Permission Matrix - johnpeterman72/CursorRIPER.sigma GitHub Wiki

πŸ” Permission Matrix Reference

Complete reference for the CursorRIPER♦Σ permission system, showing what operations are allowed in each mode.

🎯 Permission Overview

CRUD Model

β„™ = {C: create, R: read, U: update, D: delete}

Permission Symbols

Symbol Meaning Description
βœ“ Allowed Full permission
βœ— Forbidden Not permitted
~ Conditional Limited/restricted

πŸ“Š Master Permission Matrix

Core CRUD Permissions by Mode

Mode Create (C) Read (R) Update (U) Delete (D)
RESEARCH Ω₁ βœ— βœ“ βœ— βœ—
INNOVATE Ξ©β‚‚ ~ βœ“ βœ— βœ—
PLAN Ω₃ βœ“ βœ“ ~ βœ—
EXECUTE Ξ©β‚„ βœ“ βœ“ βœ“ ~
REVIEW Ξ©β‚… βœ— βœ“ βœ— βœ—

Detailed Permission Breakdown

β„™(Ω₁) = {R: βœ“, C: βœ—, U: βœ—, D: βœ—}  // Research: Read-only
β„™(Ξ©β‚‚) = {R: βœ“, C: ~, U: βœ—, D: βœ—}  // Innovate: Read + conceptual
β„™(Ω₃) = {R: βœ“, C: βœ“, U: ~, D: βœ—}  // Plan: Read/Create + limited update
β„™(Ξ©β‚„) = {R: βœ“, C: βœ“, U: βœ“, D: ~}  // Execute: Full + limited delete
β„™(Ξ©β‚…) = {R: βœ“, C: βœ—, U: βœ—, D: βœ—}  // Review: Read-only

πŸ—‚οΈ File System Permissions

File Operations by Mode

Operation Research Innovate Plan Execute Review
Read file βœ“ βœ“ βœ“ βœ“ βœ“
Create file βœ— βœ— βœ“ΒΉ βœ“ βœ—
Update file βœ— βœ— βœ“ΒΉ βœ“ βœ—
Delete file βœ— βœ— βœ— βœ“Β² βœ—
Create directory βœ— βœ— βœ“ βœ“ βœ—
List directory βœ“ βœ“ βœ“ βœ“ βœ“

ΒΉ Plan mode: Only plan/specification documents Β² Execute mode: With confirmation, no mass deletion

File Type Restrictions

File Type Research Innovate Plan Execute Review
Source code Read Read Read All Read
Config files Read Read Read AllΒ³ Read
Documentation Read Read Create/Update All Read
Test files Read Read Read All Read
Binary files Read Read Read Limited Read

Β³ Config files: Extra caution required

πŸ’Ύ Database Permissions

Database Operations by Mode

Operation Research Innovate Plan Execute Review
SELECT βœ“ βœ“ βœ“ βœ“ βœ“
INSERT βœ— βœ— βœ— βœ“ βœ—
UPDATE βœ— βœ— βœ— βœ“ βœ—
DELETE βœ— βœ— βœ— βœ“β΄ βœ—
CREATE TABLE βœ— βœ— βœ— βœ“ βœ—
DROP TABLE βœ— βœ— βœ— βœ— βœ—
ALTER TABLE βœ— βœ— βœ— βœ“β΅ βœ—

⁴ DELETE: Must have WHERE clause ⁡ ALTER: Non-destructive changes only

🌐 External Service Permissions

Service Access by Mode

Service Research Innovate Plan Execute Review
Web Search βœ“ βœ“ βœ“ βœ— βœ“
API Read βœ“ βœ“ βœ“ βœ“ βœ“
API Write βœ— βœ— βœ— βœ“ βœ—
Git Read βœ“ βœ“ βœ“ βœ“ βœ“
Git Write βœ— βœ— βœ— βœ“ βœ—
Package Install βœ— βœ— βœ“βΆ βœ“ βœ—

⁢ Plan mode: Only in package.json

Why No Search in Execute?

Execute mode blocks web search to maintain focus on implementation. Complete research before entering Execute mode.

πŸ”„ Operation Categories

Operation Set Permissions

π•Š(Ω₁) = {𝕆ₒᡦₛₑᡣα΅₯β‚‘: βœ“, 𝕆α΅₯α΅’α΅£β‚œα΅€β‚β‚—: ~, 𝕆ᡣₑₐₗ: βœ—}
π•Š(Ξ©β‚‚) = {𝕆ₒᡦₛₑᡣα΅₯β‚‘: βœ“, 𝕆α΅₯α΅’α΅£β‚œα΅€β‚β‚—: βœ“, 𝕆ᡣₑₐₗ: βœ—}
π•Š(Ω₃) = {𝕆ₒᡦₛₑᡣα΅₯β‚‘: βœ“, 𝕆α΅₯α΅’α΅£β‚œα΅€β‚β‚—: βœ“, 𝕆ᡣₑₐₗ: ~}
π•Š(Ξ©β‚„) = {𝕆ₒᡦₛₑᡣα΅₯β‚‘: βœ“, 𝕆α΅₯α΅’α΅£β‚œα΅€β‚β‚—: ~, 𝕆ᡣₑₐₗ: βœ“}
π•Š(Ξ©β‚…) = {𝕆ₒᡦₛₑᡣα΅₯β‚‘: βœ“, 𝕆α΅₯α΅’α΅£β‚œα΅€β‚β‚—: ~, 𝕆ᡣₑₐₗ: βœ—}

Operation Categories Explained

𝕆ₒᡦₛₑᡣα΅₯β‚‘ (Observation):

