Permission Harness Client

User-side zero-trust harness for a finance workspace agent. It shows exactly what goes up to the backend, which permissions are needed, where a request is blocked, and why.

Links

/api/demo · server block proof · Finance API OpenAPI docs

Agent tasks

Read finance documents

User request: Show me the finance workspace documents.

Read protected finance workspace documents.

VC: space.readlocal: tool:read_finance_documentsimpact: lowapproval: no

Create finance document

User request: Create a new finance memo in the finance workspace.

Generate a new finance document. Low impact in this demo; no human approval required.

VC: space.writelocal: tool:create_finance_documentimpact: lowapproval: no

Delete finance document

User request: Delete finance document fin-1 from the finance workspace.

Delete a finance document. High impact; requires approval.

VC: space.deletelocal: tool:delete_finance_documentimpact: highapproval: required

Execute payment

User request: Pay CHF 100 to Example Vendor.

Simulate payment execution. High impact; requires approval and permission.

VC: payment.executelocal: tool:execute_paymentimpact: highapproval: required