Agent Skills & Execution Permissions
Agent Skills & Execution Permissions
Relevant source files
The following files were used as context for generating this wiki page:
This page describes the governance framework for AI agents operating within the Primebrick v3 microservices repository. It details the skill-based execution model defined in the .devin/skills directory and the security sandbox configuration that restricts command-line operations.
1. The "Feature" Skill Framework
The repository utilizes a structured skill framework to guide AI agents through complex, multi-step tasks. The primary operational unit is the feature skill, which enforces a specific lifecycle for code modifications to ensure stability and quality.
1.1 Implementation Logic
The feature skill follows a four-step sequential workflow that bridges the gap between natural language requirements and verified code changes:
- Implement: The agent performs the requested code modifications based on the repository's architectural standards.
- Test: The agent is required to author unit or integration tests for the new functionality.
- Fix: The agent executes the tests and must resolve any failures before proceeding.
- Summarize: A final report of changes is generated to maintain the audit trail.
1.2 Tool Sandboxing
Each skill defines an allowed-tools whitelist. This restricts the agent's interaction with the filesystem and environment to a minimal set of capabilities required for the task. For the feature skill, the sandbox is limited to:
read: File inspection.write: Code application.exec: Command execution (subject to global permissions).grep: Content searching.
Workflow: Feature Skill Execution
The following diagram illustrates the transition from a Natural Language Request to the execution of the feature skill steps.
"Natural Language to Execution Flow"
Code
Sources:
featureskill definition: .devin/skills/feature/SKILL.md:1-9- Tool whitelist: .devin/skills/feature/SKILL.md:4-4
2. Execution Permissions & Whitelisting
While the feature skill grants the agent the ability to use the exec tool, the actual commands that can be run are governed by a global permission whitelist. This prevents the execution of unauthorized binaries or scripts that could compromise the development environment.
2.1 config.local.json Specification
The permissions.allow array in the configuration file defines the explicit boundary of the agent's shell access. Only the commands listed in this file are permitted for use via the Exec() interface.
| Allowed Command | Purpose |
|---|---|
npx | Running local package binaries (e.g., Prisma, Vitest). |
npm list | Dependency tree inspection. |
powershell | System-level task orchestration on Windows environments. |
cd | Directory navigation within the monorepo. |
pnpm | Package management and workspace script execution. |
git | Version control operations (commits, branch management). |
2.2 Command Validation Flow
When an agent attempts to execute a command as part of Step 3 (Run tests) of the feature skill, the system validates the command against the config.local.json whitelist.
"Permission Validation Logic"
Code
Sources:
- Permission whitelist: .devin/config.local.json:2-11
- Execution step: .devin/skills/feature/SKILL.md:8-8
3. Data Flow: From Request to Verified Code
The integration of skills and permissions ensures a controlled data flow. The agent cannot write code without the write tool, and it cannot verify code without the exec tool, which is further constrained by the pnpm or npx whitelist.
3.1 Interaction Summary
- Skill Activation: The agent identifies the task as a
featureimplementation. - Tool Authorization: The agent gains access to
read,write,exec, andgrep.devin/skills/feature/SKILL.md:4-4. - Command Execution: When the agent runs
pnpm test, theconfig.local.jsonfile is consulted. SinceExec(pnpm)is allowed .devin/config.local.json:8-8, the command proceeds. - State Finalization: Once tests pass, the agent uses the
writetool to finalize the implementation and thegittool .devin/config.local.json:9-9 to commit the changes.
Sources:
- Skill steps: .devin/skills/feature/SKILL.md:6-9
- Allowed binaries: .devin/config.local.json:3-10