passepartout/org/security-permissions.org

#+TITLE: SKILL: Tool Permissions (org-skill-tool-permissions.org)
#+AUTHOR: Agent
#+FILETAGS: :skill:security:permissions:
#+PROPERTY: header-args:lisp :tangle ../lisp/security-permissions.lisp

* Overview: The Authorization Matrix

Every cognitive tool (file read, file write, shell execute, etc.) has a permission level: ~:allow~ (executed without asking), ~:ask~ (user is prompted before execution), or ~:deny~ (blocked entirely). Tool Permissions maintains the registry of these levels and provides the ~permission-gate-check~ that the Bouncer calls before dispatching a tool action.

The default for any unregistered tool is ~:ask~ — cautious by default, permissive by configuration. This prevents a hallucinated tool call from executing without at least giving the user a chance to review it.

* Implementation

** Permission store (tool level)
Hash table mapping tool names to their permission level.
;; REPL-VERIFIED: 2026-05-03T13:00:00
#+begin_src lisp
(defvar *permission-table* (make-hash-table :test 'equal))
#+end_src

** Set permission
Sets the permission level for a specific cognitive tool.
;; REPL-VERIFIED: 2026-05-03T13:00:00
#+begin_src lisp
(defun permission-set (tool-name level)
  "Sets the permission level for a tool."
  (setf (gethash (string-downcase (string tool-name)) *permission-table*) level))
#+end_src

** Get permission
Retrieves the current permission level for a tool. Defaults to ~:ask~ if unset.
;; REPL-VERIFIED: 2026-05-03T13:00:00
#+begin_src lisp
(defun permission-get (tool-name)
  "Retrieves the permission level for a tool. Defaults to :ask."
  (gethash (string-downcase (string tool-name)) *permission-table* :ask))
#+end_src

** Skill Registration
#+begin_src lisp
(defskill :passepartout-security-permissions
  :priority 600
  :trigger (lambda (ctx) (declare (ignore ctx)) nil))
#+end_src