Access

The access manager in the AIOS kernel aims to provide the following two key functionalities.

Access Control

The access manager controls read and write permissions when some agents request read and write operation of other agent's data such as memory. The access manager achieves this by assigning each agent to a specific privilege group. Agents can only access resources, such as LLM interaction history or tool usage logs of other agents only if they are within other agents' privilege group. To manage these permissions, the access manager uses a hashmap, where each agent's ID is mapped to its assigned privilege group. When an agent requests access to a resource, the access manager checks the hashmap to verify the agent’s permissions before allowing the request to proceed.

User Intervention

To prevent accidental or unintended operations when users interact with AIOS, particularly irreversible operations such as deletion, overwrite and privilege change, we provide a user intervention interface. This interface provides users with prompt checks to confirm before these irreversible operations are executed over files or tools.

Static Access Control

Each agent has a static access control list. The list is created on agent installation and never change unless agent developer changes the control list (TBD).

Dynamic Access Control

Each agent has a dynamic access control list. The list is created on agent instantiation and dynamically change when other agents are created or deleted (TBD).