Policy Manager

Permission Model

Roles

Role

Description

Owner

Full control over all Studio resources and settings

Builder

Create and deploy dApps and agents

Developer

Access SDK, write tools, configure connectors

Operator

Run, pause, suspend, and monitor deployed resources

Finance

Access Payment Console, view receipts and spend

Auditor

Read-only access to audit logs, traces, and receipts

Capability Token Format

<layer>:<resource>:<action>

Examples

identity:record:write
settlement:invoice:issue
intelligence:agent:deploy
infrastructure:node:register
developer:proposal:create
operations:app:build
operations:agent:run
transport:relay:test

Capability tokens are:

Time-bound (configurable TTL) Domain-scoped (tied to owner .gao domain) Revocable at any time by Owner or Auditor