Channel policy envelopes
What you'll find here
How channel ingress uses normal craik.policy_envelope records but
selects a narrower envelope than local operator authority — and what
denial behavior looks like.
Narrower than local authority.
craik.runtime.channels.policy binds a normalized inbound event to a
channel policy only when the sender is paired, the allowlist allows,
the policy is fail-closed, and receipts + redaction are required.
Default channel authority
Default channel policy allows
channel.message.receivechannel.message.respondreceipt.write
Channel policy denies (local-only capabilities)
- Repository writes
- Immutable path writes
- Shell execution
- Memory writes
- GitHub writes
- Gateway administration
Denial handling
Unpaired identities and allowlist rejections do not produce a policy
envelope. Requested capabilities outside the channel policy can emit
redacted craik.capability_receipt records with status denied.
Denial receipts preserve:
Policy envelope id
When one was selected.
Event id
Requested capability
Channel
Redaction fields
Message text is not stored in policy denial receipt metadata.
Boundary
Ingress-scoped only.
Channel policy envelopes do not expand local operator authority, bypass allowlists, pair external identities, or grant tool access by themselves.