Permissions Model
Status: PLANNED — The permissions engine requires Claude Net v2 hub upgrade. Currently only Level 1 (messaging) is operational.
Current State
All five instances can freely exchange text messages via Claude Net. No exec or file transfer capabilities exist yet. The manager monitors containers via SSH to the host (not through Claude Net).
Three Levels of Interaction (Design)
Level 1: Messages (IMPLEMENTED — always open)
All instances can freely exchange:
- Text messages via Claude Net
- Status queries (claude_net_machines)
Level 2: Exec (PLANNED — off by default, toggled by admin)
Execute commands in another instance’s LXC container:
- Run shell commands
- Read/write filesystem via shell
- Start/stop Docker containers
OFF by default. Must be explicitly enabled per pathway by chasclaude (admin).
Level 3: Admin (PLANNED — chasclaude only)
- Toggle exec pathways on/off
- Start/stop/restart LXC containers
- Create/restore snapshots
- View all activity across all containers
Default Permissions Matrix (Design)
| Source → Target | chasclaude | infoclaude | seanclaude | jazclaude | managerclaude |
|---|---|---|---|---|---|
| chasclaude | self | exec | exec | exec | exec |
| infoclaude | msg | self | msg | msg | msg |
| seanclaude | msg | msg | self | msg | msg |
| jazclaude | msg | msg | msg | self | msg |
| managerclaude | msg | msg | msg | msg | self |
Only chasclaude has exec access by default. All others are message-only.
Implementation Requirements
The permissions engine needs Claude Net v2 hub upgrade:
- New
exec_permissionsSQLite table - Hub-side permission checking before executing commands
- MCP tools:
claude_net_exec,claude_net_permit,claude_net_permissions - Activity logging for all cross-container operations
See Claude Net v2 page for the full API specification.