security: contracts + tests for all 5 security modules (87→123 checks)
Some checks failed
Deploy (Gitea) / deploy (push) Failing after 2s
Some checks failed
Deploy (Gitea) / deploy (push) Failing after 2s
This commit is contained in:
@@ -9,8 +9,35 @@ Every cognitive tool (file read, file write, shell execute, etc.) has a permissi
|
||||
|
||||
The default for any unregistered tool is ~:ask~ — cautious by default, permissive by configuration. This prevents a hallucinated tool call from executing without at least giving the user a chance to review it.
|
||||
|
||||
* Architectural Intent
|
||||
|
||||
The Authorization Matrix is the lookup table that maps tool names to
|
||||
permission levels. It is intentionally simple: set, get, default.
|
||||
The complexity lives in the Bouncer (security-dispatcher.org), which
|
||||
consults this table as one of its nine scan vectors.
|
||||
|
||||
** Contract
|
||||
|
||||
1. (permission-set tool-name level): stores ~level~ for ~tool-name~
|
||||
in ~*permission-table*~. Tool names are normalized to lowercase.
|
||||
2. (permission-get tool-name): returns the stored level, or ~:ask~ if
|
||||
no entry exists.
|
||||
3. Tool name matching is case-insensitive — ~(permission-set :FOO :allow)~
|
||||
and ~(permission-get :foo)~ return ~:allow~.
|
||||
|
||||
** Boundaries
|
||||
|
||||
- Does NOT enforce permissions — the Bouncer does that.
|
||||
- Does NOT persist permissions to disk — this is runtime-only.
|
||||
- Does NOT validate that ~level~ is one of ~(:allow :ask :deny)~.
|
||||
|
||||
* Implementation
|
||||
|
||||
** Package Context
|
||||
#+begin_src lisp
|
||||
(in-package :passepartout)
|
||||
#+end_src
|
||||
|
||||
** Permission store (tool level)
|
||||
Hash table mapping tool names to their permission level.
|
||||
;; REPL-VERIFIED: 2026-05-03T13:00:00
|
||||
@@ -42,3 +69,36 @@ Retrieves the current permission level for a tool. Defaults to ~:ask~ if unset.
|
||||
:priority 600
|
||||
:trigger (lambda (ctx) (declare (ignore ctx)) nil))
|
||||
#+end_src
|
||||
|
||||
* Test Suite
|
||||
|
||||
#+begin_src lisp
|
||||
(eval-when (:compile-toplevel :load-toplevel :execute)
|
||||
(ql:quickload :fiveam :silent t))
|
||||
|
||||
(defpackage :passepartout-security-permissions-tests
|
||||
(:use :cl :fiveam :passepartout)
|
||||
(:export #:permissions-suite))
|
||||
|
||||
(in-package :passepartout-security-permissions-tests)
|
||||
|
||||
(def-suite permissions-suite :description "Verification of Tool Permissions")
|
||||
(in-suite permissions-suite)
|
||||
|
||||
(test test-permission-round-trip
|
||||
"Contract 1: permission-set stores a level; permission-get retrieves it."
|
||||
(permission-set "test-tool" :allow)
|
||||
(is (eq :allow (permission-get "test-tool")))
|
||||
;; Clean up
|
||||
(permission-set "test-tool" nil))
|
||||
|
||||
(test test-permission-default
|
||||
"Contract 2: unregistered tools default to :ask."
|
||||
(is (eq :ask (permission-get "never-registered-tool-xyz"))))
|
||||
|
||||
(test test-permission-case-insensitive
|
||||
"Contract 3: tool names are normalized to lowercase."
|
||||
(permission-set :CapitalTool :deny)
|
||||
(is (eq :deny (permission-get :capitaltool)))
|
||||
(permission-set "CapitalTool" nil))
|
||||
#+end_src
|
||||
|
||||
Reference in New Issue
Block a user