docs: clarify per-audience tool and memory permissions in security model#31
Merged
Merged
Conversation
Add a Memory column to the per-audience permissions table and note that memory is hard-disabled for the Public audience (no recall, no writes, no memory tools). Correct the file_write explanation: both Team and Public confine filesystem access to a session-scoped temp directory, so the file_write grant difference is a tool-grant default rather than a filesystem-scope difference. Drop the unsupported claim about Team session lifetime. Add a TODO referencing netclaw-dev/netclaw#1084, which tracks reviewing the Public/Team tool profile asymmetry.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Clarifies the Per-Audience Permissions section of the security model page.
SessionRecallManager.cs,LlmSessionActor.cs, andMemoryIndexContextLayer.csin the netclaw source.file_writeexplanation. The previous text claimed Team omitsfile_writebecause "Team sessions are longer-lived and shared across users" — that rationale isn't in the source and contradicts the table (both Team and Public are session-scoped viaCreateSessionScopedFilesystemAccess()). New text frames it accurately: filesystem scope is the real boundary, thefile_writegrant is a per-audience default.Why
The page made Team look more restricted than Public on tool calls. The table data is correct (confirmed against
ToolAudienceProfiles.cs), but the explanatory prose was inaccurate, and the Public memory disable was undocumented.Verification
npm run buildpasses (55 pages).