Skip to content

Instantly share code, notes, and snippets.

@liam-fitzgerald
Created October 18, 2020 23:14
Show Gist options
  • Save liam-fitzgerald/a7efd327d3e6d1e2853f965b68a1d5a0 to your computer and use it in GitHub Desktop.
Save liam-fitzgerald/a7efd327d3e6d1e2853f965b68a1d5a0 to your computer and use it in GitHub Desktop.
gall-isolation.hoon
:: %lone: gall agent isolation subsystem
::
:: Unincluded in this sketch, but potentially necessary:
:: - Optional permissions
:: - Scrying an agents permissions out of gall
:: - Dynamic permissions
:: Open questions:
:: - Is allowing pokes based on mark specific enough? Maybe not,
:: given %graph-store. Maybe poke-marks should be
:: $@(mark [=mark $-(vase ?)])
:: - How to handle upgrade logic?
:: - How do we allow agents to describe their own permissions?
:: e.g. in a hypothetical permissions popup, scries of chat-store
:: should be described as 'This agent can read your chat messages',
:: and %chat-action pokes should be described as 'This agent can send
:: chat messages on your behalf'. This kinda belies a more general point
:: about the ability of agents to document themselves.
::
|%
:: scry paths and watch paths are prefixes, e.g. allowing
:: /mailbox would allow to scry/watch anything that begins
:: with /mailbox
+$ agent-permission
$: scries=(set path)
watches=(set path)
poke-marks=(set term)
foreign-watches=(set path)]
foregin-poke-marks=(set term)
==
::
+$ agent-permissions (jug agent=term agent-permission)
::
+$ arvo-permission
$: scry-paths=(set path)
cards=(set _+<:note-arvo)
==
::
+$ arvo-permissions (jug vane=term arvo-permission)
::
+$ permissions [arvo=arvo-permissions agent=agent-permissions]
::
:: new arm for agent:gall, %gall should reject starting if permissions are not granted
::
+$ on-required-permissions permissions
--
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment