | | Tool Access | Agents and assistant agents only use tools enabled for them | | Roles and API scopes | Workspace roles and Settings > API & MCP scopes control who or what can manage Duckie objects | | External app permissions | Zendesk, Slack, Jira, Gmail, and other apps still enforce the connected account's own permissions | | Agent design | Instructions, workflows, runbooks, guardrails, and approvals shape when tools are used | ## Read Tools vs Side Effects A side effect is anything visible or persistent outside the agent's reasoning. Examples of side effects: * Sending a customer response with Responder * Adding an internal note or public reply in a ticketing system * Creating or updating a ticket, issue, task, page, note, or conversation * Sending Slack, Discord, Teams, or Gmail messages * Updating tags, priority, assignment, status, custom fields, labels, or metadata * Calling a Custom Tool that changes your internal system * Using Duckie Assistant MCP tools to create, update, or delete Duckie objects Customer replies and internal notes are side effects. **Write Action** is the product label for tools that modify data. ## Safe Tool Access Patterns * Start with least privilege: enable only the tools an agent needs. * Prefer read and search tools before write tools. * Keep write tools narrow and specific. * For custom tools, mark the tool as **Write Action** when it modifies data. * Use **Requires Approval** for sensitive or high-impact actions. * Use **Slack Approval Notify** when reviewers should approve from Slack. * Use workflows for predictable lookup, verification, approval, and action order. * Add Restrictions and Escalation Rules for requests that need human judgment. * Test tool-heavy designs before allowing real updates. ## Testing Without Unintended Changes Use **Testing** mode before **Live** mode. For early rollout, use **Internal notes only** and **No write actions** when available. In Test > Playground, Test > Replay Chats, and Test > Batch Test, review whether the agent chose the right tool, used the right input, and produced the expected result. Use **Analyze > Runs** to inspect tool calls, inputs, outputs, status, and outcomes. ## Related Docs Explore Duckie Tools, App Tools, Custom Tools, and MCP Servers. Connect Duckie to your internal APIs. Use Testing and Live modes safely. Design safer actions for account-sensitive work.