Skip to content

v0.3.7 — Coder Skill, Knowledge Base, Authorization Layer

Choose a tag to compare

@thatsme thatsme released this 22 Mar 09:37

What's New

Autonomous Skill Generation (Coder)

  • /coder command generates dynamic skills from natural language via local LLM
  • Runtime validation: compile, load, test, retry loop (configurable max retries)
  • RAG-powered: queries knowledge base for Erlang/Elixir docs and skill patterns
  • Targeted retrieval by kind (erlang_docs, elixir_source, skill_source)

Knowledge Base Reinforcement

  • erlang_docs_scraper — fetches OTP docs from GitHub .erl source files with Elixir calling convention hints
  • lyse_scraper — scrapes Learn You Some Erlang OTP chapters
  • skill_source_indexer — indexes existing skill source code with checksum-based freshness tracking
  • elixir_source_scraper — fetches Elixir stdlib source from GitHub
  • Knowledge base grew from ~4400 to ~7200 embeddings

Agent Authorization Layer

Three-phase composable authorization system:

Phase 1 — Context-Aware Permission Checks

  • AuthContext struct carries caller, type, permission, chain depth, workflow run ID
  • PolicyEngine evaluates context with chain-depth enforcement (max 3)
  • Structured audit logging for all authorization denials

Phase 2 — Capability Tokens (Macaroon-style)

  • HMAC-signed tokens with permission attenuation
  • Workflow steps get scoped tokens; cross-skill invocation further restricts
  • SafeExecutor runs dynamic skills in isolated processes
  • Tampered tokens rejected via timing-safe comparison

Phase 3 — Policy Rules Engine

  • Configurable policy rules stored in PostgreSQL (rate_limit, time_window, chain_restriction, permission_override)
  • Per-skill rate limiting via ETS counters
  • Audit log persistence with 30-day auto-prune
  • Admin UI at /policies for CRUD + audit log viewing

Other Changes

  • Removed stale Feeds nav link
  • Updated SECURITY.md with full authorization documentation and JSON config examples