diff --git a/scripts/add_llm_api_map_perms.py b/scripts/add_llm_api_map_perms.py
new file mode 100644
index 0000000..579cd9c
--- /dev/null
+++ b/scripts/add_llm_api_map_perms.py
@@ -0,0 +1,53 @@
+#!/usr/bin/env python3
+"""
+Add permission records for new llm_api_map management files.
+Run in Sage virtual environment:
+    cd ~/repos/llmage && python scripts/add_llm_api_map_perms.py
+"""
+import os
+import sys
+import asyncio
+from appPublic.uniqueID import getID
+from sqlor.dbpools import DBPools
+
+# Paths that need permissions
+PERM_PATHS = [
+    '/llm_api_map_manage.ui',
+    '/api/llm_api_map_list.dspy',
+    '/api/llm_api_map_create.dspy',
+    '/api/llm_api_map_delete.dspy',
+    '/api/llm_api_map_options.dspy',
+    '/api/uapi_options.dspy',
+]
+
+async def add_permissions():
+    """Insert permission records for llm_api_map files."""
+    config_path = os.path.expanduser('~/repos/sage')
+    from appPublic.jsonConfig import getConfig
+    config = getConfig(config_path)
+    
+    db = DBPools(config.databases)
+    dbname = list(config.databases.keys())[0]
+    
+    async with db.sqlorContext(dbname) as sor:
+        for path in PERM_PATHS:
+            # Check if permission already exists
+            existing = await sor.sqlExe(
+                "select id from permission where path = ${path}$",
+                {'path': path}
+            )
+            if not existing:
+                perm_id = getID()
+                await sor.C('permission', {
+                    'id': perm_id,
+                    'path': path
+                })
+                print(f"Added permission: {path} (id={perm_id})")
+            else:
+                print(f"Permission already exists: {path}")
+    
+    print("\nDone. Now assign these permissions to roles using:")
+    print("  python ~/repos/sage/script/set_role_perm.py <role_name> /llm_api_map_manage.ui")
+
+if __name__ == '__main__':
+    asyncio.get_event_loop().run_until_complete(add_permissions())
diff --git a/scripts/add_llm_api_map_perms.sql b/scripts/add_llm_api_map_perms.sql
new file mode 100644
index 0000000..5cf027d
--- /dev/null
+++ b/scripts/add_llm_api_map_perms.sql
@@ -0,0 +1,28 @@
+-- Add permissions for llm_api_map management files
+-- Run this SQL in the Sage database to grant access to new llm_api_map endpoints
+-- After inserting, assign these permissions to roles via:
+--   python ~/repos/sage/script/set_role_perm.py <role_name> /llm_api_map_manage.ui
+
+INSERT INTO permission (id, path) 
+SELECT REPLACE(UUID(), '-', ''), '/llm_api_map_manage.ui' 
+WHERE NOT EXISTS (SELECT 1 FROM permission WHERE path = '/llm_api_map_manage.ui');
+
+INSERT INTO permission (id, path) 
+SELECT REPLACE(UUID(), '-', ''), '/api/llm_api_map_list.dspy' 
+WHERE NOT EXISTS (SELECT 1 FROM permission WHERE path = '/api/llm_api_map_list.dspy');
+
+INSERT INTO permission (id, path) 
+SELECT REPLACE(UUID(), '-', ''), '/api/llm_api_map_create.dspy' 
+WHERE NOT EXISTS (SELECT 1 FROM permission WHERE path = '/api/llm_api_map_create.dspy');
+
+INSERT INTO permission (id, path) 
+SELECT REPLACE(UUID(), '-', ''), '/api/llm_api_map_delete.dspy' 
+WHERE NOT EXISTS (SELECT 1 FROM permission WHERE path = '/api/llm_api_map_delete.dspy');
+
+INSERT INTO permission (id, path) 
+SELECT REPLACE(UUID(), '-', ''), '/api/llm_api_map_options.dspy' 
+WHERE NOT EXISTS (SELECT 1 FROM permission WHERE path = '/api/llm_api_map_options.dspy');
+
+INSERT INTO permission (id, path) 
+SELECT REPLACE(UUID(), '-', ''), '/api/uapi_options.dspy' 
+WHERE NOT EXISTS (SELECT 1 FROM permission WHERE path = '/api/uapi_options.dspy');