# RBAC Tools Matrix # Maps tool → action → entitlements required # Enforced by tool_governance.py in gateway dispatch # # Entitlement format: tools.. # Agents/users must have ALL listed entitlements to perform an action. tools: repo_tool: actions: tree: entitlements: ["tools.repo.read"] read: entitlements: ["tools.repo.read"] search: entitlements: ["tools.repo.read"] metadata: entitlements: ["tools.repo.read"] kb_tool: actions: search: entitlements: ["tools.kb.read"] snippets: entitlements: ["tools.kb.read"] open: entitlements: ["tools.kb.read"] sources: entitlements: ["tools.kb.read"] oncall_tool: actions: services_list: entitlements: ["tools.oncall.read"] service_health: entitlements: ["tools.oncall.read"] service_status: entitlements: ["tools.oncall.read"] runbook_search: entitlements: ["tools.oncall.read"] runbook_read: entitlements: ["tools.oncall.read"] deployments_recent: entitlements: ["tools.oncall.read"] incident_list: entitlements: ["tools.oncall.read"] incident_get: entitlements: ["tools.oncall.read"] incident_create: entitlements: ["tools.oncall.incident_write"] incident_close: entitlements: ["tools.oncall.incident_write"] incident_append_event: entitlements: ["tools.oncall.incident_write"] incident_attach_artifact: entitlements: ["tools.oncall.incident_write"] incident_followups_summary: entitlements: ["tools.oncall.read"] alert_to_incident: entitlements: ["tools.oncall.incident_write", "tools.alerts.read", "tools.alerts.ack"] incident_escalation_tool: actions: evaluate: entitlements: ["tools.oncall.incident_write"] auto_resolve_candidates: entitlements: ["tools.oncall.incident_write"] risk_engine_tool: actions: service: entitlements: ["tools.risk.read"] dashboard: entitlements: ["tools.risk.read"] policy: entitlements: ["tools.risk.read"] risk_history_tool: actions: snapshot: entitlements: ["tools.risk.write"] cleanup: entitlements: ["tools.risk.write"] series: entitlements: ["tools.risk.read"] digest: entitlements: ["tools.risk.write"] backlog_tool: actions: list: entitlements: ["tools.backlog.read"] get: entitlements: ["tools.backlog.read"] dashboard: entitlements: ["tools.backlog.read"] create: entitlements: ["tools.backlog.write"] upsert: entitlements: ["tools.backlog.write"] set_status: entitlements: ["tools.backlog.write"] add_comment: entitlements: ["tools.backlog.write"] close: entitlements: ["tools.backlog.write"] auto_generate_weekly: entitlements: ["tools.backlog.admin"] cleanup: entitlements: ["tools.backlog.admin"] architecture_pressure_tool: actions: service: entitlements: ["tools.pressure.read"] dashboard: entitlements: ["tools.pressure.read"] digest: entitlements: ["tools.pressure.write"] incident_intelligence_tool: actions: correlate: entitlements: ["tools.oncall.read"] recurrence: entitlements: ["tools.oncall.read"] buckets: entitlements: ["tools.oncall.read"] weekly_digest: entitlements: ["tools.oncall.incident_write"] # writes FS artifacts + autofollowups alert_ingest_tool: actions: ingest: entitlements: ["tools.alerts.ingest"] list: entitlements: ["tools.alerts.read"] get: entitlements: ["tools.alerts.read"] ack: entitlements: ["tools.alerts.ack"] claim: entitlements: ["tools.alerts.claim"] fail: entitlements: ["tools.alerts.ack"] observability_tool: actions: metrics_query: entitlements: ["tools.observability.read"] metrics_range: entitlements: ["tools.observability.read"] logs_query: entitlements: ["tools.observability.read"] traces_query: entitlements: ["tools.observability.traces"] service_overview: entitlements: ["tools.observability.read"] slo_snapshot: entitlements: ["tools.observability.read"] monitor_tool: actions: status: entitlements: ["tools.monitor.read"] pr_reviewer_tool: actions: review: entitlements: ["tools.pr_review.use"] gate: entitlements: ["tools.pr_review.gate"] contract_tool: actions: lint_openapi: entitlements: ["tools.contract.use"] diff_openapi: entitlements: ["tools.contract.use"] generate_client_stub: entitlements: ["tools.contract.use"] gate: entitlements: ["tools.contract.gate"] config_linter_tool: actions: lint: entitlements: ["tools.config_lint.use"] gate: entitlements: ["tools.config_lint.gate"] threatmodel_tool: actions: analyze_service: entitlements: ["tools.threatmodel.use"] analyze_diff: entitlements: ["tools.threatmodel.use"] generate_checklist: entitlements: ["tools.threatmodel.use"] gate: entitlements: ["tools.threatmodel.gate"] job_orchestrator_tool: actions: list_tasks: entitlements: ["tools.jobs.use"] start_task: entitlements: ["tools.jobs.use"] get_job: entitlements: ["tools.jobs.use"] cancel_job: entitlements: ["tools.jobs.cancel"] memory_search: actions: _default: entitlements: ["tools.memory.read"] graph_query: actions: _default: entitlements: ["tools.memory.read"] remember_fact: actions: _default: entitlements: ["tools.memory.write"] web_search: actions: _default: entitlements: ["tools.web.read"] web_extract: actions: _default: entitlements: ["tools.web.read"] crawl4ai_scrape: actions: _default: entitlements: ["tools.web.read"] image_generate: actions: _default: entitlements: ["tools.media.generate"] comfy_generate_image: