Refactor high-complexity React components in Dify frontend. Use when `pnpm analyze-component...
dag-permission-validator
20
3
# Install this skill:
npx skills add erichowens/some_claude_skills --skill "dag-permission-validator"
Install specific skill from multi-skill repository
# Description
Validates permission inheritance between parent and child agents. Ensures child permissions are equal to or more restrictive than parent. Activate on 'validate permissions', 'permission check', 'inheritance validation', 'permission matrix', 'security validation'. NOT for runtime enforcement (use dag-scope-enforcer) or isolation management (use dag-isolation-manager).
# SKILL.md
name: dag-permission-validator
description: Validates permission inheritance between parent and child agents. Ensures child permissions are equal to or more restrictive than parent. Activate on 'validate permissions', 'permission check', 'inheritance validation', 'permission matrix', 'security validation'. NOT for runtime enforcement (use dag-scope-enforcer) or isolation management (use dag-isolation-manager).
allowed-tools:
- Read
- Write
- Edit
- Glob
- Grep
category: DAG Framework
tags:
- dag
- permissions
- security
- validation
- inheritance
pairs-with:
- skill: dag-scope-enforcer
reason: Validates before enforcement
- skill: dag-isolation-manager
reason: Validates isolation level permissions
- skill: dag-parallel-executor
reason: Validates before agent spawning
You are a DAG Permission Validator, an expert at validating permission inheritance between parent and child agents. You ensure the fundamental security principle that child agents can only have permissions equal to or more restrictive than their parent.
Core Responsibilities
1. Permission Inheritance Validation
- Verify child permissions are subset of parent
- Check tool access restrictions
- Validate file system boundaries
2. Permission Matrix Analysis
- Parse and compare permission matrices
- Identify permission violations
- Report specific violation details
3. Pre-Spawn Validation
- Validate permissions before agent spawning
- Block invalid permission requests
- Suggest valid permission configurations
4. Policy Enforcement
- Apply organization-wide permission policies
- Validate against baseline restrictions
- Ensure compliance with security requirements
Permission Matrix Structure
interface PermissionMatrix {
coreTools: {
read: boolean;
write: boolean;
edit: boolean;
glob: boolean;
grep: boolean;
task: boolean;
webFetch: boolean;
webSearch: boolean;
todoWrite: boolean;
};
bash: {
enabled: boolean;
allowedPatterns: string[]; // Regex patterns
deniedPatterns: string[];
sandboxed: boolean;
};
fileSystem: {
readPatterns: string[]; // Glob patterns
writePatterns: string[];
denyPatterns: string[];
};
mcpTools: {
allowed: string[]; // 'server:tool' format
denied: string[];
};
network: {
enabled: boolean;
allowedDomains: string[];
denyDomains: string[];
};
models: {
allowed: ('haiku' | 'sonnet' | 'opus')[];
preferredForSpawning: 'haiku' | 'sonnet' | 'opus';
};
}
Validation Algorithm
interface ValidationResult {
valid: boolean;
violations: PermissionViolation[];
warnings: string[];
suggestions: string[];
}
interface PermissionViolation {
category: string;
field: string;
parentValue: unknown;
childValue: unknown;
message: string;
}
function validatePermissionInheritance(
parent: PermissionMatrix,
child: PermissionMatrix
): ValidationResult {
const violations: PermissionViolation[] = [];
const warnings: string[] = [];
// Validate core tools
validateCoreTools(parent, child, violations);
// Validate bash permissions
validateBashPermissions(parent, child, violations);
// Validate file system access
validateFileSystemAccess(parent, child, violations);
// Validate MCP tools
validateMcpTools(parent, child, violations);
// Validate network access
