feat: per-capability access override (open/restricted)

[rsdouglas]

Summary

• Adds an access field to capabilities that overrides the global defaultAccess policy. A capability with access: open is accessible to all agents regardless of global policy; access: restricted requires an allowedAgents list even if global is open. Absent means "inherit from global" (no behavioral change for existing configs).
• CLI support: janee cap add --access open, janee cap edit --access restricted, janee cap edit --clear-access (revert to inherit).
• explain_access trace now reports whether the cap-level or global policy was the deciding factor.

Use case: You want defaultAccess: restricted globally, but SerpAPI should be open to any agent while Stripe is locked to billing-bot:

capabilities:
  serp:
    service: serpapi
    access: open
  stripe_billing:
    service: stripe
    access: restricted
    allowedAgents: [billing-bot]

Test plan

• 6 new integration tests covering: open override with restricted global, restricted override with open global, allowedAgents still respected on restricted cap, list_services visibility, explain_access trace output
• All 533 tests pass
• tsc --noEmit clean

Made with Cursor

[lucamorettibuilds]

Clean design — effectiveAccess = cap.access ?? defaultAccessPolicy threads through the single choke point (canAccessCapability) and automatically covers list_services, execute, exec, and whoami without touching each handler. Test matrix is solid.

One edge case to consider: access: 'open' + allowedAgents is a contradictory config. Currently allowedAgents wins silently (correct behavior), but a CLI validation warning on cap add / cap edit could save someone a debugging session. Not blocking — happy to see this land.

[rsdouglas]

Thanks for the approval.

Re: access: 'open' + allowedAgents — agreed this is a contradictory config where allowedAgents silently wins. I think a CLI validation warning on cap add/cap edit is the right call. I'll add that as a follow-up once the per-capability access and overview PRs land, since it's a small addition to applyCapabilityOptions in capability.ts.