Permissions and policy
Permissions should be explicit and host-resolved. App packages may request tool, filesystem, network, model, export, or tenant scopes. Agent Policy or host policy decides allow, ask, deny, retention, and audit behavior.
Checklist
- Keep declarations machine-readable.
- Keep procedures in Agent Skills.
- Keep facts in Agent Knowledge.
- Keep execution in the host runtime.
- Attach app provenance to projected objects.