Skip to content

feat: implement granular tool access sub-constraints #220

Closed
#1101
Closed
feat: implement granular tool access sub-constraints#220
#1101
Labels
prio:mediumShould do, but not blockingscope:medium1-3 days of workspec:securityDESIGN_SPEC Section 12 - Security & Approval Systemspec:toolsDESIGN_SPEC Section 11 - Tool & Capability Systemtype:featureNew feature implementationv0.7Minor version v0.7v0.7.2Patch release v0.7.2
@Aureliolo

Description

@Aureliolo
Aureliolo
opened on Mar 10, 2026

Summary

ToolPermissionChecker currently implements category-level gating only. The spec defines granular sub-constraints per access level (workspace scope, network mode, containerization level, git access mode).

Design Spec Reference

  • §11.2 Tool Access Levels — full YAML with per-level sub-constraints
  • §11.1.1 note on M3 category-level gating only

Scope

  • Per-level sub-constraints: file_system scope, network mode, git access, code_execution isolation level
  • Integration with sandbox backends
  • custom access level support with per-agent configuration

Metadata

Metadata

Assignees

No one assigned

    Labels

    prio:mediumShould do, but not blockingscope:medium1-3 days of workspec:securityDESIGN_SPEC Section 12 - Security & Approval Systemspec:toolsDESIGN_SPEC Section 11 - Tool & Capability Systemtype:featureNew feature implementationv0.7Minor version v0.7v0.7.2Patch release v0.7.2

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions