Amr Gharbeia
b9a4318ef8
- Changed all 50 org file :tangle targets from ../lisp/ to ~/.local/share/passepartout/lisp/ (XDG data dir) - Removed 49 generated .lisp files from project lisp/ directory - Removed tests/system-integration-tests.lisp (generated) - Removed lisp/*.fasl (compiled, stale) - Updated core-manifest.org to tangle .asd to XDG root - Remapped quicklisp symlink: local-projects/passepartout → XDG TUI fixes in channel-tui-main.org: - Removed with-raw-terminal (stty raw breaks fd 0 reads in this SBCL) - Use cat subprocess + pipe for keyboard input (via :input :interactive) - Blocking read-char on pipe with with-timeout 0.1s for daemon processing - Key events queued via drain-queue alongside daemon messages - Full dialog key routing (Escape, Up/Down, Enter, filters, Backspace) - SIGWINCH resize handling - Post-handshake backend-size re-query - Daemon version in status bar (was v0.5.0 hardcoded) - Handshake version stored in state, no add-msg - :daemon-version and :size-queried in state plist - view-status uses draw-rect for background - Test section gated with #+passepartout-tests
3.4 KiB
3.4 KiB
SKILL: Tool Permissions (org-skill-tool-permissions.org)
Overview: The Authorization Matrix
Every cognitive tool (file read, file write, shell execute, etc.) has a permission level: :allow (executed without asking), :ask (user is prompted before execution), or :deny (blocked entirely). Tool Permissions maintains the registry of these levels and provides the permission-gate-check that the Dispatcher calls before dispatching a tool action.
The complexity lives in the Dispatcher (security-dispatcher.org), which consults this table as one of its ten scan vectors.
Contract
- (permission-set tool-name level): stores
levelfortool-namein*permission-table*. Tool names are normalized to lowercase. - (permission-get tool-name): returns the stored level, or
:askif no entry exists. - Tool name matching is case-insensitive —
(permission-set :FOO :allow)and(permission-get :foo)return:allow.
Boundaries
- Does NOT enforce permissions — the Dispatcher does that.
- Does NOT persist permissions to disk — this is runtime-only.
- Does NOT validate that
levelis one of(:allow :ask :deny).
Implementation
Package Context
(in-package :passepartout)Permission store (tool level)
Hash table mapping tool names to their permission level. ;; REPL-VERIFIED: 2026-05-03T13:00:00
(defvar *permission-table* (make-hash-table :test 'equal))Set permission
Sets the permission level for a specific cognitive tool. ;; REPL-VERIFIED: 2026-05-03T13:00:00
(defun permission-set (tool-name level)
"Sets the permission level for a tool."
(setf (gethash (string-downcase (string tool-name)) *permission-table*) level))Get permission
Retrieves the current permission level for a tool. Defaults to :ask if unset.
;; REPL-VERIFIED: 2026-05-03T13:00:00
(defun permission-get (tool-name)
"Retrieves the permission level for a tool. Defaults to :ask."
(gethash (string-downcase (string tool-name)) *permission-table* :ask))Skill Registration
(defskill :passepartout-security-permissions
:priority 600
:trigger (lambda (ctx) (declare (ignore ctx)) nil))Test Suite
(eval-when (:compile-toplevel :load-toplevel :execute)
(ql:quickload :fiveam :silent t))
(defpackage :passepartout-security-permissions-tests
(:use :cl :fiveam :passepartout)
(:export #:permissions-suite))
(in-package :passepartout-security-permissions-tests)
(def-suite permissions-suite :description "Verification of Tool Permissions")
(in-suite permissions-suite)
(test test-permission-round-trip
"Contract 1: permission-set stores a level; permission-get retrieves it."
(permission-set "test-tool" :allow)
(is (eq :allow (permission-get "test-tool")))
;; Clean up
(permission-set "test-tool" nil))
(test test-permission-default
"Contract 2: unregistered tools default to :ask."
(is (eq :ask (permission-get "never-registered-tool-xyz"))))
(test test-permission-case-insensitive
"Contract 3: tool names are normalized to lowercase."
(permission-set :CapitalTool :deny)
(is (eq :deny (permission-get :capitaltool)))
(permission-set "CapitalTool" nil))