Core System
Security Model
OpenCorpo's design goal is to let AI do useful operational work without giving unrestricted power.
1) Tool-Scoped Execution
The agent does not receive implicit full system access. It operates through registered tools.
- Tool definitions specify risk and required capabilities.
- Inputs are validated before invocation.
- Unknown tools are rejected.
2) Capability Grants
Runtime calls use capability sessions (x-oc-session).
- Calls without a valid grant are denied.
- Missing capabilities are denied and audited.
- Grants are revocable.
3) Policy Decisions
config/policy.json rules control action handling:
allow: execute directlydeny: block actionapprove: require human approval
High-risk tools are forced through approval paths unless policy explicitly allows.
4) Approval Workflow
Approvals exist for high-risk tool calls and certain code/config changes.
- Pending approvals can be approved or denied.
- Approved requests are executed by approval workers.
- Failed approvals are captured with error context.
5) Auditing and Diagnostics
OpenCorpo logs meaningful events, including:
- actor
- action
- policy rule metadata
- timestamps and runtime metadata
Diagnostics include audit integrity checks and repair endpoints.
Last updated from repo snapshot: 2026-02-20
Last updated: 2026-02-20