From c58c28aef5dd98ae964656920966a230600015c0 Mon Sep 17 00:00:00 2001 From: m3tm3re Date: Mon, 2 Feb 2026 19:06:49 +0100 Subject: [PATCH] chore(agents): refine permissions for Chiron and Chriton-Forge with security hardening --- agents/agents.json | 93 +++++++++++++++++++++++++++++++++++++--------- 1 file changed, 76 insertions(+), 17 deletions(-) diff --git a/agents/agents.json b/agents/agents.json index 775ad9c..eb233b1 100644 --- a/agents/agents.json +++ b/agents/agents.json @@ -5,6 +5,10 @@ "model": "zai-coding-plan/glm-4.7", "prompt": "{file:./prompts/chiron.txt}", "permission": { + "external_directory": { + "~/p/**": "allow", + "*": "ask" + }, "read": { "*": "allow", "*.env": "deny", @@ -17,11 +21,40 @@ "*.pem": "deny", "*.key": "deny", "*/.aws/*": "deny", - "*/.kube/*": "deny" + "*/.kube/*": "deny", + "/run/agenix/*": "deny", + ".local/share/*": "deny", + ".cache/*": "deny", + "*.db": "deny", + "*.keychain": "deny", + "*.p12": "deny" + }, + "edit": "deny", + "bash": { + "*": "deny", + "bd *": "allow", + "echo * > *": "deny", + "cat * > *": "deny", + "printf * > *": "deny", + "tee": "deny", + "*>*": "deny", + ">*>*": "deny", + "eval *": "deny", + "source *": "deny", + "$(*": "deny", + "`*": "deny", + "git add *.env*": "deny", + "git commit *.env*": "deny", + "git add *credentials*": "deny", + "git add *secrets*": "deny" + }, + "task": { + "*": "deny", + "explore": "allow", + "librarian": "allow", + "athena": "allow", + "chiron-forge": "allow" }, - "edit": "ask", - "bash": "ask", - "external_directory": "ask", "doom_loop": "ask" } }, @@ -43,7 +76,13 @@ "*.pem": "deny", "*.key": "deny", "*/.aws/*": "deny", - "*/.kube/*": "deny" + "*/.kube/*": "deny", + "/run/agenix/*": "deny", + ".local/share/*": "deny", + ".cache/*": "deny", + "*.db": "deny", + "*.keychain": "deny", + "*.p12": "deny" }, "edit": "allow", "bash": { @@ -53,7 +92,6 @@ "mv *": "ask", "chmod *": "ask", "chown *": "ask", - "git *": "ask", "git status*": "allow", "git log*": "allow", "git diff*": "allow", @@ -63,29 +101,41 @@ "git remote -v": "allow", "git add *": "allow", "git commit *": "allow", + "git push *": "ask", + "git config *": "deny", + "git add *.env*": "deny", + "git commit *.env*": "deny", + "git add *credentials*": "deny", + "git add *secrets*": "deny", "jj *": "ask", "jj status": "allow", "jj log*": "allow", "jj diff*": "allow", "jj show*": "allow", - "npm *": "ask", + "npm install *": "ask", + "npm i *": "ask", "npx *": "ask", - "bun *": "ask", + "bun install *": "ask", + "bun i *": "ask", "bunx *": "ask", + "pip install *": "ask", + "pip3 install *": "ask", "uv *": "ask", - "pip *": "ask", - "pip3 *": "ask", - "yarn *": "ask", - "pnpm *": "ask", - "cargo *": "ask", - "go *": "ask", - "make *": "ask", + "yarn install *": "ask", + "yarn add *": "ask", + "pnpm install *": "ask", + "pnpm add *": "ask", + "cargo install *": "ask", + "go install *": "ask", + "make install": "ask", "dd *": "deny", "mkfs*": "deny", "fdisk *": "deny", "parted *": "deny", "eval *": "deny", "source *": "deny", + "$(*": "deny", + "`*": "deny", "curl *|*sh": "deny", "wget *|*sh": "deny", "sudo *": "deny", @@ -96,9 +146,18 @@ "reboot*": "deny", "init *": "deny", "> /dev/*": "deny", - "cat * > /dev/*": "deny" + "cat * > /dev/*": "deny", + "echo * > *": "deny", + "cat * > *": "deny", + "printf * > *": "deny", + "tee": "deny", + "*>*": "deny", + ">*>*": "deny" + }, + "external_directory": { + "~/p/**": "allow", + "*": "ask" }, - "external_directory": "ask", "doom_loop": "ask" } },