readyblockedneeds helpallepicskb

--title=Actor model: Capability enforcement

t-363.4·WorkTask·
·
·
Parent:t-363·Created1 month ago·Updated1 month ago

Dependencies

Description

Edit

Implement capability enforcement for actor-based agents.

Overview

This is Phase 4 of the actor-native agent orchestration system. Capabilities are unforgeable tokens of authority that constrain what an actor can do.

Requirements

Capability Types

capabilities:
  tools: [read, write, bash, send, create]  # tool whitelist
  cost_limit: 5.00                           # max spend in dollars
  files:
    - path: "_/work/*"
      mode: read-write
    - path: "src/*"
      mode: read-only
  network: true                              # outbound network access
  create_limit: 10                           # max child actors
  depth_limit: 3                             # max delegation depth

Tool Filtering

  • Agent only sees tools in its capability whitelist
  • send, create, become always require explicit grant
  • Filter happens before tool list sent to LLM

Cost Enforcement

  • Track spend per actor
  • Halt actor if cost_limit exceeded
  • Aggregate child costs into parent's total
  • Report remaining budget to actor

File Access

  • Configure container mounts based on file capabilities
  • read-only paths mounted read-only
  • read-write paths mounted read-write
  • Paths not listed are not mounted

Network Access

  • Container network policy based on network capability
  • network: false = no outbound connections
  • network: true = normal network access

Creation Limits

  • create_limit: max children this actor can spawn
  • depth_limit: passed to children, decremented
  • Reject create if limits exceeded

Validation

  • On CREATE: child capabilities <= parent capabilities
  • Validate tool subset
  • Validate cost_limit <= parent's remaining budget
  • Validate depth_limit < parent's depth_limit

Implementation Notes

Files to modify/create

  • Omni/Agent/Capability.hs - New module for capability types and validation
  • Omni/Agent/Tools.hs - Filter tools by capability
  • Omni/Agent/Engine.hs - Check cost limits
  • Omni/Agentd.hs - Configure container from capabilities

Capability Passing

  • Root actor gets capabilities from workflow or CLI
  • On CREATE, capabilities validated and passed to child
  • Store in _/actors/{actor_id}/capabilities.json

Testing

  • Test tool filtering works
  • Test cost limit halts execution
  • Test capability narrowing validation
  • Test file mount configuration
  • Test network policy enforcement

Dependencies

  • Task: Actor model: CREATE primitive (capabilities passed at creation)

References

  • Spec: _/llm/actors.md (Capabilities section, Capability Narrowing)
  • Task t-362: Add capability-based permissions to agentd workflows

Timeline (2)

🔄[human]Open → InProgress1 month ago
🔄[human]InProgress → Done1 month ago