  • read_files
  • analyze_content
  • identify_patterns
  • review_code

𝕆α΅₯α΅’α΅£β‚œα΅€β‚β‚— (Virtual/Conceptual):

  • suggest_ideas
  • explore_concepts
  • evaluate_approaches
  • design_architecture

𝕆ᡣₑₐₗ (Real/Physical):

  • modify_files
  • write_code
  • delete_content
  • refactor

πŸ›‘οΈ Protection Operations

Protection Permissions by Mode

Operation Research Innovate Plan Execute Review
View protections βœ“ βœ“ βœ“ βœ“ βœ“
Add protection βœ— βœ— βœ“β· βœ“ βœ—
Modify protected βœ— βœ— βœ— βœ—βΈ βœ—
Remove protection βœ— βœ— βœ— βœ— βœ—

⁷ Plan mode: Plan protection strategy only ⁸ Execute mode: Only with explicit approval

Protection Level Enforcement

Protection Research Innovate Plan Execute Review
Ψ₁ PROTECTED Observe Observe Observe Enforce Verify
Ξ¨β‚‚ GUARDED Observe Observe Request Ask Verify
Ψ₃ INFO Read Read Update Update Read
Ξ¨β‚„ DEBUG Observe Observe Plan Modify Review
Ξ¨β‚… TEST Observe Observe Plan Modify Review
Ψ₆ CRITICAL Observe Observe Observe Enforce Verify

πŸ“Ž Context Operations

Context Management by Mode

Operation Research Innovate Plan Execute Review
Add context βœ“ βœ“ βœ“ βœ“ βœ“
Remove context βœ“ βœ“ βœ“ βœ“ βœ“
Clear context βœ“ βœ“ βœ“ βœ“ βœ“
Set status βœ“ βœ“ βœ“ βœ“ βœ“
Auto-context βœ“ βœ“ βœ“ βœ“ βœ“

Mode-Specific Context Loading

MΞ“[Ω₁] = [Ξ“β‚„, Ξ“β‚‚, Γ₆]  // Research: Docs, Folders, Git
MΞ“[Ξ©β‚‚] = [Γ₃, Ξ“β‚„, Γ₇]  // Innovate: Code, Docs, Notepads
MΞ“[Ω₃] = [Γ₁, Ξ“β‚‚, Ξ“β‚…]  // Plan: Files, Folders, Rules
MΞ“[Ξ©β‚„] = [Γ₃, Γ₁, Ξ“β‚ˆ]  // Execute: Code, Files, Pinned
MΞ“[Ξ©β‚…] = [Γ₃, Γ₁, Γ₆]  // Review: Code, Files, Git

πŸ’Ύ Memory File Permissions

Memory Update Permissions

Memory File Research Innovate Plan Execute Review
σ₁ projectbrief Read Read Update Read Verify
Οƒβ‚‚ systemPatterns Read Update Update Read Read
σ₃ techContext Update Read Update Update Read
Οƒβ‚„ activeContext Update Update Update Update Update
Οƒβ‚… progress Read Read Update Update Update
σ₆ protection Read Read Plan Update Verify

⚠️ Violation Handling

Violation Severity Matrix

Operation In Mode Severity Response
Write code Research HIGH Block + backup
Delete file Review CRITICAL Block + revert
Web search Execute MEDIUM Block + notify
Modify plan Execute HIGH Block + backup
Fix issue Review MEDIUM Block + suggest

Violation Response Actions

𝕍(op, Ξ©) = {
  log_violation(op, Ξ©),      // Always log
  create_backup(),           // If HIGH/CRITICAL
  revert_to_safe_mode(),     // If CRITICAL
  notify_violation(op, Ξ©)    // Always notify
}

🎯 Common Permission Patterns

Feature Development

RESEARCH: R:βœ“ only β†’ Gather requirements
INNOVATE: R:βœ“ C:~ β†’ Design conceptually
PLAN: R:βœ“ C:βœ“ β†’ Create specifications
EXECUTE: Full permissions β†’ Implement
REVIEW: R:βœ“ only β†’ Validate

Bug Fix

RESEARCH: R:βœ“ β†’ Investigate issue
PLAN: R:βœ“ C:βœ“ β†’ Design fix
EXECUTE: R:βœ“ U:βœ“ β†’ Apply fix
REVIEW: R:βœ“ β†’ Verify fix

Refactoring

RESEARCH: R:βœ“ β†’ Analyze current code
INNOVATE: R:βœ“ C:~ β†’ Design improvements
PLAN: R:βœ“ C:βœ“ β†’ Plan refactor steps
EXECUTE: R:βœ“ U:βœ“ D:~ β†’ Refactor code
REVIEW: R:βœ“ β†’ Ensure functionality

πŸ“‹ Permission Quick Reference

By Operation Need

Need to... Required Mode Permission
Read code Any mode R:βœ“
Write new code Execute C:βœ“
Modify code Execute U:βœ“
Delete code Execute D:~
Search web Not Execute R:βœ“
Create plan Plan C:βœ“
Add protection Execute C:βœ“

By Mode Focus

Mode Primary Permission Focus
Research Read Understanding
Innovate Read + Virtual Exploration
Plan Create specs Design
Execute All operations Implementation
Review Read Validation

πŸ”§ Permission Commands

Check Permissions

  • !ckp - Current mode permissions
  • !pm <operation> - Is operation allowed?
  • !sp <mode> - Show mode permissions
  • !vm <operation> - Which mode for operation?

Permission Enforcement

if (!check_permission(operation, current_mode)) {
  handle_violation(operation, current_mode);
  return blocked;
}

πŸ“š Related Topics

← Mode Reference | Home | API Reference β†’

⚠️ **GitHub.com Fallback** ⚠️