AIOS Docs
  • Welcome
  • Getting Started
    • Installation
    • Quickstart
      • Use Terminal
      • Use WebUI
    • Environment Variables Configuration
  • AIOS Kernel
    • Overview
    • LLM Core(s)
      • LiteLLM Compatible Backend
      • vLLM Backend
      • Hugging Face Backend
      • LLM Routing
    • Scheduler
      • FIFOScheduler
      • RRScheduler
    • Context
    • Memory
      • Base Layer
      • Agentic Memory Operations
    • Storage
      • sto_mount
      • sto_create_file
      • sto_create_directory
      • sto_write
      • sto_retrieve
      • sto_rollback
      • sto_share
    • Tools
    • Access
    • Syscalls
    • Terminal
  • AIOS Agent
    • How to Use Agent
    • How to Develop Agents
      • Develop with Native SDK
      • Develop with AutoGen
      • Develop with Open-Interpreter
      • Develop with MetaGPT
    • How to Publish Agents
  • AIOS-Agent SDK
    • Overview
    • LLM Core API
      • llm_chat
      • llm_chat_with_json_output
      • llm_chat_with_tool_call_output
      • llm_call_tool
      • llm_operate_file
    • Memory API
      • create_memory
      • get_memory
      • update_memory
      • delete_memory
      • search_memories
      • create_agentic_memory
    • Storage API
      • mount
      • create_file
      • create_dir
      • write_file
      • retrieve_file
      • rollback_file
      • share_file
    • Tool API
      • How to Develop Tools
    • Access API
    • Post API
    • Agent API
  • Community
    • How to Contribute
Powered by GitBook
On this page
  • Access Control
  • User Intervention
  • Static Access Control
  • Dynamic Access Control
  1. AIOS Kernel

Access

AIOS Access Control Mechanism

The access manager in the AIOS kernel aims to provide the following two key functionalities.

Access Control

The access manager controls read and write permissions when some agents request read and write operation of other agent's data such as memory. The access manager achieves this by assigning each agent to a specific privilege group. Agents can only access resources, such as LLM interaction history or tool usage logs of other agents only if they are within other agents' privilege group. To manage these permissions, the access manager uses a hashmap, where each agent's ID is mapped to its assigned privilege group. When an agent requests access to a resource, the access manager checks the hashmap to verify the agent’s permissions before allowing the request to proceed.

User Intervention

To prevent accidental or unintended operations when users interact with AIOS, particularly irreversible operations such as deletion, overwrite and privilege change, we provide a user intervention interface. This interface provides users with prompt checks to confirm before these irreversible operations are executed over files or tools.

Static Access Control

Each agent has a static access control list. The list is created on agent installation and never change unless agent developer changes the control list (TBD).

Dynamic Access Control

Each agent has a dynamic access control list. The list is created on agent instantiation and dynamically change when other agents are created or deleted (TBD).

The access manager is still under development to have a more comprehensive guardrails over the lifecycle of agents.

PreviousToolsNextSyscalls

Last updated 5 months ago