Finding (docs/ocap/authority-model-design-review.md §7 + the paper docs/ocap/caveat-lattice-paper.md)
The Caveats meet-lattice algebra is sound (GLB on all 6 axes; property-tested) and the per-axis predicates already exist (newt-core CaveatsExt: permits_fs_read/fs_write/exec/net + permits_one_more). The gap is the enforcement floor: the crew/team path consults only fs_write (+ top-level exec), ignores fs_read/net/max_calls, and crew_runner never .meet()s — crews run at the full session grant despite docstrings claiming attenuation. This epic implements complete mediation (Saltzer & Schroeder 1975): the algebra made real.
Stacked PR series (review + merge in order; each TDD: red on today's code, green after)
- docs — the design review + the caveat-lattice paper (the rationale). [
docs/ocap-authority-review]
- crew_runner
.meet-attenuates the crew to ≤ session + true docstrings (the structural Confused-Deputy bound).
- crew.rs complete mediation:
fs_read (navigator reads gated by permits_fs_read).
- crew complete mediation:
net + max_calls (permits_net + permits_one_more).
- gate the team-mode per-subtask
verify (exec axis).
- role_profile clamp —
NamedPermissionPreset clamps fs_read + default-deny (fix the default-top).
- route
run_team through Plan/run_plan (+ the plan-path re-entry gap).
- per-subtask
team_clamp (now with teeth) + the ceiling-tightness lint.
Each step's TDD test is a machine-checked claim; the before/after is empirical evidence for the conference-paper series (paper 1 = docs/ocap/caveat-lattice-paper.md). Single-repo (newt-agent); the agent-mesh algebra is sound + unchanged. Refs #739, #741.
Finding (docs/ocap/authority-model-design-review.md §7 + the paper docs/ocap/caveat-lattice-paper.md)
The
Caveatsmeet-lattice algebra is sound (GLB on all 6 axes; property-tested) and the per-axis predicates already exist (newt-coreCaveatsExt:permits_fs_read/fs_write/exec/net+permits_one_more). The gap is the enforcement floor: the crew/team path consults onlyfs_write(+ top-levelexec), ignoresfs_read/net/max_calls, andcrew_runnernever.meet()s — crews run at the full session grant despite docstrings claiming attenuation. This epic implements complete mediation (Saltzer & Schroeder 1975): the algebra made real.Stacked PR series (review + merge in order; each TDD: red on today's code, green after)
docs/ocap-authority-review].meet-attenuates the crew to ≤ session + true docstrings (the structural Confused-Deputy bound).fs_read(navigator reads gated bypermits_fs_read).net+max_calls(permits_net+permits_one_more).verify(exec axis).NamedPermissionPresetclampsfs_read+ default-deny (fix the default-top).run_teamthroughPlan/run_plan(+ the plan-path re-entry gap).team_clamp(now with teeth) + the ceiling-tightness lint.Each step's TDD test is a machine-checked claim; the before/after is empirical evidence for the conference-paper series (paper 1 =
docs/ocap/caveat-lattice-paper.md). Single-repo (newt-agent); the agent-mesh algebra is sound + unchanged. Refs #739, #741.