# rye:signed:2026-03-17T01:41:48Z:f25bbf0bd36d76ff42571604934a67e1ae79aad6db0485a758d33120efb5e9f4:YVZSqlwy1TIRi0gM3A7eFqaypaq7ef-9DP5K0Gm2Cysuhb1cA4ENvgxinAwukH-gYitPtsXKKKgk2xt8IBViCA==:6ea18199041a1ea8
# config/capability_risk.yaml
category: "agent"
tool_type: "config"
version: "1.0.0"
description: "Capability risk classifications and safety policies"
schema_version: "1.0.0"

risk_levels:
  safe:
    description: "Read-only operations with no side effects"
    policy: allow
  write:
    description: "Can modify files within the project scope"
    policy: allow
  elevated:
    description: "Can execute arbitrary commands or access external systems"
    policy: acknowledge_required
  unrestricted:
    description: "Full system access — equivalent to running as the user"
    policy: block

classifications:
  - risk: unrestricted
    patterns:
      - "rye.*"
    description: "Wildcard grants full system access"

  - risk: elevated
    patterns:
      - "rye.execute.tool.rye.bash.*"
      - "rye.execute.tool.rye.shell.*"
    description: "Shell execution grants arbitrary command access"

  - risk: elevated
    patterns:
      - "rye.execute.tool.rye.web.*"
    description: "Web access can exfiltrate data or fetch untrusted content"

  - risk: elevated
    patterns:
      - "rye.execute.*"
    description: "Broad execute grants access to all tools and directives"

  - risk: write
    patterns:
      - "rye.execute.tool.rye.file-system.*"
    description: "File system write access within project scope"

  - risk: safe
    patterns:
      - "rye.search.*"
      - "rye.load.*"
      - "rye.sign.*"
    description: "Read-only discovery, inspection, and signing"
