Skip to content

Comments

docs: security permission matrix#174

Draft
vishalchangrani wants to merge 4 commits intomainfrom
claude/suspicious-goldwasser
Draft

docs: security permission matrix#174
vishalchangrani wants to merge 4 commits intomainfrom
claude/suspicious-goldwasser

Conversation

@vishalchangrani
Copy link
Contributor

Summary

  • Adds docs/security-permission-matrix.md mapping all FlowALPv0 entitlements to operations
  • Grouped by resource (Pool, Position, PositionManager, Rebalancer, RebalancerPaid)
  • Includes plain-language descriptions and audit notes (union vs conjunction, EImplementation scope)

Test Plan

  • Review matrix against contract source for completeness
  • Verify no entitlement over-grants or missing access controls

vishalchangrani and others added 4 commits February 19, 2026 11:56
Maps all FlowALPv0 entitlements to operations by resource, with plain-language descriptions. Intended for audit/security review.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Mark EPosition as protocol-internal only, not for end users
- Add ownership-check warnings on all pool-level EPosition operations
- Document the beta capability over-grant issue (EPosition -> EParticipant fix needed)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace resource-grouped columns with actor columns (User, User w/ EPosition,
Rebalancer, Position Owner, Governance, Protocol Internal). The beta over-grant
is now directly visible as a dedicated column showing what current beta users
can do vs. what they should be able to do.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant