liam-fitzgerald/lone-gall.hoon

## lone-gall.hoon
::  %lone: gall agent isolation subsystem
::
::    Unincluded in this sketch, but potentially necessary:
::    - Optional permissions
::    - Scrying an agents permissions out of gall
::    - Dynamic permissions
::    Open questions:
::    - Is allowing pokes based on mark specific enough? Maybe not,
::      given %graph-store. Maybe poke-marks should be
::      $@(mark [=mark $-(vase ?)])
::    - How to handle upgrade logic?
::    - How do we allow agents to describe their own permissions?
::      e.g. in a hypothetical permissions popup, scries of chat-store
::      should be described as 'This agent can read your chat messages',
::      and %chat-action pokes should be described as 'This agent can send
::      chat messages on your behalf'. This kinda belies a more general point
::      about the ability of agents to document themselves.
::
|%
::  scry paths and watch paths are prefixes, e.g. allowing
::  /mailbox would allow to scry/watch anything that begins
::  with /mailbox
+$  agent-permission
  $:  scries=(set path)
      watches=(set path)
      poke-marks=(set term)
      foreign-watches=(set path)]
      foregin-poke-marks=(set term)
  ==
::
+$  agent-permissions  (jug agent=term agent-permission)
::
+$  arvo-permission
  $:  scry-paths=(set path)
      cards=(set _+<:note-arvo)
  ==
::
+$  arvo-permissions  (jug vane=term arvo-permission)
::
+$  permissions  [arvo=arvo-permissions agent=agent-permissions]
::
::  new arm for agent:gall, %gall should reject starting if permissions are not granted
::
+$  on-required-permissions  permissions
--
	:: %lone: gall agent isolation subsystem
	::
	:: Unincluded in this sketch, but potentially necessary:
	:: - Optional permissions
	:: - Scrying an agents permissions out of gall
	:: - Dynamic permissions
	:: Open questions:
	:: - Is allowing pokes based on mark specific enough? Maybe not,
	:: given %graph-store. Maybe poke-marks should be
	:: $@(mark [=mark $-(vase ?)])
	:: - How to handle upgrade logic?
	:: - How do we allow agents to describe their own permissions?
	:: e.g. in a hypothetical permissions popup, scries of chat-store
	:: should be described as 'This agent can read your chat messages',
	:: and %chat-action pokes should be described as 'This agent can send
	:: chat messages on your behalf'. This kinda belies a more general point
	:: about the ability of agents to document themselves.
	::
	\|%
	:: scry paths and watch paths are prefixes, e.g. allowing
	:: /mailbox would allow to scry/watch anything that begins
	:: with /mailbox
	+$ agent-permission
	$: scries=(set path)
	watches=(set path)
	poke-marks=(set term)
	foreign-watches=(set path)]
	foregin-poke-marks=(set term)
	==
	::
	+$ agent-permissions (jug agent=term agent-permission)
	::
	+$ arvo-permission
	$: scry-paths=(set path)
	cards=(set _+<:note-arvo)
	==
	::
	+$ arvo-permissions (jug vane=term arvo-permission)
	::
	+$ permissions [arvo=arvo-permissions agent=agent-permissions]
	::
	:: new arm for agent:gall, %gall should reject starting if permissions are not granted
	::
	+$ on-required-permissions permissions
	--