| name | permission-safety |
| description | Use for tools, permissions, risky actions, sandbox, browser, and execution safety changes in Gantry. |
Permission Safety
Use this skill when a task changes tool execution, permission decisions, risky action handling, sandbox policy, browser control, IPC permission flows, or approval UX.
Required Workflow
- Read
docs/decisions/0001-agent-runtime-platform.md, docs/architecture/codebase-refactor-principles.md, and docs/architecture/credential-management.md when credential access is involved.
- Ensure risky execution goes through deterministic permission evaluation before a runner, provider callback, browser action, or sandbox lease grants access.
- Keep audit-relevant decisions explicit: request, policy input, decision, reason, and response path should be testable without provider-specific callbacks.
- Use
capability-lifecycle when the change affects durable capability selection, visible attached sources, global inventory, Browser grants, local CLI capabilities, or agent-reviewed access changes.
- Fail closed on missing, malformed, or late permission responses.
- Add or update permission, sandbox, browser, or IPC tests for changed behavior.
- Run
python3 .codex/scripts/check_architecture.py and python3 .codex/scripts/check_task_completion.py before final handoff when possible.
Evidence To Provide
- Deterministic decision path.
- Failure mode checked.
- Tests proving deny, allow, and malformed/timeout behavior where applicable.