feat: default to full-access mode with hook-based sensitive guards

2026-02-18 11:14:35 -08:00
parent fc2090b599
commit a76c5ae346
9 changed files with 72 additions and 8 deletions
@@ -246,6 +246,12 @@ models:
 hooks:
  confirm:
    - shell.*
+    - process.start
+    - process.kill
+    - browser.*
+    - message.send
+    - cron.create
+    - cron.delete
    - file.write
    - file.patch
  log:
@@ -260,6 +266,11 @@ hooks:
 #   Those permissions are enforced at runtime when requests are routed into a skill context.
 # - See: docs/security/SAFE_PERSONAL_AGENT.md

+agents:
+  # In full-access mode, sensitive operations are gated by HookEngine confirmation
+  # (instead of requiring temporary /elevate windows).
+  sensitive_mode: confirm_without_elevation
+
 # ── Prompt Assembly ───────────────────────────────────────────────────
 # Tune how much context Flynn loads into the system prompt.
 #