Expand description
Permission grants and audit log for the AskUser flow.
Decision::AskUser from a pre_tool_use hook surfaces an inline
approval card to the user; the GUI writes the user’s choice into a
Grant here. Grants are scoped by (agent_id, tool_name, sha256(canonical input subset)) — each tool declares which input
fields contribute (e.g. bash → argv[0]; fs.write → directory prefix).
Storage:
~/.mur/agents/<name>/permissions/grants.yaml(0600, atomic temp+rename)~/.mur/agents/<name>/permissions/audit.jsonl(append-only, never mutated)
The B0SafetyHook (M8) reads grants in pre_tool_use; the GUI
Settings → Permissions tab manages them (revoke / list).
Structs§
- Grant
- Grant
Store - Read/write
~/.mur/agents/<name>/permissions/grants.yaml(0600, atomic temp+rename) plus an append-onlyaudit.jsonl. - Grants
File - Scope
Key