Cola Docs
Get startedDevelopersConfigurationReferenceResources

Tasks and Permissions

Understand what Cola may access while running tasks, when confirmation is needed, and how to control file and external actions.

Cola is a desktop Agent, not just a chat window. It can read context, call tools, process files, generate results, and split work into multiple steps that continue over time.

The most important habit is: define the task scope clearly and ask for confirmation before risky actions.

What Cola Can Do

Common tasks include:

  • Read, summarize, or rewrite text and files you provide.
  • Organize ideas, plans, meeting notes, or product specs.
  • Analyze error logs, network problems, and model-call failures.
  • Read or write files within allowed task scope.
  • Send confirmed messages or files to contacts through Cola Link.
  • In coding work, create tasks, edit code, run commands, and report results.

Different tasks require different access. A normal Q&A usually needs only the text you entered. File work needs access to relevant files. Coding and automation tasks may need directory access, command execution, or network access.

File Access

Cola's Agent can only access authorized directories. By default, it can access Cola's own data directory and temporary directories. Some work modes may also use the current working directory as an accessible scope.

When the Agent needs an unauthorized directory, Cola shows a File Access Request. You can allow or deny it.

After you allow access, that directory is added to Settings > Privacy > Authorized Directories. The Agent can then read and write files inside that directory. You can remove authorized directories there at any time.

Authorized directories are a good fit for:

  • Project directories you are asking Cola to work on.
  • Material directories you prepared specifically for Cola.
  • Temporary output or work directories.

Do not casually authorize:

  • Your entire user home directory.
  • Cloud-drive sync roots.
  • Directories with large amounts of customer, finance, or private files.
  • Historical archive directories whose contents and boundaries are unclear.

Sensitive Paths

Treat credential locations as sensitive, including SSH, AWS, GPG, Google Cloud, browser data, password-manager exports, and similar configuration directories. Even if a task appears to involve credentials, pause and confirm the real purpose first.

Do not ask Cola to read or copy:

  • Private keys, certificates, recovery codes.
  • API keys, access tokens, OAuth authorization URLs.
  • Password-manager export files.
  • Browser cookies, session files, or verification codes.

If a task is about credentials, the safer pattern is to ask Cola to explain the steps and complete the sensitive operation yourself in the relevant service.

Run Commands and Modify Files

When Cola codes, troubleshoots, or processes files in bulk, it may run commands or write files. You can constrain this in your prompt.

For example:

List the plan first. Do not modify files.
Only read this directory. Do not write to it.
Before editing, tell me which files you will change and wait for confirmation.
Do not delete files. If cleanup is needed, move them to Trash first and tell me the paths.

For deletion, overwrites, bulk renames, commits, external messages, and uploads, explicitly ask Cola to wait for confirmation.

External Sending and Uploads

Some tasks send content outside Cola, for example:

  • Calling a model with your prompt and context.
  • Sending a message to a contact through Cola Link.
  • Uploading a file to create an attachment reference.
  • Opening payment, login, or third-party authorization pages.
  • Accessing an external service you asked Cola to use.

These actions should follow your explicit intent. For file uploads and outbound messages, use precise instructions:

First tell me what you plan to send. Do not send it yet.
Send only this summary. Do not attach the original file.
List the file paths you plan to upload and why, then wait for confirmation.

Narrow the Task Scope

For sensitive data or work projects, avoid giving Cola one broad task. A safer pattern is:

  1. Ask Cola what information it needs.
  2. Provide one file or the smallest relevant directory.
  3. Ask for a plan or draft first.
  4. Confirm before allowing writes, sends, or uploads.

You can say:

Answer only from the pasted text. Do not read local files.
Check only these 3 files. Do not recursively scan the whole project.
Do not use the network for this task.

If a Permission Dialog Appears

When you see a file access request, confirm three things:

  • Whether the path is actually needed for the current task.
  • Whether the path contains content you do not want Cola to read.
  • Whether you are willing to let Cola keep accessing this directory later.

If you are unsure, deny the request. You can use a smaller directory, provide a single file, or ask Cola to explain why it needs access first.

For more on local data, logs, and feedback bundles, see Privacy and Local Data.

Files, Attachments, and Outputs

Learn how to give files to Cola, limit file scope, and find generated results.

On this page

What Cola Can DoFile AccessSensitive PathsRun Commands and Modify FilesExternal Sending and UploadsNarrow the Task ScopeIf a Permission Dialog Appears