Skip to content
LVIS AI
EN|KO

Architecture

Permission model — 3 risk levels × 4 review modes

LVIS's permission decisions run along two axes: a tool's risk level (low/medium/high) and the automatic review mode (disabled / rule / LLM-assisted / strict). Users can directly control how much automation they want.

3 risk levels
4 review modes
5 tool categories

Risk level — low, medium, high

Every tool has a predetermined "how risky is this tool" rating. This risk level cannot be changed arbitrarily by the tool's author — only a value that has passed the host's review is valid.

Review modes — controlling automation intensity

Disabled

Automatic review is not used. Every tool branches purely by category.

Rule

Judged quickly using only static rules. No LLM call.

LLM-assisted

For medium/high-risk calls, an LLM also reviews the arguments and context to add a recommendation.

Strict

Shows a dialog for both medium and high risk. Minimizes automation.

Tool categories

  • Read — only fetches information. The safest category.
  • Write — makes changes to an external system or file.
  • Execute — runs external commands or external code. The most conservatively handled category.
  • Network — communicates externally.
  • Internal — LVIS's own meta operations (e.g. changing settings).

No bypass

Revoking a permission stops it immediately
Once a granted permission is revoked, the tool that needed it stops immediately on its next call, with no fallback. No bypass path is left open that could let an action the user thought they'd already approved happen again quietly.