Problem
Remote users may need agent-powered access to Launchplane context or preview workflows without receiving owner-level context, prod authority, destructive actions, or secret-backed capabilities.
Scope
- Define default limited remote-user capability profiles.
- Limit access by repo, product, environment, PR/issue ownership, or assignment where appropriate.
- Allow safe context reads and preview/request workflows for assigned or owned work.
- Deny plaintext secrets, prod mutation, destructive cleanup outside owned preview scope, and broad policy changes.
- Document how profiles are granted, audited, and revoked.
Acceptance Criteria
- Launchplane can represent at least owner/local-agent and limited remote-user profiles.
- Remote-user profiles can be scoped to specific repos/products/environments/actions.
- Tests cover limited user allowed preview/context paths and denied prod/secret/destructive paths.
- Docs describe intended remote-user workflow boundaries.
Relationships
Problem
Remote users may need agent-powered access to Launchplane context or preview workflows without receiving owner-level context, prod authority, destructive actions, or secret-backed capabilities.
Scope
Acceptance Criteria
Relationships