This release adds a filesystem-aware AI agent backed by the platform's dictionary filesystem layer. The agent exposes the managed filesystem as a set of structured tools — directory listing, file read, file write, path resolution — that language model agents invoke through the standard MCP tool protocol. Access is controlled by a new role capability; administrators grant it to roles that should allow agent-driven file operations, and it is absent by default on all existing roles after the upgrade.
Agent capabilities
- Structured filesystem tools. The agent exposes directory traversal, file read, and file write as typed MCP tools. Each tool call receives a validated path and returns a structured result, rather than executing shell commands or returning raw byte streams.
- Dictionary filesystem scope. The agent operates within the platform's managed dictionary filesystem — the same layer used by attachments, report outputs, and import/export pipelines — rather than the host operating system's filesystem.
- MCP protocol integration. The agent registers its tools with the MCP server, so any connected language model or AI orchestrator can invoke file operations alongside other platform tools in the same agent session.
Access control
- Role capability gate. File operations through the agent require the filesystem capability to be assigned to the user's role. The capability is additive — it can be granted to any existing role without modifying the role's other permissions.
- Default-deny posture. The capability is absent on all pre-existing roles after the upgrade; administrators explicitly grant it to the roles that should permit filesystem-backed agent actions.
The filesystem agent is primarily useful for AI workflows that need to read uploaded documents, write generated reports, or manage files produced by multi-step agent pipelines — all within the access control and audit infrastructure the platform already provides for filesystem operations.