π Permission Matrix Reference
Complete reference for the CursorRIPERβ¦Ξ£ permission system, showing what operations are allowed in each mode.
β = {C: create, R: read, U: update, D: delete}
Symbol |
Meaning |
Description |
β |
Allowed |
Full permission |
β |
Forbidden |
Not permitted |
~ |
Conditional |
Limited/restricted |
π Master Permission Matrix
Core CRUD Permissions by Mode
Mode |
Create (C) |
Read (R) |
Update (U) |
Delete (D) |
RESEARCH Ξ©β |
β |
β |
β |
β |
INNOVATE Ξ©β |
~ |
β |
β |
β |
PLAN Ξ©β |
β |
β |
~ |
β |
EXECUTE Ξ©β |
β |
β |
β |
~ |
REVIEW Ξ©β
|
β |
β |
β |
β |
Detailed Permission Breakdown
β(Ξ©β) = {R: β, C: β, U: β, D: β} // Research: Read-only
β(Ξ©β) = {R: β, C: ~, U: β, D: β} // Innovate: Read + conceptual
β(Ξ©β) = {R: β, C: β, U: ~, D: β} // Plan: Read/Create + limited update
β(Ξ©β) = {R: β, C: β, U: β, D: ~} // Execute: Full + limited delete
β(Ξ©β
) = {R: β, C: β, U: β, D: β} // Review: Read-only
ποΈ File System Permissions
Operation |
Research |
Innovate |
Plan |
Execute |
Review |
Read file |
β |
β |
β |
β |
β |
Create file |
β |
β |
βΒΉ |
β |
β |
Update file |
β |
β |
βΒΉ |
β |
β |
Delete file |
β |
β |
β |
βΒ² |
β |
Create directory |
β |
β |
β |
β |
β |
List directory |
β |
β |
β |
β |
β |
ΒΉ Plan mode: Only plan/specification documents
Β² Execute mode: With confirmation, no mass deletion
File Type |
Research |
Innovate |
Plan |
Execute |
Review |
Source code |
Read |
Read |
Read |
All |
Read |
Config files |
Read |
Read |
Read |
AllΒ³ |
Read |
Documentation |
Read |
Read |
Create/Update |
All |
Read |
Test files |
Read |
Read |
Read |
All |
Read |
Binary files |
Read |
Read |
Read |
Limited |
Read |
Β³ Config files: Extra caution required
πΎ Database Permissions
Database Operations by Mode
Operation |
Research |
Innovate |
Plan |
Execute |
Review |
SELECT |
β |
β |
β |
β |
β |
INSERT |
β |
β |
β |
β |
β |
UPDATE |
β |
β |
β |
β |
β |
DELETE |
β |
β |
β |
ββ΄ |
β |
CREATE TABLE |
β |
β |
β |
β |
β |
DROP TABLE |
β |
β |
β |
β |
β |
ALTER TABLE |
β |
β |
β |
ββ΅ |
β |
β΄ DELETE: Must have WHERE clause
β΅ ALTER: Non-destructive changes only
π External Service Permissions
Service |
Research |
Innovate |
Plan |
Execute |
Review |
Web Search |
β |
β |
β |
β |
β |
API Read |
β |
β |
β |
β |
β |
API Write |
β |
β |
β |
β |
β |
Git Read |
β |
β |
β |
β |
β |
Git Write |
β |
β |
β |
β |
β |
Package Install |
β |
β |
ββΆ |
β |
β |
βΆ Plan mode: Only in package.json
Why No Search in Execute?
Execute mode blocks web search to maintain focus on implementation. Complete research before entering Execute mode.
