Permission and Scope Limiting

Permission and Scope Limiting

Tools and agents should operate under principle of least privilege (PoLP). Each execution unit must declare its scope, and the server must validate it before execution.

Examples of Scoped Permissions:

  • read:filesystem:/tmp/logs
  • write:network:443
  • exec:tools:[dns_lookup, ipscan]

Mitigation Benefits:

  • Prevents agent overreach (e.g., a summarizer calling port scanner)
  • Enables fine-grained audit trails

Implementation Tips:

  • Use YAML or JSON policy files alongside tool manifests
  • Bind policies to agent IDs or tokens
  • Fail closed by default for any undeclared actions
ON THIS PAGE