Documentation

Tools, files, and the agent

LlamaBoss is more than a chat window. With your permission, the model can work with real files — reading, writing, running scripts, building documents — while every action stays visible and under your control.

• How it works
• Approvals
• The workspace
• What the agent can do
• Built-in guardrails

How it works

Ask for something that needs more than words — "summarize this PDF", "make a spreadsheet of these numbers", "rename these files" — and the model plans the steps and uses tools to carry them out. You watch it happen in the chat: each tool action appears as it runs, with its result underneath.

Approvals

Any action that touches your system asks first. The request appears inline in the chat with three choices:

• Allow once — run this specific action, ask again next time.
• Allow always — trust this kind of action for the rest of the conversation.
• Deny — skip it; the model is told no and moves on.

Routine, harmless steps are streamlined so you aren't clicking constantly, while anything with real consequences — running a script, executing a command — always stays behind a prompt.

The workspace

Every conversation gets its own workspace folder. Files the agent creates land there, neatly separated per conversation, and files it produces for you are presented in the chat where you can open them directly. Drop files into the chat to bring them into the workspace.

What the agent can do

• Files — read, write, edit, search, and organize files and folders in the workspace.
• Python — write and run Python scripts for data work, conversions, and automation.
• Commands — run PowerShell commands, gated by a safety policy and your approval.
• Documents — read and create Word documents, inspect and fill PDF forms, build and analyze Excel spreadsheets, and process CSV data.
• Web pages — fetch a page you point it at and use its content in the conversation.
• Notes — keep a running notes file per conversation, so long tasks don't lose the thread.

Built-in guardrails

The agent's file access is scoped to its workspace — it can't wander your disk. Commands pass through an allowlist policy before they're even offered for approval. And because everything runs locally, nothing the agent reads or writes ever leaves your machine.