From cb383f9c7f1e91d8d4545eaa5305ee8bf0452d0e Mon Sep 17 00:00:00 2001
From: m3tm3re <p@m3ta.dev>
Date: Mon, 2 Feb 2026 19:21:04 +0100
Subject: [PATCH] Athena permissions refined

---
 agents/agents.json | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/agents/agents.json b/agents/agents.json
index eb233b1..445351c 100644
--- a/agents/agents.json
+++ b/agents/agents.json
@@ -168,6 +168,10 @@
     "temperature": 0.1,
     "prompt": "{file:./prompts/athena.txt}",
     "permission": {
+      "external_directory": {
+        "~/p/**": "allow",
+        "*": "ask"
+      },
       "read": {
         "*": "allow",
         "*.env": "deny",
@@ -180,11 +184,16 @@
         "*.pem": "deny",
         "*.key": "deny",
         "*/.aws/*": "deny",
-        "*/.kube/*": "deny"
+        "*/.kube/*": "deny",
+        "/run/agenix/*": "deny",
+        ".local/share/*": "deny",
+        ".cache/*": "deny",
+        "*.db": "deny",
+        "*.keychain": "deny",
+        "*.p12": "deny"
       },
       "edit": "deny",
       "bash": "deny",
-      "external_directory": "deny",
       "doom_loop": "deny"
     }
   }