amr/passepartout
1
0
Fork 0
Code Issues 15 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

rename: remaining Bouncer mentions → Dispatcher
Some checks failed
Deploy (Gitea) / deploy (push) Failing after 2s
Details

Browse Source 
- BOUNCER-PRIVACY-TAGS → *DISPATCHER-PRIVACY-TAGS*
- BOUNCER-SHELL-TIMEOUT → *DISPATCHER-SHELL-TIMEOUT*
- BOUNCER-SHELL-MAX-OUTPUT → *DISPATCHER-SHELL-MAX-OUTPUT*
- bouncer-privacy-tags docstrings → Dispatcher privacy tags
- 'Bouncer' in log messages, docstrings, test descriptions
- 'Bouncer Security Dispatcher' → 'Security Dispatcher'
This commit is contained in:
Amr Gharbeia
2026-05-06 18:43:25 -04:00
parent ae994fa452
commit 33993d2d73
15 changed files with 52 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
org/security-permissions.org
View File

@@ -5,15 +5,9 @@
* Overview: The Authorization Matrix
Every cognitive tool (file read, file write, shell execute, etc.) has a permission level: ~:allow~ (executed without asking), ~:ask~ (user is prompted before execution), or ~:deny~ (blocked entirely). Tool Permissions maintains the registry of these levels and provides the ~permission-gate-check~ that the Bouncer calls before dispatching a tool action.
Every cognitive tool (file read, file write, shell execute, etc.) has a permission level: ~:allow~ (executed without asking), ~:ask~ (user is prompted before execution), or ~:deny~ (blocked entirely). Tool Permissions maintains the registry of these levels and provides the ~permission-gate-check~ that the Dispatcher calls before dispatching a tool action.
The default for any unregistered tool is ~:ask~ — cautious by default, permissive by configuration. This prevents a hallucinated tool call from executing without at least giving the user a chance to review it.
* Architectural Intent
The Authorization Matrix is the lookup table that maps tool names to
permission levels. It is intentionally simple: set, get, default.
The complexity lives in the Bouncer (security-dispatcher.org), which
The complexity lives in the Dispatcher (security-dispatcher.org), which
consults this table as one of its nine scan vectors.
** Contract
@@ -27,7 +21,7 @@ consults this table as one of its nine scan vectors.
** Boundaries
- Does NOT enforce permissions — the Bouncer does that.
- Does NOT enforce permissions — the Dispatcher does that.
- Does NOT persist permissions to disk — this is runtime-only.
- Does NOT validate that ~level~ is one of ~(:allow :ask :deny)~.