feat: add opt-in write access for all token-visible repos

2026-02-14 16:35:03 +01:00
parent e22a8d37e4
commit 8504a95a11
10 changed files with 74 additions and 10 deletions
--- a/docs/policy.md
+++ b/docs/policy.md
@@ -10,7 +10,9 @@ Aegis uses a YAML policy engine to authorize tool execution before any Gitea API
 - Per-repository tool allow/deny supported.
 - Optional repository path allow/deny supported.
 - Write operations are denied by default.
- Write operations also require `WRITE_MODE=true` and `WRITE_REPOSITORY_WHITELIST` match.
+- Write operations also require `WRITE_MODE=true` and either:
+  - `WRITE_REPOSITORY_WHITELIST` match, or
+  - `WRITE_ALLOW_ALL_TOKEN_REPOS=true`.

 ## Example Configuration