Skip to content

@claude Define per-resource scopes + sensitivity tiers + time-boxed approval-grant roles in the shared Permit.io model #114

Description

@izzywdev

Originator: FuzeKeys MCP Secrets-Broker.

Context / why: The broker needs per-identity/per-secret scopes and auto-release (LOW/MED) vs human-approval (HIGH) tiers. FuzeFront's Permit usage (utils/permit/permission-check.ts, role-assignment.ts, resource-instances.ts) covers org/app checks but the family has no agreed pattern for instance-scoped agent roles, a sensitivity attribute, or a temporary TTL-bounded "approved_release" role.

Asks:

  1. Standardize a resource-instance-scoped role pattern for agents (out-of-scope = no assignment = deny).
  2. Standardize a sensitivity attribute (LOW/MEDIUM/HIGH) + policy: LOW/MED allow in-scope; HIGH requires a separate read_sensitive action not granted by default.
  3. Standardize a time-boxed approved_release role the broker assigns after human approval to satisfy read_sensitive (documented TTL/revocation). Approval queue + notifier stay in the broker; only the decision lives in Permit.

Acceptance criteria:

  • Documented Permit conventions for instance scoping, sensitivity tiers, and TTL approval-grants in the shared env.
  • Worked example: check(agent,"read_sensitive",card) denies until an approval-grant role is assigned, then allows for the TTL, then denies.

Notifications requested: @-mention me on contract-freeze of these Permit conventions and on deployment.

STATE: depends on the agent-identity issue. Maps the broker design §7 tiers onto Permit; interim broker logic replaced once frozen.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions