[wip] single runtime handling

2026-03-10 09:30:57 -05:00
parent 9e7e35cbe3
commit 5b45b17fa6
43 changed files with 2905 additions and 110 deletions
--- a/packs/core/permission_sets/admin.yaml
+++ b/packs/core/permission_sets/admin.yaml
@@ -0,0 +1,36 @@
+ref: core.admin
+label: Admin
+description: Full administrative access across Attune resources.
+grants:
+  - resource: packs
+    actions: [read, create, update, delete]
+  - resource: actions
+    actions: [read, create, update, delete, execute]
+  - resource: rules
+    actions: [read, create, update, delete]
+  - resource: triggers
+    actions: [read, create, update, delete]
+  - resource: executions
+    actions: [read, create, update, delete, cancel]
+  - resource: events
+    actions: [read, create, delete]
+  - resource: enforcements
+    actions: [read, create, delete]
+  - resource: inquiries
+    actions: [read, create, update, delete, respond]
+  - resource: keys
+    actions: [read, create, update, delete]
+  - resource: artifacts
+    actions: [read, create, update, delete]
+  - resource: workflows
+    actions: [read, create, update, delete]
+  - resource: webhooks
+    actions: [read, create, update, delete]
+  - resource: analytics
+    actions: [read]
+  - resource: history
+    actions: [read]
+  - resource: identities
+    actions: [read, create, update, delete]
+  - resource: permissions
+    actions: [read, create, update, delete, manage]
--- a/packs/core/permission_sets/editor.yaml
+++ b/packs/core/permission_sets/editor.yaml
@@ -0,0 +1,24 @@
+ref: core.editor
+label: Editor
+description: Create and update operational resources without full administrative control.
+grants:
+  - resource: packs
+    actions: [read, create, update]
+  - resource: actions
+    actions: [read, create, update, execute]
+  - resource: rules
+    actions: [read, create, update]
+  - resource: triggers
+    actions: [read]
+  - resource: executions
+    actions: [read, create, cancel]
+  - resource: keys
+    actions: [read, update]
+  - resource: artifacts
+    actions: [read]
+  - resource: workflows
+    actions: [read, create, update]
+  - resource: analytics
+    actions: [read]
+  - resource: history
+    actions: [read]
--- a/packs/core/permission_sets/executor.yaml
+++ b/packs/core/permission_sets/executor.yaml
@@ -0,0 +1,20 @@
+ref: core.executor
+label: Executor
+description: Read operational metadata and trigger executions without changing system definitions.
+grants:
+  - resource: packs
+    actions: [read]
+  - resource: actions
+    actions: [read, execute]
+  - resource: rules
+    actions: [read]
+  - resource: triggers
+    actions: [read]
+  - resource: executions
+    actions: [read, create]
+  - resource: artifacts
+    actions: [read]
+  - resource: analytics
+    actions: [read]
+  - resource: history
+    actions: [read]
--- a/packs/core/permission_sets/viewer.yaml
+++ b/packs/core/permission_sets/viewer.yaml
@@ -0,0 +1,20 @@
+ref: core.viewer
+label: Viewer
+description: Read-only access to operational metadata and execution visibility.
+grants:
+  - resource: packs
+    actions: [read]
+  - resource: actions
+    actions: [read]
+  - resource: rules
+    actions: [read]
+  - resource: triggers
+    actions: [read]
+  - resource: executions
+    actions: [read]
+  - resource: artifacts
+    actions: [read]
+  - resource: analytics
+    actions: [read]
+  - resource: history
+    actions: [read]
--- a/packs/core/runtimes/shell.yaml
+++ b/packs/core/runtimes/shell.yaml
@@ -32,3 +32,7 @@ execution_config:
    binary: "/bin/bash"
    args: []
    file_extension: ".sh"
+  inline_execution:
+    strategy: temp_file
+    extension: ".sh"
+    inject_shell_helpers: true