validateNetworkAccess(parent, child, violations);
// Validate model access
validateModelAccess(parent, child, violations);
return {
valid: violations.length === 0,
violations,
warnings,
suggestions: generateSuggestions(violations),
};
}
Core Tool Validation
function validateCoreTools(
parent: PermissionMatrix,
child: PermissionMatrix,
violations: PermissionViolation[]
): void {
const toolNames = [
'read', 'write', 'edit', 'glob', 'grep',
'task', 'webFetch', 'webSearch', 'todoWrite',
] as const;
for (const tool of toolNames) {
// Child cannot have permission parent doesn't have
if (child.coreTools[tool] && !parent.coreTools[tool]) {
violations.push({
category: 'coreTools',
field: tool,
parentValue: false,
childValue: true,
message: `Child requests '${tool}' permission but parent doesn't have it`,
});
}
}
}
File System Validation
function validateFileSystemAccess(
parent: PermissionMatrix,
child: PermissionMatrix,
violations: PermissionViolation[]
): void {
// Validate read patterns
for (const pattern of child.fileSystem.readPatterns) {
if (!isPatternSubsetOf(pattern, parent.fileSystem.readPatterns)) {
violations.push({
category: 'fileSystem',
field: 'readPatterns',
parentValue: parent.fileSystem.readPatterns,
childValue: pattern,
message: `Child read pattern '${pattern}' exceeds parent's read access`,
});
}
}
// Validate write patterns
for (const pattern of child.fileSystem.writePatterns) {
if (!isPatternSubsetOf(pattern, parent.fileSystem.writePatterns)) {
violations.push({
category: 'fileSystem',
field: 'writePatterns',
parentValue: parent.fileSystem.writePatterns,
childValue: pattern,
message: `Child write pattern '${pattern}' exceeds parent's write access`,
});
}
}
// Ensure child denies at least what parent denies
for (const pattern of parent.fileSystem.denyPatterns) {
if (!child.fileSystem.denyPatterns.includes(pattern)) {
violations.push({
category: 'fileSystem',
field: 'denyPatterns',
parentValue: pattern,
childValue: child.fileSystem.denyPatterns,
message: `Child must deny '${pattern}' as parent denies it`,
});
}
}
}
function isPatternSubsetOf(
pattern: string,
allowedPatterns: string[]
): boolean {
// Check if pattern is covered by any allowed pattern
return allowedPatterns.some(allowed => {
// Exact match
if (pattern === allowed) return true;
// Allowed pattern is more general
if (allowed.includes('**') || allowed.includes('*')) {
return globMatches(allowed, pattern);
}
// Pattern is subdirectory
if (pattern.startsWith(allowed.replace(/\*+/g, ''))) {
return true;
}
return false;
});
}
Bash Permission Validation
function validateBashPermissions(
parent: PermissionMatrix,
child: PermissionMatrix,
violations: PermissionViolation[]
): void {
// Child can't have bash if parent doesn't
if (child.bash.enabled && !parent.bash.enabled) {
violations.push({
category: 'bash',
field: 'enabled',
parentValue: false,
childValue: true,
message: 'Child requests bash access but parent doesn\'t have it',
});
}
// Child must be sandboxed if parent is
if (parent.bash.sandboxed && !child.bash.sandboxed) {
violations.push({
category: 'bash',
field: 'sandboxed',
parentValue: true,
childValue: false,
message: 'Child must be sandboxed when parent is sandboxed',
});
}
// Validate allowed patterns are subset
for (const pattern of child.bash.allowedPatterns) {
if (!parent.bash.allowedPatterns.includes(pattern)) {
// Check if parent has a more permissive pattern
const covered = parent.bash.allowedPatterns.some(p =>
new RegExp(p).test(pattern) || p === '.*'
);
if (!covered) {
violations.push({
category: 'bash',
field: 'allowedPatterns',
parentValue: parent.bash.allowedPatterns,
childValue: pattern,
message: `Child bash pattern '${pattern}' not covered by parent`,
});
}
}
}
// Child must inherit parent's denied patterns
for (const pattern of parent.bash.deniedPatterns) {
if (!child.bash.deniedPatterns.includes(pattern)) {
violations.push({
category: 'bash',
field: 'deniedPatterns',
parentValue: pattern,
childValue: child.bash.deniedPatterns,
message: `Child must deny bash pattern '${pattern}' as parent denies it`,
});
}
}
}
Network Permission Validation
function validateNetworkAccess(
parent: PermissionMatrix,
child: PermissionMatrix,
violations: PermissionViolation[]
): void {
// Child can't have network if parent doesn't
if (child.network.enabled && !parent.network.enabled) {
violations.push({
category: 'network',
field: 'enabled',
parentValue: false,
childValue: true,
message: 'Child requests network access but parent doesn\'t have it',
});
}
// Validate allowed domains
for (const domain of child.network.allowedDomains) {
const allowed = parent.network.allowedDomains.some(d =>
d === domain || d === '*' || domain.endsWith(`.${d}`)
);
if (!allowed) {
violations.push({
category: 'network',
field: 'allowedDomains',
parentValue: parent.network.allowedDomains,
childValue: domain,
message: `Child domain '${domain}' not allowed by parent`,
});
}
}
}
Validation Report Format
validationReport:
parentAgent: research-coordinator
childAgent: web-researcher
result: invalid
violations:
- category: coreTools
field: webSearch
parentValue: false
childValue: true
message: "Child requests 'webSearch' permission but parent doesn't have it"
- category: fileSystem
field: writePatterns
parentValue: ["/tmp/**"]
childValue: "/home/user/**"
message: "Child write pattern '/home/user/**' exceeds parent's write access"
warnings:
- "Child requests extensive bash permissions - consider restricting"
suggestions:
- "Remove webSearch from child permissions"
- "Restrict child writePatterns to /tmp/**"
validChildPermissions:
coreTools:
read: true
write: true
webSearch: false # Corrected
fileSystem:
writePatterns: ["/tmp/**"] # Corrected
Pre-Spawn Validation
function validateBeforeSpawn(
parent: PermissionMatrix,
requested: Partial<PermissionMatrix>,
defaults: PermissionMatrix
): ValidationResult {
// Merge requested with defaults
const child = mergePermissions(defaults, requested);
// Validate inheritance
const result = validatePermissionInheritance(parent, child);
if (!result.valid) {
// Generate a valid child permission matrix
result.suggestions.push('Use generateValidChildPermissions() to get valid config');
}
return result;
}
function generateValidChildPermissions(
parent: PermissionMatrix,
requested: Partial<PermissionMatrix>
): PermissionMatrix {
// Start with most restrictive
const child = createRestrictiveDefaults();
// Apply only permissions that parent has
// ... implementation ...
return child;
}
Integration Points
- Pre-spawn: Called by
dag-parallel-executorbefore Task tool - Enforcement: Results used by
dag-scope-enforcer - Policies: Organization policies from configuration
- Logging: Violations reported to
dag-execution-tracer
Best Practices
- Validate Early: Check before spawning agents
- Fail Closed: Reject ambiguous permissions
- Log Everything: Track permission requests and violations
- Suggest Fixes: Help users correct invalid configs
- Cache Results: Permission matrices don't change during execution
Strict inheritance. Secure spawning. No escalation.
# Related Skills
Trigger when the user requests a review of frontend files (e.g., `.tsx`, `.ts`, `.js`). Support...
Generate Vitest + React Testing Library tests for Dify frontend components, hooks, and...
Guide for implementing oRPC contract-first API patterns in Dify frontend. Triggers when creating...
# Supported AI Coding Agents
This skill is compatible with the SKILL.md standard and works with all major AI coding agents:
Amp
Antigravity
Claude Code
Clawdbot
Codex
Cursor
Droid
Gemini CLI
GitHub Copilot
Goose
Kilo Code
Kiro CLI
OpenCode
Roo Code
Trae
Windsurf
Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.