feat(security): add /elevate command and audit events

2026-02-15 16:56:49 -08:00
parent 692a0c5ea3
commit 735f14d0b1
6 changed files with 93 additions and 1 deletions
@@ -157,6 +157,13 @@ export interface ToolPolicyContext {

  /** True when untrusted content has been introduced in this run. */
  untrustedContent?: boolean;
+
+  /** Elevated mode (break-glass): allow host execution for high-risk tools until this epoch millis. */
+  elevatedHostUntilMs?: number;
+  /** User-supplied reason for elevation (audited separately). */
+  elevatedHostReason?: string;
+  /** Correlation id for elevation window. */
+  elevatedHostId?: string;
 }

 function resolveSkillAllowedNames(allToolNames: string[], permissions?: SkillPermissions): Set<string> | null {