59 lines
2.7 KiB
JSON
59 lines
2.7 KiB
JSON
{
|
|
"schema_version": "1.0",
|
|
"reviewed_at": "2026-06-13",
|
|
"capabilities": {
|
|
"network": {
|
|
"decision": "approved",
|
|
"reviewer": "Yao Team",
|
|
"scope": "Only scripts declared in security/network_policy.json may perform outbound requests.",
|
|
"reason": "Network use is bounded to public GitHub metadata and benchmark discovery, with allowed hosts reviewed in security/network_policy.json.",
|
|
"expires_at": "2026-09-30",
|
|
"evidence": [
|
|
"security/network_policy.json",
|
|
"reports/security_trust_report.md"
|
|
],
|
|
"target_enforcement": {
|
|
"openai": "metadata-only permission_contract in openai.yaml plus adapter.json",
|
|
"claude": "adapter.json target_permission_contract and README note",
|
|
"generic": "adapter.json target_permission_contract",
|
|
"vscode": "adapter.json target_permission_contract plus VS Code workspace-trust note"
|
|
}
|
|
},
|
|
"file_write": {
|
|
"decision": "approved",
|
|
"reviewer": "Yao Team",
|
|
"scope": "Local generated reports, registry metadata, temporary test outputs, and package artifacts under the skill workspace.",
|
|
"reason": "File writes are required to create auditable reports, compiled target contracts, package artifacts, and local test fixtures; package safety checks exclude generated temp outputs from archives.",
|
|
"expires_at": "2026-09-30",
|
|
"evidence": [
|
|
"reports/package_verification.md",
|
|
"reports/install_simulation.md",
|
|
"security/permission_policy.md"
|
|
],
|
|
"target_enforcement": {
|
|
"openai": "metadata-only permission_contract in openai.yaml plus adapter.json",
|
|
"claude": "adapter.json target_permission_contract and README note",
|
|
"generic": "adapter.json target_permission_contract",
|
|
"vscode": "adapter.json target_permission_contract plus VS Code workspace-trust note"
|
|
}
|
|
},
|
|
"subprocess": {
|
|
"decision": "approved",
|
|
"reviewer": "Yao Team",
|
|
"scope": "Local deterministic validation, packaging, install simulation, and CI orchestration commands.",
|
|
"reason": "Subprocess use is limited to local verification and packaging flows that are surfaced through CLI help smoke tests and CI targets.",
|
|
"expires_at": "2026-09-30",
|
|
"evidence": [
|
|
"reports/security_trust_report.md",
|
|
"reports/review-studio.html"
|
|
],
|
|
"target_enforcement": {
|
|
"openai": "metadata-only permission_contract in openai.yaml plus adapter.json",
|
|
"claude": "adapter.json target_permission_contract and README note",
|
|
"generic": "adapter.json target_permission_contract",
|
|
"vscode": "adapter.json target_permission_contract plus VS Code workspace-trust note"
|
|
}
|
|
}
|
|
}
|
|
}
|