π Operation Categories
Operation Set Permissions
π(Ξ©β) = {πβᡦββα΅£α΅₯β: β, πα΅₯α΅’α΅£βα΅€ββ: ~, πα΅£βββ: β}
π(Ξ©β) = {πβᡦββα΅£α΅₯β: β, πα΅₯α΅’α΅£βα΅€ββ: β, πα΅£βββ: β}
π(Ξ©β) = {πβᡦββα΅£α΅₯β: β, πα΅₯α΅’α΅£βα΅€ββ: β, πα΅£βββ: ~}
π(Ξ©β) = {πβᡦββα΅£α΅₯β: β, πα΅₯α΅’α΅£βα΅€ββ: ~, πα΅£βββ: β}
π(Ξ©β
) = {πβᡦββα΅£α΅₯β: β, πα΅₯α΅’α΅£βα΅€ββ: ~, πα΅£βββ: β}
Operation Categories Explained
πβᡦββα΅£α΅₯β (Observation):
- read_files
- analyze_content
- identify_patterns
- review_code
πα΅₯α΅’α΅£βα΅€ββ (Virtual/Conceptual):
- suggest_ideas
- explore_concepts
- evaluate_approaches
- design_architecture
πα΅£βββ (Real/Physical):
- modify_files
- write_code
- delete_content
- refactor
π‘οΈ Protection Operations
Protection Permissions by Mode
Operation |
Research |
Innovate |
Plan |
Execute |
Review |
View protections |
β |
β |
β |
β |
β |
Add protection |
β |
β |
ββ· |
β |
β |
Modify protected |
β |
β |
β |
ββΈ |
β |
Remove protection |
β |
β |
β |
β |
β |
β· Plan mode: Plan protection strategy only
βΈ Execute mode: Only with explicit approval
Protection Level Enforcement
Protection |
Research |
Innovate |
Plan |
Execute |
Review |
Ξ¨β PROTECTED |
Observe |
Observe |
Observe |
Enforce |
Verify |
Ξ¨β GUARDED |
Observe |
Observe |
Request |
Ask |
Verify |
Ξ¨β INFO |
Read |
Read |
Update |
Update |
Read |
Ξ¨β DEBUG |
Observe |
Observe |
Plan |
Modify |
Review |
Ξ¨β
TEST |
Observe |
Observe |
Plan |
Modify |
Review |
Ξ¨β CRITICAL |
Observe |
Observe |
Observe |
Enforce |
Verify |
Context Management by Mode
Operation |
Research |
Innovate |
Plan |
Execute |
Review |
Add context |
β |
β |
β |
β |
β |
Remove context |
β |
β |
β |
β |
β |
Clear context |
β |
β |
β |
β |
β |
Set status |
β |
β |
β |
β |
β |
Auto-context |
β |
β |
β |
β |
β |
Mode-Specific Context Loading
MΞ[Ξ©β] = [Ξβ, Ξβ, Ξβ] // Research: Docs, Folders, Git
MΞ[Ξ©β] = [Ξβ, Ξβ, Ξβ] // Innovate: Code, Docs, Notepads
MΞ[Ξ©β] = [Ξβ, Ξβ, Ξβ
] // Plan: Files, Folders, Rules
MΞ[Ξ©β] = [Ξβ, Ξβ, Ξβ] // Execute: Code, Files, Pinned
MΞ[Ξ©β
] = [Ξβ, Ξβ, Ξβ] // Review: Code, Files, Git
πΎ Memory File Permissions
Memory Update Permissions
Memory File |
Research |
Innovate |
Plan |
Execute |
Review |
Οβ projectbrief |
Read |
Read |
Update |
Read |
Verify |
Οβ systemPatterns |
Read |
Update |
Update |
Read |
Read |
Οβ techContext |
Update |
Read |
Update |
Update |
Read |
Οβ activeContext |
Update |
Update |
Update |
Update |
Update |
Οβ
progress |
Read |
Read |
Update |
Update |
Update |
Οβ protection |
Read |
Read |
Plan |
Update |
Verify |
β οΈ Violation Handling
Violation Severity Matrix
Operation |
In Mode |
Severity |
Response |
Write code |
Research |
HIGH |
Block + backup |
Delete file |
Review |
CRITICAL |
Block + revert |
Web search |
Execute |
MEDIUM |
Block + notify |
Modify plan |
Execute |
HIGH |
Block + backup |
Fix issue |
Review |
MEDIUM |
Block + suggest |
Violation Response Actions
π(op, Ξ©) = {
log_violation(op, Ξ©), // Always log
create_backup(), // If HIGH/CRITICAL
revert_to_safe_mode(), // If CRITICAL
notify_violation(op, Ξ©) // Always notify
}
π― Common Permission Patterns
RESEARCH: R:β only β Gather requirements
INNOVATE: R:β C:~ β Design conceptually
PLAN: R:β C:β β Create specifications
EXECUTE: Full permissions β Implement
REVIEW: R:β only β Validate
RESEARCH: R:β β Investigate issue
PLAN: R:β C:β β Design fix
EXECUTE: R:β U:β β Apply fix
REVIEW: R:β β Verify fix
RESEARCH: R:β β Analyze current code
INNOVATE: R:β C:~ β Design improvements
PLAN: R:β C:β β Plan refactor steps
EXECUTE: R:β U:β D:~ β Refactor code
REVIEW: R:β β Ensure functionality
π Permission Quick Reference
Need to... |
Required Mode |
Permission |
Read code |
Any mode |
R:β |
Write new code |
Execute |
C:β |
Modify code |
Execute |
U:β |
Delete code |
Execute |
D:~ |
Search web |
Not Execute |
R:β |
Create plan |
Plan |
C:β |
Add protection |
Execute |
C:β |
Mode |
Primary Permission |
Focus |
Research |
Read |
Understanding |
Innovate |
Read + Virtual |
Exploration |
Plan |
Create specs |
Design |
Execute |
All operations |
Implementation |
Review |
Read |
Validation |
-
!ckp
- Current mode permissions
-
!pm <operation>
- Is operation allowed?
-
!sp <mode>
- Show mode permissions
-
!vm <operation>
- Which mode for operation?
if (!check_permission(operation, current_mode)) {
handle_violation(operation, current_mode);
return blocked;
}
β Mode Reference | Home | API Reference β