docs(architecture): update ADR-015 scoped env API — resolved by ADR-022
ADR-015 L171 said the scoped env API was 'a two-way door for implementation.' ADR-022 has now resolved it: ScopedOperationEnv with operation-level granularity (HashSet<String>), not namespace-level. Update the stale text to point to the resolution.
This commit is contained in:
@@ -168,11 +168,12 @@ but it only gives the sandbox `fs:read` (not `bash:exec`), because the sandbox
|
|||||||
runs untrusted LLM-generated code. This is the "privileges flow downstream"
|
runs untrusted LLM-generated code. This is the "privileges flow downstream"
|
||||||
principle: the principal delegates a subset.
|
principle: the principal delegates a subset.
|
||||||
|
|
||||||
The specific API for declaring the scoped operation set (allowed-operations
|
The specific API for declaring the scoped operation set is specified in
|
||||||
list, allowed-namespaces, or a trait-based filter) is a two-way door for
|
ADR-022: `ScopedOperationEnv { allowed_operations: HashSet<String> }`,
|
||||||
implementation. The TypeScript `@alkdev/operations` `buildEnv()` used an
|
operation-level granularity (not just namespace-level). This is finer-grained
|
||||||
`allowedNamespaces` filter; the Rust implementation may be finer-grained
|
than the TypeScript `@alkdev/operations` `buildEnv()` which used
|
||||||
(operation-level, not just namespace-level) to be safe.
|
`allowedNamespaces` — operation-level scoping is safer for the
|
||||||
|
parameterized-dispatch use case.
|
||||||
|
|
||||||
### 5. The three controls together
|
### 5. The three controls together
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user