{
  "id": "page:docs-harness-features-backlog-gaps-mcp-channels-gap-mcpc-003",
  "_kind": "Page",
  "_file": "wiki/docs/harness-features-backlog/gaps/mcp-channels/gap-mcpc-003.md",
  "_cluster": "wiki",
  "attributes": {
    "nodeKind": "Page",
    "sourcePath": "docs/harness-features-backlog/gaps/mcp-channels/GAP-MCPC-003.md",
    "sourceKind": "repo-docs",
    "title": "GAP-MCPC-003: Channel Permission Relay (Breakpoint Approval via Channels)",
    "displayName": "GAP-MCPC-003: Channel Permission Relay (Breakpoint Approval via Channels)",
    "slug": "docs/harness-features-backlog/gaps/mcp-channels/gap-mcpc-003",
    "articlePath": "wiki/docs/harness-features-backlog/gaps/mcp-channels/GAP-MCPC-003.md",
    "article": "\n# GAP-MCPC-003: Channel Permission Relay (Breakpoint Approval via Channels)\n\n| Field | Value |\n|-------|-------|\n| Category | mcp-channels |\n| Priority | High |\n| Effort | L |\n| Status | Missing |\n\n## Description\nRoute breakpoint approval prompts through messaging channels and accept\napprovals from channel responses. An operator on Slack can see a breakpoint\nnotification and approve/reject without being at the terminal.\n\n## CC Implementation\n\nCC's channel permission relay (`src/services/mcp/channelPermissions.ts`):\n- When a permission dialog appears, CC sends the prompt via active channels\n- Races channel reply against local UI / bridge / hooks / classifier\n- First resolver wins via `claim()` pattern\n- Inbound approval: `notifications/claude/channel/permission` with\n  `{request_id, behavior}`\n- Channel server must declare `capabilities.experimental['claude/channel/permission']`\n- Security model: the approving party is the human via the channel, not Claude\n- Risk assessment: a compromised channel server CAN fabricate approvals\n  (documented and accepted risk -- see PR discussion in CC source)\n- Feature-gated separately from channels: `tengu_harbor_permissions`\n\n## Current State\nBreakpoints are approved only via:\n1. CLI interaction (readline prompt)\n2. Auto-approval rules (`~/.a5c/breakpoint-approvals/rules.json`)\n3. Programmatic `task:post` from the harness operator\n\nNo external channel routing. Operator must be at the terminal or running the\nharness to approve breakpoints.\n\n## Target State\nBreakpoint prompts routed to configured channels. Channel responses race against\nlocal interaction. First approval wins. Security: channel-based approval requires\nexplicit opt-in per breakpoint tag/expert level. High-risk breakpoints can be\nconfigured to require terminal-only approval.\n\n```\n[Slack #orchestration]\nbabysitter-bot: Breakpoint in run 01KNKDVE...\n  \"Review gap audit results -- 52 removed, 25 reframed. Approve?\"\n  React: thumbsup to approve, thumbsdown to reject\n\n[operator reacts thumbsup]\n\nbabysitter: Breakpoint approved via Slack by @tal (12s response time)\n```\n\n## Dependencies\n- [GAP-MCPC-001](GAP-MCPC-001.md) -- MCP channel connection\n- [GAP-BRK-002](../breakpoint-workflows/GAP-BRK-002.md) -- breakpoint delegation to external systems\n\n## Key Files\n| Component | Path |\n|-----------|------|\n| Breakpoint evaluator | `packages/sdk/src/breakpoints/evaluator.ts` |\n| Interaction module | `packages/sdk/src/interaction/` |\n| CC channel permissions | `src/services/mcp/channelPermissions.ts` |\n\n## Recommendation\nPhase 3. High value for teams -- enables async approval workflows. Implement\nafter MCP channel connection (GAP-MCPC-001) and breakpoint delegation (GAP-BRK-002).\nThe claim() racing pattern from CC is elegant and should be adopted.\n",
    "documents": []
  },
  "outgoingEdges": [],
  "incomingEdges": [
    {
      "from": "page:docs-harness-features-backlog",
      "to": "page:docs-harness-features-backlog-gaps-mcp-channels-gap-mcpc-003",
      "kind": "contains_page"
    }
  ]
}