Skip to content

docs: security permission matrix#174

Merged
4 commits merged intomainfrom
claude/suspicious-goldwasser
Mar 25, 2026
Merged

docs: security permission matrix#174
4 commits merged intomainfrom
claude/suspicious-goldwasser

Conversation

@vishalchangrani
Copy link
Copy Markdown
Contributor

@vishalchangrani vishalchangrani commented Feb 19, 2026

Summary

  • Adds docs/security-permission-matrix.md mapping all FlowALPv0 entitlements to operations
  • Grouped by resource (Pool, Position, PositionManager, Rebalancer, RebalancerPaid)
  • Includes plain-language descriptions and audit notes (union vs conjunction, EImplementation scope)

Test Plan

  • Review matrix against contract source for completeness
  • Verify no entitlement over-grants or missing access controls

vishalchangrani and others added 4 commits February 19, 2026 11:56
@vishalchangrani @claude
add security permission matrix doc
c38635e 
Maps all FlowALPv0 entitlements to operations by resource, with plain-language descriptions. Intended for audit/security review.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@vishalchangrani @claude
docs: highlight EPosition over-grant risk in permission matrix
25fd067 
- Mark EPosition as protocol-internal only, not for end users
- Add ownership-check warnings on all pool-level EPosition operations
- Document the beta capability over-grant issue (EPosition -> EParticipant fix needed)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@vishalchangrani @claude
docs: restructure matrix by actor to expose beta over-grant clearly
7a1ea97 
Replace resource-grouped columns with actor columns (User, User w/ EPosition,
Rebalancer, Position Owner, Governance, Protocol Internal). The beta over-grant
is now directly visible as a dedicated column showing what current beta users
can do vs. what they should be able to do.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@vishalchangrani @claude
docs: clarify EPositionAdmin is user acting on own positions via storage
2780290 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@mts1715 mts1715 closed this pull request by merging all changes into main in b9d0051 Mar 25, 2026
@mts1715 mts1715 deleted the claude/suspicious-goldwasser branch March 25, 2026 17:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vishalchangrani @mts1715