Follow-up from @M3gA-Mind's review on PR tinyhumansai#2631 (agentic-runtime permission gate).
Gap: AutonomyConfig has auto_approve (default ["file_read","memory_search","memory_list","get_time","list_dir"]) and always_ask, but SecurityPolicy::from_config does not consume them — the ApprovalGate has no always-allow / always-ask allowlist wired to these fields. A user who sets e.g. auto_approve = ["shell"] in TOML gets no error and no effect.
Files: src/openhuman/config/schema/autonomy.rs:28-31 · src/openhuman/security/policy.rs::from_config
Options:
- Wire
auto_approve → an always-allow set the gate skips, and always_ask → an always-prompt set; or
- Remove the fields + their defaults if the tier +
CommandClass model is the intended sole control.
These fields pre-date tinyhumansai#2631; tinyhumansai#2631 documents the gap (NOTE in from_config) and defers the wiring here.
Follow-up from @M3gA-Mind's review on PR tinyhumansai#2631 (agentic-runtime permission gate).
Gap:
AutonomyConfighasauto_approve(default["file_read","memory_search","memory_list","get_time","list_dir"]) andalways_ask, butSecurityPolicy::from_configdoes not consume them — theApprovalGatehas no always-allow / always-ask allowlist wired to these fields. A user who sets e.g.auto_approve = ["shell"]in TOML gets no error and no effect.Files:
src/openhuman/config/schema/autonomy.rs:28-31·src/openhuman/security/policy.rs::from_configOptions:
auto_approve→ an always-allow set the gate skips, andalways_ask→ an always-prompt set; orCommandClassmodel is the intended sole control.These fields pre-date tinyhumansai#2631; tinyhumansai#2631 documents the gap (NOTE in
from_config) and defers the wiring here.