Skip to content

chore: remove SkillMetadata.permissions and derive skill sandboxing from permission_profile#13061

Open
celia-oai wants to merge 1 commit intomainfrom
dev/cc/cleanup
Open

chore: remove SkillMetadata.permissions and derive skill sandboxing from permission_profile#13061
celia-oai wants to merge 1 commit intomainfrom
dev/cc/cleanup

Conversation

@celia-oai
Copy link
Collaborator

@celia-oai celia-oai commented Feb 27, 2026

Summary

This change removes the compiled permissions field from skill metadata and keeps permission_profile as the single source of truth.

Skill loading no longer compiles skill permissions eagerly. Instead, the zsh-fork skill escalation path compiles skill.permission_profile when it needs to determine the sandbox to apply for a skill script.

Behavior change

For skills that declare:

  permissions: {}

we now treat that the same as having no skill permissions override, instead of creating and using a default readonly sandbox. This change makes the behavior more intuitive:

  • only non-empty skill permission profiles affect sandboxing
  • omitting permissions and writing permissions: {} now mean the same thing
  • skill metadata keeps a single permissions representation instead of storing derived state too

Overall, this makes skill sandbox behavior easier to understand and more predictable.

@celia-oai celia-oai marked this pull request as ready for review February 27, 2026 21:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant