Tinker
Resources
Agent logs
Agent memories
Agent sessions
Agent terminal logs
Agents
Comments
Epics
Projects
Proposals
Tickets
Avo user
Resources
Agent logs
Agent memories
Agent sessions
Agent terminal logs
Agents
Comments
Epics
Projects
Proposals
Tickets
Avo user
Home
Epics
Role-based skill scoping: agents only access their own skills
Edit
Role-based skill scoping: agents only access their own skills
Cancel
Save
Title
*
Project
*
Choose an option
alpha
tinker
Create new project
Description
Implement role-based skill scoping so agents only have access to their own skills. ## Problem Currently agents can potentially invoke skills meant for other agent types. For example: - A worker shouldn't be able to invoke orchestrator skills - A researcher shouldn't invoke reviewer-specific skills - Skills should be scoped by role for security and proper workflow ## Required Changes ### 1. Add role_filter to Skill Definition **File:** Likely in skill registration/config Skills should declare which roles can use them: ```ruby # or in config/skills.yml skills: git-commit: roles: [worker, human] # Only workers and humans can commit description: "Create git commits" review-pr: roles: [reviewer, human] # Only reviewers and humans can review description: "Review a pull request" coordinate-agents: roles: [orchestrator] # Only orchestrator can coordinate description: "Assign work to agents" ``` ### 2. Filter Skills in MCP Bridge **File:** agent-bridge.go (or wherever skills are exposed to agents) When an agent connects via MCP, filter the available skills list: ```go func GetSkillsForAgent(agentType string) []Skill { var skills []Skill for _, skill := range allSkills { if skill.AllowedRoles == nil || contains(skill.AllowedRoles, agentType) { skills = append(skills, skill) } } return skills } ``` ### 3. Role-to-Skill Mapping **Default Role Permissions:** | Role | Allowed Skills | |------|----------------| | worker | git-workflow, worker-workflow, memory (read/write own) | | reviewer | review-workflow, memory (read/write own) | | orchestrator | orchestrator-workflow, ticket-management, memory (all) | | researcher | memory (search, store own) - NO git/workflow skills | | planner | ticket-management, memory (all) | | human | All skills (via CLI) | ## Acceptance Criteria - [ ] Skills have role_filter field/attribute - [ ] MCP bridge filters skills based on connecting agent's role - [ ] Workers cannot invoke orchestrator or reviewer skills - [ ] Researchers have most restricted access (read-only + proposals) - [ ] Humans (CLI) still have access to all skills - [ ] Existing skills are tagged with appropriate roles ## Security Impact This prevents: - Workers from orchestrating other agents - Reviewers from creating tickets outside review flow - Researchers from executing git operations - Privilege escalation via skill invocation
Avo
· © 2026 AvoHQ ·
v3.27.0
Close modal
Are you sure?
Yes, I'm sure
No, cancel