actions: _default: entitlements: ["tools.media.generate"] comfy_generate_video: actions: _default: entitlements: ["tools.media.generate"] tts_speak: actions: _default: entitlements: ["tools.media.generate"] presentation_create: actions: _default: entitlements: ["tools.docs.create"] presentation_status: actions: _default: entitlements: ["tools.docs.create"] presentation_download: actions: _default: entitlements: ["tools.docs.create"] file_tool: actions: _default: entitlements: ["tools.docs.create"] market_data: actions: _default: entitlements: ["tools.market.read"] data_governance_tool: actions: digest_audit: entitlements: ["tools.data_gov.read"] scan_repo: entitlements: ["tools.data_gov.read"] scan_audit: entitlements: ["tools.data_gov.read"] retention_check: entitlements: ["tools.data_gov.read"] policy: entitlements: ["tools.data_gov.read"] gate: entitlements: ["tools.data_gov.gate"] cost_analyzer_tool: actions: digest: entitlements: ["tools.cost.read"] report: entitlements: ["tools.cost.read"] top: entitlements: ["tools.cost.read"] anomalies: entitlements: ["tools.cost.read"] weights: entitlements: ["tools.cost.read"] gate: entitlements: ["tools.cost.gate"] dependency_scanner_tool: actions: scan: entitlements: ["tools.deps.read"] gate: entitlements: ["tools.deps.gate"] drift_analyzer_tool: actions: analyze: entitlements: ["tools.drift.read"] gate: entitlements: ["tools.drift.gate"] calendar_tool: actions: connect: entitlements: ["tools.calendar.use"] list_calendars: entitlements: ["tools.calendar.use"] list_events: entitlements: ["tools.calendar.use"] get_event: entitlements: ["tools.calendar.use"] create_event: entitlements: ["tools.calendar.use"] update_event: entitlements: ["tools.calendar.use"] delete_event: entitlements: ["tools.calendar.use"] set_reminder: entitlements: ["tools.calendar.use"] agent_email_tool: actions: create_inbox: entitlements: ["tools.email.use"] list_inboxes: entitlements: ["tools.email.use"] delete_inbox: entitlements: ["tools.email.use"] send: entitlements: ["tools.email.use"] receive: entitlements: ["tools.email.use"] analyze_email: entitlements: ["tools.email.use"] browser_tool: actions: _default: entitlements: ["tools.browser.use"] safe_code_executor_tool: actions: _default: entitlements: ["tools.exec.safe"] secure_vault_tool: actions: _default: entitlements: ["tools.vault.manage"] # ─── Role → Entitlements ───────────────────────────────────────────────────── # Lists which entitlements each role has. # Used by tool_governance.py to resolve agent role → entitlement set. role_entitlements: agent_default: - tools.repo.read - tools.kb.read - tools.oncall.read - tools.observability.read - tools.memory.read - tools.memory.write - tools.web.read - tools.media.generate - tools.docs.create - tools.jobs.use agent_cto: - tools.repo.read - tools.kb.read - tools.oncall.read - tools.oncall.incident_write - tools.alerts.ingest - tools.alerts.read - tools.alerts.ack - tools.alerts.claim - tools.observability.read - tools.observability.traces - tools.monitor.read - tools.memory.read - tools.memory.write - tools.web.read - tools.media.generate - tools.docs.create - tools.pr_review.use - tools.pr_review.gate - tools.contract.use - tools.contract.gate - tools.config_lint.use - tools.config_lint.gate - tools.threatmodel.use - tools.threatmodel.gate - tools.jobs.use - tools.jobs.cancel - tools.jobs.run.smoke - tools.jobs.run.drift - tools.jobs.run.backup - tools.jobs.run.migrate - tools.jobs.run.deploy - tools.jobs.run.ops - tools.deps.read - tools.deps.gate - tools.cost.read - tools.cost.gate - tools.data_gov.read - tools.data_gov.gate - tools.drift.read - tools.drift.gate - tools.risk.read - tools.risk.write - tools.pressure.read - tools.pressure.write - tools.backlog.read - tools.backlog.write - tools.backlog.admin - tools.calendar.use - tools.email.use - tools.browser.use - tools.exec.safe - tools.vault.manage agent_oncall: - tools.repo.read - tools.kb.read - tools.oncall.read - tools.oncall.incident_write - tools.alerts.read - tools.alerts.ack - tools.alerts.claim - tools.observability.read - tools.monitor.read - tools.memory.read - tools.web.read - tools.jobs.use - tools.jobs.run.smoke - tools.jobs.run.drift - tools.jobs.run.ops - tools.deps.read - tools.drift.read - tools.cost.read - tools.data_gov.read - tools.risk.read - tools.risk.write - tools.pressure.read - tools.backlog.read - tools.backlog.write agent_media: - tools.repo.read - tools.kb.read - tools.oncall.read - tools.observability.read - tools.memory.read - tools.memory.write - tools.web.read - tools.media.generate - tools.docs.create - tools.jobs.use agent_monitor: # Read-only: observability, health, KB — no incident write, no jobs # Can INGEST alerts (detect → alert), but NOT create incidents - tools.oncall.read - tools.observability.read - tools.monitor.read - tools.kb.read - tools.alerts.ingest - tools.risk.read agent_interface: # Minimal: KB + incident list/get + alert list/get + backlog read (read-only) - tools.kb.read - tools.oncall.read - tools.alerts.read - tools.backlog.read