---
id: "concept-contextual-permission-handlers"
type: "concept"
source_timestamps: ["00:20:30"]
tags: ["security", "architecture"]
related: ["concept-risk-segmentation-permissions"]
definition: "Treating permissions as stateful objects managed by different handlers (Interactive, Coordinator, Swarm) depending on the agent's execution context."
sources: ["s46-anthropic-25b-leak"]
sourceVaultSlug: "s46-anthropic-25b-leak"
originDay: 46
---
# Contextual Permission Handlers

## Definition
Treating permissions as **stateful, queryable objects** managed by different handlers depending on the execution context — Interactive, Coordinator, or Swarm Worker.

## Why Booleans Fail
Permissions in a complex agent system **cannot be a simple yes/no boolean**. The same tool may need different gating depending on who or what is invoking it.

## The Three Handlers in [[entity-claude-code-d46|Claude Code]]

1. **Interactive handler** — used when a human is in the loop and can click *approve*. Latency is acceptable; UX matters.
2. **Coordinator handler** — used in multi-agent orchestration, where a manager agent might grant permissions to sub-agents.
3. **Swarm Worker handler** — used for autonomous execution managed by an orchestrator. No human present; checks must be deterministic and pre-approved.

## Why It Matters
This contextual approach allows the **same tool** to behave differently depending on whether it's:

- in a desktop CLI used by a human, or
- deep in an autonomous backend swarm.

## Foundation
Builds on [[concept-risk-segmentation-permissions]] — trust tiers define *what* can be approved; permission handlers define *how* approval happens in context.

## Validation (Enrichment)
Supported. Context-aware handlers appear in multi-agent systems like AutoGen, which distinguishes human-in-loop from autonomous execution paths.