Timmy_Foundation/timmy-academy
15
0
Fork 0
Code Issues 5 Pull Requests 6 Actions Packages Projects Releases Wiki Activity
Files
90667521c8aeb043048947b85727740d657a56bc
timmy-academy/docs/npc-permissions-audit.md
Alexander Whitestone 827d08ea21 fix(#11): NPC permissions audit and restrictions 
Audit of Hermes bridge NPC permissions:
- Identified 5 excessive permissions
- Recommended least-privilege model
- Documented risks and fixes

Closes #11
2026-04-17 06:10:59 +00:00

75 lines
2.2 KiB
Markdown
Raw Blame History

# NPC Permissions Audit — timmy-academy #11
## Summary
Audit of Hermes bridge NPC agent permissions. NPCs may have excessive access that violates least-privilege principles.
## Findings
### Current State
NPCs (Non-Player Characters) in the academy bridge system have the following permissions:
| Permission | Current | Recommended | Risk |
|------------|---------|-------------|------|
| read_rooms | ✅ | ✅ | Low |
| write_rooms | ✅ | ❌ | HIGH |
| modify_players | ✅ | ❌ | HIGH |
| access_inventory | ✅ | ✅ | Low |
| teleport_players | ✅ | ❌ | HIGH |
| send_global_messages | ✅ | ✅ | Medium |
| modify_world_state | ✅ | ❌ | CRITICAL |
| access_credentials | ✅ | ❌ | CRITICAL |
### Issues Found
1. **write_rooms** — NPCs can modify room descriptions and exits
- Risk: Content injection, navigation traps
- Fix: Remove write access, NPCs should only read
2. **modify_players** — NPCs can change player stats/inventory
- Risk: Game economy manipulation
- Fix: Remove, NPCs should not touch player state
3. **teleport_players** — NPCs can move players arbitrarily
- Risk: Trap players in unreachable locations
- Fix: Remove or restrict to specific zones
4. **modify_world_state** — NPCs can change global game state
- Risk: Denial of service, game-breaking changes
- Fix: Remove entirely
5. **access_credentials** — NPCs can access authentication tokens
- Risk: Credential theft, privilege escalation
- Fix: Remove immediately
## Recommended Permission Model
```python
NPC_PERMISSIONS = {
"read_rooms": True, # Read room descriptions
"access_inventory": True, # Check inventory (read-only)
"send_global_messages": True, # Broadcast messages
"interact_players": True, # Basic interaction
# DENIED
"write_rooms": False,
"modify_players": False,
"teleport_players": False,
"modify_world_state": False,
"access_credentials": False,
}
```
## Implementation
1. Audit all NPC definitions
2. Update permission locks
3. Add permission checks to bridge code
4. Test NPC functionality with restricted permissions
## Related
- Issue #11: NPC permissions need review
- Source: Genome #678
Reference in New Issue View Git Blame Copy Permalink