beaver_project/projcet_review/backend_blueprint/permissions.html

<!doctype html>
<html lang="zh-CN">
<head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Permissions 模块蓝图</title><link rel="stylesheet" href="blueprint.css"></head>
<body><main class="page">
<header class="topbar"><h1>Permissions</h1><p>当前 <code>beaver/permissions</code> 更像预留边界，还没有形成完整策略执行链路。它应该承接工具执行、文件访问、外部集成、用户身份和审计之间的权限判断。</p></header>
<nav class="nav"><a href="index.html">索引</a><a href="tools.html">Tools</a><a href="integrations.html">Integrations</a></nav>
<section class="content">
<h2>预期大模块流程</h2>
<div class="flow">
  <div class="step"><strong>请求动作</strong>tool / integration / file / cron</div><div class="arrow">-&gt;</div>
  <div class="step"><strong>上下文</strong>user/session/source/workspace</div><div class="arrow">-&gt;</div>
  <div class="step"><strong>策略判断</strong>本地 policy 或 AuthZ</div><div class="arrow">-&gt;</div>
  <div class="step"><strong>执行/拒绝</strong>ToolResult 或异常</div><div class="arrow">-&gt;</div>
  <div class="step"><strong>审计</strong>session event/run evidence</div>
</div>

<h2>当前状态</h2>
<article class="module">
  <h3>骨架模块</h3>
  <p>现有代码没有在核心路径中统一调用 permissions policy。工具执行主要依赖 ToolExecutor 和各工具自身约束；外部授权能力放在 integrations/authz 边界。</p>
  <div class="subflow">
    <div>权限模块可作为未来统一策略层。</div>
    <div>ToolContext 已携带 user/session/workspace/services，可作为策略输入。</div>
    <div>session event 已经具备审计载体，可记录 allow/deny。</div>
  </div>
</article>

<h2>修改建议核对点</h2>
<p>如果后续补权限，建议从 ToolExecutor 前置检查切入：它是所有 provider tool_call 的统一收口点。第二个切入点是 web route 层的管理类 API，例如 skill 发布、cron 修改、文件系统工具。</p>
</section></main></body></html>