Explore explicit declarative agent capabilities #14
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
User story: So that I can review an agent's authority before a session starts, Allod needs an explicit capability model that can be generated, enforced, and audited across repos, network, and service access.
Part of the "Agent isolation & security boundary" arc.
Context
Allod already has several authority signals, but they are spread across different layers: inventory repo lists, Forgejo user permissions, git policy files, VM closure boundaries, public/private repo splits, and human-only gates for host-side operations. That works, but it still leaves much of an agent's authority implicit in where the session happens to run and which credentials or checkouts happen to be present.
This issue is inspired by two comparison points:
Netclode is useful because it treats session authority as something that can vary by repository, write access, network access, and service integration. Allod is different: it is built around declarative NixOS architecture, public/private repo boundaries, and long-lived VM profiles. The design question is how to make Allod's authority model explicit and enforceable without losing the benefits of declarative system configuration.
Goal
Explore a capability model that describes what an agent may access or modify before the session starts. This could eventually cover repositories, remotes, network ranges, Forgejo operations, credential-mediated services, host commands, VM lifecycle actions, writable paths, or other resources. The point is to replace implicit trust with declared authority boundaries that can be reviewed, generated, enforced, and audited.
Questions to explore
Non-goals for now