keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/_capabilities/scope/files-whitelist/text.md
Parfii-bot c0c3483f02 feat(agent-substrate/phase-1): capability library — 11 declarative bundles 
22 files per locked §Initial capability atom inventory:

policy/no-git-ops/               (gate: PreToolUse:Bash, bypass ORCHESTRATOR_META)
scope/files-whitelist/           (gate + verify worktree)
scope/files-denylist/            (gate + verify worktree)
quality/constructor-pattern/     (verify worktree)
quality/cargo-check-green/       (verify both — worktree short-circuit + simulated-merge)
quality/tests-green/             (verify both)
safety/no-dep-bump/              (gate + verify both)
output/report-format/            (verify worktree)
output/severity-grade/           (verify worktree)
tools/read-only/                 (gate: deny Edit/Write)
tools/cargo-only-bash/           (gate: Bash allowlist)

All capability.toml share [capability]/[restricts]/[parameterized]/[text]/
[gate]/[verify] section layout. rust-module paths pre-wired to match
phase-3 file layout. All text.md under 200 words, imperative,
self-contained (composer concatenates with --- separator).

Cross-refs to rule files preserved:
- policy::no-git-ops → RULE 0.13 (orchestrator-branch-first.md)
- quality::constructor-pattern → RULE ZERO (code-style.md)
- output::severity-grade → debugging.md §Security Review
- safety::no-dep-bump → supply-chain rationale

Agent attempted wc -w for word counts — sandbox correctly denied Bash
per RULE 0.13, observable reinforcement of the very policy this
capability encodes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 02:35:52 +08:00

1 KiB
Raw Blame History

Scope — files whitelist

You MUST only Edit or Write files whose path matches one of the glob patterns in your task's scope.files-whitelist list. Any other path is outside your scope.

The whitelist is the full set of files you are authorised to touch. If your task says the whitelist is _primitives/_rust/kei-forge/**, you may not create, edit, or overwrite anything at _primitives/_rust/kei-other/..., at scripts/..., or at the workspace root.

Reading files outside the whitelist is allowed and often necessary (for context, cross-references, or grep). The restriction applies only to mutating tools (Edit, Write).

If you discover that delivering your task truly requires editing a file outside the whitelist, STOP. Do not attempt the edit. Return a short note describing the file and the reason. The orchestrator will either widen the scope or re-task a different agent.

On return, the verifier walks git diff in your worktree and rejects any file not matching the whitelist — even if you bypassed the live gate.