starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-05-10 18:00:19 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity
Files
c56690d09e44e2eca8d3ef74fcf9be7f2e63e5cc
nix-config/agents/permissions.md
Ryan Yin 8053a2cb8e chore: update agent permissions
2026-04-30 13:37:18 +08:00

5.6 KiB
Raw Blame History

Permissions Configuration

This document records the current permission requirements for AI agents operating in this repository.

Scope

Environment Policy
Personal workstation Restrictive - protect user's daily workflow
Homelab VMs Permissive - agents have full autonomy

The permissions below apply to personal workstation only. For homelab VMs, almost everything is allowed except destructive operations on production systems.

Default Policy

Tool Permission
* (all others) ask

File Read Permissions

Pattern Permission
* (all files) allow
*.env deny
*.env.* deny
*.env.example allow
*.pem deny
*.key deny
*kubeconfig* deny
.ssh/** deny
.aws/** deny
.kube/** deny
.gnupg/** deny

Always Allowed Tools

These tools run without prompting:

  • glob
  • grep
  • lsp
  • question
  • skill
  • todowrite
  • webfetch
  • websearch
  • codesearch
  • edit (covers write and apply_patch)

Bash Command Permissions

Always Allowed (Read-only operations)

Git:

  • git status, git diff, git log, git show, git branch, git remote

Kubernetes:

  • kubectl get, kubectl describe, kubectl logs, kubectl top
  • kubectl api-resources, kubectl api-versions
  • kubectl config view, kubectl config get-contexts
  • kubectl explain
  • kubectl kustomize, kustomize build, kustomize version

Terraform:

  • terraform plan, terraform show, terraform state list, terraform state show
  • terraform output, terraform version, terraform providers, terraform fmt

GitHub CLI:

  • gh repo view/list, gh issue view/list, gh pr view/list/diff/checks
  • gh api, gh search, gh gist list/view
  • gh release view/list, gh workflow list/view, gh run list/view
  • gh status, gh auth status

Helm:

  • helm list, helm get, helm show, helm search
  • helm repo list, helm status, helm version, helm template

Google Cloud:

  • gcloud * list, gcloud * describe, gcloud * get-iam-policy
  • gcloud config list, gcloud auth list, gcloud version

Nix:

  • nix eval, nix build, nix flake show, nix flake metadata
  • nix flake check, nix flake lock
  • nix profile list, nix profile history
  • nix store verify, nix store ls, nix store path-info
  • nix search, nix doctor, nix --version
  • nixos-rebuild build, darwin-rebuild build
  • nom build

Just:

  • just --list, just --show, just --dry-run

Linters & Formatters:

  • statix check, deadnix, nixfmt --check
  • shellcheck, hadolint, actionlint
  • ruff check, clippy, prettier --check
  • tokei

System diagnostics:

  • systemctl status, systemctl list-units, systemctl show
  • journalctl -u, journalctl --since
  • lspci, lsusb, lsblk, df, free, uptime, uname -a
  • sensors, lsof

Git (extended):

  • git tag, git blame, git reflog, git stash list
  • git lfs status, git lfs ls-files

Development tools:

  • go version, go env, go list, go doc, go vet
  • cargo --version, cargo tree, cargo metadata
  • python3 --version, python3 -m py_compile
  • node --version, pnpm list, uv pip list

General utilities:

  • rg, fd, cp, mv, chmod
  • ls, cat, head, tail, wc, find, which
  • echo, pwd, date, env, printenv
  • file, stat, du, tree, bat, eza
  • jq, yq, tldr
  • mkdir, rmdir, grep

Requires Confirmation

Command Permission
rm * ask
rm -rf * ask

Always Denied

Command Permission
sudo * deny

Homelab VM Permissions

For agents running in dedicated homelab VMs, permissions are significantly relaxed:

Category Permission
bash allow (most commands)
edit allow
write allow
task allow
external_directory allow
rm allow

Still restricted in homelab VMs:

  • Production cluster destructive operations (kubectl delete, helm uninstall)
  • Infrastructure teardown (terraform destroy)
  • Secret exposure in logs

Other Tool Permissions

Tool Permission
edit allow
task ask
external_directory ask
doom_loop deny

Summary

  • Default policy: All tools ask — only explicitly whitelisted tools auto-allow
  • File operations: read, glob, grep, edit, write all allowed in workspace
  • Nix operations: Build/eval/flake commands auto-allowed (writes to store only)
  • Linting & formatting: All check commands auto-allowed
  • System diagnostics: Read-only system info auto-allowed
  • Sensitive files: Credentials, keys, and cloud configs are blocked
  • Bash commands: Read-only ops auto-allowed; rm requires confirmation; sudo blocked
  • Scope control: task and external_directory require approval
Reference in New Issue View Git Blame Copy Permalink