Struct CapabilityPermissions 

pub struct CapabilityPermissions {
    pub mode: String,
    pub active_rules: usize,
    pub rule_summary: Vec<String>,
    pub inheritance: Option<String>,
    pub decision_counts: Option<PermissionsDecisionCounts>,
}

Permissions block (capabilities schema v2). Pre-P4 reports a live count of namespace standards carrying a metadata.governance policy; the full enforcement gate lands in P4. The honesty patch (P1) renames the mode from "ask" (which implied an interactive prompt loop) to "advisory" (governance metadata is recorded but not enforced).

Fields

mode: String

Enforcement mode. "advisory" until P4 ships the gate.

active_rules: usize

Number of namespace standards whose metadata.governance is non-null. Counts policies, not memories.

rule_summary: Vec<String>

v0.7.0 K5: ordered list of one-line summaries — one entry per active governance policy, sorted lexicographically by namespace. Each entry names the namespace plus the policy’s write, promote, delete, approver, and inherit values so an operator (or LLM) can see the live ruleset at a glance without fanning out per-namespace memory_namespace_get_standard calls.

Wire shape. skip_serializing_if = "Vec::is_empty" keeps the field absent from v2 responses (which historically had no per-rule serializer — the v0.6.3.1 honesty patch dropped the field from the v2 wire entirely) when no policies are configured. v3 callers see the field on every response with policies, matching the K5 spec contract that v3 brings the field back with a backing implementation.

Closes the v0.6.3.1 honest-Capabilities-v2 disclosure that this field was a placeholder — the K5 increment ships the per-rule serializer that was previously missing.

inheritance: Option<String>

v0.6.3.1 (P4, audit G1): governance-inheritance posture. "enforced" = resolve_governance_policy walks the namespace chain leaf-first and returns the most-specific policy (with inherit: false short-circuiting). Pre-v0.6.3.1 was "display_only" — the UI surfaced the chain but the gate consulted only the leaf, leaving children of governed parents completely ungoverned. The field is Option<String> so older capabilities responses (without the field) round-trip cleanly via #[serde(default)].

decision_counts: Option<PermissionsDecisionCounts>

v0.7.0 K3: per-mode decision counts since process start. Lets operators verify the gate is actually being consulted and spot drift between advertised policy and enforced policy. None on older responses (#[serde(default)] round-trips cleanly).

Trait Implementations

impl Clone for CapabilityPermissions

fn clone(&self) -> CapabilityPermissions

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for CapabilityPermissions

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for CapabilityPermissions

fn default() -> CapabilityPermissions

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for CapabilityPermissions

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for CapabilityPermissions

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.