Context
ADR-0094 (framework#2875) makes the metadata layer the single authoritative store for permission-set definitions, with sys_permission_set a pure projection. For package-owned names (managed_by:'package'), the projector deliberately refuses env-scope bodies — the package door owns those records (ADR-0086 D4), and the ADR-0086 two-doors gate already blocks admin data-door writes on them.
The gap
The metadata type registry declares permission with allowOrgOverride: true, so saveMetaItem accepts an env-scope overlay of a package-owned set. That overlay then:
- shows in the Studio layered read (
overlay / effective),
- but is not projected onto the record (refused, warn-only), and
- is not enforced for package-baseline resolution.
That is a declared-but-inert authoring surface — an ADR-0049 violation: the author gets no error and no effect.
Proposed fix
Reject the write at authoring time, mirroring the data-plane two-doors gate: saveMetaItem('permission', name, …) at env scope should fail with a structured 403/422 (package_owned) when the target name's sys_permission_set record is managed_by:'package' — "edit the package and re-publish" guidance included. Likely needs a small per-type authoring-gate seam in the protocol (the generic layer must not know sys_permission_set's shape), registered by plugin-security next to its mutation projector.
References
- ADR-0094 D5 (documents this as a surfaced-not-fixed follow-up)
- ADR-0086 two-doors; ADR-0049 no-unenforced-security-properties
upsertEnvPermissionSet refusal in packages/plugins/plugin-security/src/permission-set-projection.ts
Filed while landing #2875 (Prime Directive #10 — out-of-scope finding).
Context
ADR-0094 (framework#2875) makes the metadata layer the single authoritative store for permission-set definitions, with
sys_permission_seta pure projection. For package-owned names (managed_by:'package'), the projector deliberately refuses env-scope bodies — the package door owns those records (ADR-0086 D4), and the ADR-0086 two-doors gate already blocks admin data-door writes on them.The gap
The metadata type registry declares
permissionwithallowOrgOverride: true, sosaveMetaItemaccepts an env-scope overlay of a package-owned set. That overlay then:overlay/effective),That is a declared-but-inert authoring surface — an ADR-0049 violation: the author gets no error and no effect.
Proposed fix
Reject the write at authoring time, mirroring the data-plane two-doors gate:
saveMetaItem('permission', name, …)at env scope should fail with a structured 403/422 (package_owned) when the target name'ssys_permission_setrecord ismanaged_by:'package'— "edit the package and re-publish" guidance included. Likely needs a small per-type authoring-gate seam in the protocol (the generic layer must not knowsys_permission_set's shape), registered by plugin-security next to its mutation projector.References
upsertEnvPermissionSetrefusal inpackages/plugins/plugin-security/src/permission-set-projection.tsFiled while landing #2875 (Prime Directive #10 — out-of-scope finding).