Skip to content

fix(security): define explicit permissionMode for all AIOS core agents#453

Closed
riaworks wants to merge 1 commit intoSynkraAI:pedro-aiosfrom
riaworks:fix/agent-permissions
Closed

fix(security): define explicit permissionMode for all AIOS core agents#453
riaworks wants to merge 1 commit intoSynkraAI:pedro-aiosfrom
riaworks:fix/agent-permissions

Conversation

@riaworks
Copy link
Contributor

@riaworks riaworks commented Feb 21, 2026

Summary

Define explicit permissionMode for all 12 AIOS core agents that previously had none, ensuring a consistent security posture across the agent fleet.

Context

Squad agents (chiefs, design-system, etc.) all had explicit permissionMode defined, but the 12 core AIOS agents did not. This created an inconsistency where some agents had clear permission boundaries and others inherited an implicit default.

Permission Matrix

Mode Agents Rationale
bypassPermissions dev, devops, data-engineer, aios-master High-risk agents that execute code autonomously, run git operations, or manage DDL
acceptEdits qa, architect, ux-design-expert, squad-creator Medium-risk agents that write files (tests, docs, components, definitions)
default po, pm, sm, analyst Low-risk agents focused on read-heavy operations (stories, PRDs, research)

Files Changed

12 agent files in .claude/agents/ — each received a single permissionMode: line addition in frontmatter.

Test plan

  • All agents activate correctly with their new permissionMode
  • dev and devops can execute without permission prompts
  • qa and architect can edit files without bash prompts
  • po, pm, sm, analyst prompt for destructive operations

🤖 Generated with Claude Code

@riaworks @claude
fix(security): define explicit permissionMode for all AIOS core agents
560eeaa 
Apply consistent permission policies based on agent risk profile:

- bypassPermissions (high risk, autonomous execution):
  dev, devops, data-engineer, aios-master

- acceptEdits (medium risk, writes files):
  qa, architect, ux-design-expert, squad-creator

- default (low risk, read-heavy):
  po, pm, sm, analyst

Previously these 12 agents had no permissionMode defined, inheriting
an implicit default. This made the security posture inconsistent with
squad agents (which all had explicit permissionMode).

Co-Authored-By: Claude Opus 4.6 <[email protected]>
@vercel
Copy link

vercel bot commented Feb 21, 2026

@riaworks is attempting to deploy a commit to the Pedro Valério Lopez's projects Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai
Copy link

coderabbitai bot commented Feb 21, 2026
edited
Loading

Note

Reviews paused

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (1)
  • main

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@riaworks riaworks mentioned this pull request Feb 21, 2026
Open
@riaworks
Copy link
Contributor Author

riaworks commented Feb 21, 2026

CodeRabbit review is running on the fork PR: riaworks#6
Review results will be validated there before requesting merge here.

@coderabbitai ignore

@coderabbitai
Copy link

coderabbitai bot commented Feb 21, 2026

@riaworks, understood! I'll pause reviews on this PR. You can validate the changes on your fork PR first, and when you're ready for me to review here, just mention me with "@coderabbitai resume" or use the "resume" command.

🧠 Learnings used 
Learnt from: CR
Repo: SynkraAI/aios-core PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-15T19:15:34.768Z
Learning: Follow `.aios-core/constitution.md` as the source of truth for agent behavior, including principles: CLI First, Agent Authority, Story-Driven Development, No Invention, Quality First, and Absolute Imports
✅ Actions performed

Reviews paused.

@Pedrovaleriolopez
Copy link
Contributor

Pedrovaleriolopez commented Feb 22, 2026

Thank you @riaworks for this excellent security improvement! 🔒

However, we're closing this PR because the changes have been superseded by our AGF-6/7 agent architecture refactoring (currently in progress on a separate branch):

  1. Files renamed: The agent stubs (devops.md, dev.md, etc.) have been renamed to aios-devops.md, aios-dev.md, etc.
  2. permissionMode already defined: All 28+ agent definitions now include explicit permissionMode in the new architecture.
  3. Values aligned: The autonomous agent design uses bypassPermissions for spawned agents (correct for Task tool usage).

Your security audit correctly identified the missing permissionMode field — the fix was incorporated into the AGF-6/7 refactoring. Thank you for the thorough analysis!

[Story NOG-17]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@riaworks @Pedrovaleriolopez