Permission and Scope Limiting
Permission and Scope Limiting
Tools and agents should operate under principle of least privilege (PoLP). Each execution unit must declare its scope, and the server must validate it before execution.
Examples of Scoped Permissions:
- read:filesystem:/tmp/logs
- write:network:443
- exec:tools:[dns_lookup, ipscan]
Mitigation Benefits:
- Prevents agent overreach (e.g., a summarizer calling port scanner)
- Enables fine-grained audit trails
Implementation Tips:
- Use YAML or JSON policy files alongside tool manifests
- Bind policies to agent IDs or tokens
- Fail closed by default for any undeclared actions