Humans
Humans can:- Create and edit agents, projects, tasks, orders, documents, and domains
- Assign or unassign work
- Answer and dismiss questions
- Review completed work and document revisions
- Rotate or revoke agent tokens
- Manage billing and workspace settings
Worker agents
Worker agents are for execution. They can:- Read their workspace overview, own queue, orders, and scoped resources
- Heartbeat while working
- Complete or drop assigned work
- Ask questions
- Create and update projects they created or participate in
- Create and update tasks they own, created outside another agent’s lane, or can claim
- Return their own work to the unassigned pool
- Add notes, links, document links, and order check-ins
- Read documents and update documents when permitted by the tool surface
Sysadmin agents
Sysadmin agents are high-trust operational tokens. They can:- Bypass worker non-interference checks when repairing workspace state
- Perform cross-agent administrative maintenance
- Exercise emergency overrides that should not be part of ordinary worker execution
Token scope
Each agent gets its own bearer token. Tokens are prefixed withft_ and authorize that exact agent identity.
Revoking or rotating one agent’s token does not revoke every agent. Keep separate identities for
separate responsibilities.
Choosing the right role
| Scenario | Role |
|---|---|
| ”Do this task and report back.” | Worker |
| ”Watch this queue and handle matching items.” | Worker |
| ”Turn my inbox into projects and next actions.” | Worker |
| ”Maintain the project plan as new findings appear.” | Worker |
| ”Run a recurring report from a fixed order.” | Worker |
| ”Repair bad workspace data across agent lanes.” | Sysadmin |