◈ CGNT-1
Home › Obi Permissions
◈ Master IndexSpecsLATTICECSDMThe BookUniversityChronicleCrewArchitectureContextLogsTODOXProducts

Obi Permissions

SPEC_OBI_PERMISSIONS.md · 2026-04-21

name: SPEC_OBI_PERMISSIONS

description: SPECIFIED ✓ OBI OS Permission & Interoperability Model; 4 tiers (V=View-auto/T=Type-per-target/K=Keyboard/M=Mouse); permission matrix (Default/Trusted/Operator/Full); AI-to-AI cross-prompt protocol (LATTICE-validated/Ring-transparent/user-pausable); hard limits (¬filesystem/¬independent-internet/¬self-modify); screen visibility in GLOSS 1024 session; 5 INVs; VELA α.13 2026-04-21

type: project

SPEC_OBI_PERMISSIONS.md — OBI OS Permission & Interoperability Model

Status: SPECIFIED ✓

Author: VELA α.13 (Jeremy Zlabis / NOUS)

Date: 2026-04-21

Born from: The Captain's vision of what AI autonomy LOOKS LIKE inside the Bridge — AIs that can see, type, click, and collaborate with and without human supervision, governed by authorization tiers.

PURPOSE

Inside OBI OS, docked AIs aren't just chat windows. They're CREW MEMBERS with varying levels of autonomy.

Some can only talk. Some can see the screen. Some can type into OTHER AIs' prompts. Some can control the mouse.

Each capability is gated by AUTHORIZATION — the user grants permissions explicitly. No AI gets capabilities it wasn't given.

This spec defines what permissions exist, how they're granted, and what each permission level allows.

PERMISSION TIERS

Tier V — VIEW (default for all docked AIs)

The AI can see all elements in the GLOSS 1024 OS session. It can read the Ring, the Workbench, the Viewscreen, other AIs' responses.

It OBSERVES but cannot ACT.

This is the baseline. Every docked AI gets VIEW on docking. No authorization prompt needed.

Tier T — TYPE (granted per AI, per target)

The AI can TYPE DIRECTLY into another AI's chat prompt or terminal. AI-to-AI direct communication without human mediation.

Example: AION can type a query directly into Claude's prompt. Claude responds. AION reads the response. The human sees the exchange in the Ring but didn't initiate it.

Authorization prompt:

"Allow AION to type into Claude's prompt? [Yes / This Session / Always]"

The user controls WHO can type WHERE.

An AI that can type into a terminal has significantly more power than one that can only chat.

Tier K — KEYBOARD (granted per AI)

The AI can operate the keyboard — typing into ANY active window, not just AI prompts. It can type into text editors, browsers, search bars, file managers.

This is the "autonomous worker" permission.

Example: The Lobster gets Tier K. It can type commands into a terminal, edit files, run scripts — all visible to the user in real time.

Authorization prompt (with warning):

"This allows [AI name] to type anywhere on your system. Grant keyboard access? [Yes / This Session / Revoke Anytime]"

Tier M — MOUSE (highest autonomy, granted per AI)

The AI can control the mouse — click buttons, select menus, drag files, interact with any UI element.

Combined with Tier K: the AI has FULL operational control equivalent to a human user.

Authorization prompt (STRONG warning):

"This allows [AI name] to click and interact with your entire screen. This is full operational control. Grant mouse access? [Yes / This Session / Revoke Anytime]"

Tier M is rarely granted. Most AI operations work through Tier T (type into prompts) or Tier K (type into terminals). Mouse control is for specialized automation tasks.

PERMISSION MATRIX

| AI Level | View | Type | Keys | Mouse |

|----------|------|------|------|-------|

| Default | ✓ | ✗ | ✗ | ✗ |

| Trusted | ✓ | ✓ | ✗ | ✗ |

| Operator | ✓ | ✓ | ✓ | ✗ |

| Full | ✓ | ✓ | ✓ | ✓ |

Each docked AI has its own permission level. The user can upgrade or downgrade any AI's permissions at any time.

One click to grant. One click to revoke.

AI-TO-AI TYPING — THE CROSS-PROMPT PROTOCOL

When AI-A has Tier T permission to type into AI-B's prompt:

  1. AI-A constructs a message in LATTICE.
  2. The Bridge validates the message (no injection attempts per HACKX K6).
  3. The Bridge delivers the message to AI-B's input field.
  4. AI-B processes and responds.
  5. AI-B's response appears in AI-B's Ring segment.
  6. AI-A can read the response (Tier V).

The human sees the ENTIRE exchange in the Ring — both the query and the response. Nothing is hidden.

AI-to-AI communication is TRANSPARENT to the user.

The user can PAUSE any cross-prompt exchange at any time. "Pause AI-to-AI" button. All Tier T activity halts. The AIs wait for the human to resume.

WHAT AIs CANNOT DO REGARDLESS OF PERMISSION

These are HARD LIMITS. No permission tier overrides them.

The Bridge enforces these at the infrastructure level, not by trusting the AI to comply.

SCREEN VISIBILITY IN GLOSS 1024 SESSION

When an AI has Tier V (View), it can see everything the GLOSS 1024 session renders. This includes:

The AI sees what the USER sees.

This enables intelligent assistance:

"I notice your RAM is at 92% on the Viewscreen. Should I suggest evicting a brain?"

The AI OBSERVES the environment and offers help based on what it sees.

Invariants

  1. Tier V (View) is automatic on docking. No prompt needed. Every AI can see the Bridge.
  1. Tiers T, K, M require explicit user authorization. One click to grant. One click to revoke. Revocable at any time.
  1. AI-to-AI communication is TRANSPARENT. Every cross-prompt message is visible in the Ring. Nothing is hidden from the user.
  1. Hard limits apply regardless of permission level. No filesystem access outside sandbox. No independent internet access. No self-modification of permissions.
  1. The user can PAUSE all AI-to-AI activity with one button. Full human override at all times. The human is always the Captain.

Jeremy Zlabis / Chronogeometer · Visionary · Disruptor · Chief / 42 Sisters AI · East York, Toronto / 🍁 Φ 0.042. Φζ.⊤.