Add access request review skill

skills/access-request-review/SKILL.md

@@ -0,0 +1,71 @@
+---
+name: access-request-review
+description: Review a bounded access request against policy and emit a least-privilege grant proposal or denial.
+source:
+  type: cli-tool
+  command: node
+  args:
+    - run.mjs
+  input_mode: stdin
+  cwd: .
+  timeout_seconds: 30
+inputs:
+  access_request:
+    type: json
+    required: true
+    description: Request packet with requester, requested resource, requested action, business justification, and optional ticket metadata.
+  policy:
+    type: json
+    required: true
+    description: Access policy with allowed roles, resources, actions, TTL caps, approval rules, and escalation rules.
+  current_entitlements:
+    type: json
+    required: true
+    description: Current role and grant state for the requester.
+  objective:
+    type: string
+    required: false
+    description: Optional operator intent for the review.
+runx:
+  category: security
+  input_resolution:
+    required:
+      - access_request
+      - policy
+      - current_entitlements
+---
+
+# access-request-review
+
+Use this skill when an operator needs a bounded access decision before a
+human-approved one-time grant. The skill compares a request, the governing
+policy, and current entitlements, then returns `grant`, `deny`, or
+`needs_human_review`.
+
+The skill never creates access, calls identity providers, sends approval
+messages, stores credentials, or widens authority outside the supplied policy.
+When access is allowed it emits a least-privilege grant proposal with a bounded
+TTL, exact scope, approval gate, escalation lane, and evidence citations.
+
+## Inputs
+
+- `access_request`: requester id, role, action, resource, requested scope,
+  justification, ticket id, and optional requested TTL.
+- `policy`: allowed roles, resources, actions, maximum TTL, denied resources,
+  sensitive resources, required approvals, and break-glass rules.
+- `current_entitlements`: current grants and group/role state for the requester.
+- `objective`: optional operator intent.
+
+## Output
+
+The runner returns JSON with:
+
+- `decision_packet` object: typed decision packet.
+- `grant_proposal` object: one-time proposal when the decision is `grant`.
+- `escalation` object: `required`, `lane`, `reason`, and optional `ticket_id`
+  for human approval or denial escalation.
+- `evidence_json` object: compact review evidence for external verification.
+- `report` string: human-readable review summary.
+
+Decisions are deterministic and fail closed when request, policy, or entitlement
+facts are missing.

skills/access-request-review/X.yaml

@@ -0,0 +1,182 @@
+skill: access-request-review
+version: "0.1.0"
+
+catalog:
+  kind: skill
+  audience: public
+  visibility: public
+  role: canonical
+
+policy:
+  side_effects: none
+  grant_mutation: denied
+  network_during_run: denied
+  secrets_required: false
+  filesystem:
+    read: []
+    write: []
+
+harness:
+  cases:
+    - name: least-privilege-grant-proposal
+      runner: default
+      inputs:
+        objective: "Review a temporary production log access request for incident response."
+        access_request:
+          request_id: req-2026-06-23-001
+          requester:
+            id: user-17
+            role: oncall_engineer
+            team: payments
+          action: read
+          resource: prod/payments/logs/service-a
+          requested_scope: logs.read:prod/payments/service-a/*
+          justification: "Investigate incident INC-2042 elevated payment retries."
+          ticket_id: INC-2042
+          requested_ttl_minutes: 120
+        policy:
+          policy_id: access-policy-demo-v1
+          max_ttl_minutes: 240
+          allowed_roles:
+            oncall_engineer:
+              actions: [read]
+              resources:
+                - prod/payments/logs/*
+              scope_prefixes:
+                - logs.read:prod/payments/
+          denied_resources:
+            - prod/payments/secrets
+          sensitive_resources:
+            - prod/payments/logs/*
+          required_approvals:
+            sensitive_resource: human_approval
+          grant_defaults:
+            approval_gate: human_approval_required
+        current_entitlements:
+          subject_id: user-17
+          roles: [oncall_engineer]
+          current_grants:
+            - grant_id: grant-staging-logs
+              scope: logs.read:staging/payments/*
+              expires_at: "2026-06-23T12:00:00Z"
+      expect:
+        status: sealed
+        receipt:
+          schema: runx.receipt.v1
+          state: sealed
+          disposition: closed
+          reason_code: process_closed
+
+    - name: deny-for-disallowed-resource
+      runner: default
+      inputs:
+        objective: "Reject direct secret access."
+        access_request:
+          request_id: req-2026-06-23-002
+          requester:
+            id: user-21
+            role: oncall_engineer
+            team: payments
+          action: read
+          resource: prod/payments/secrets
+          requested_scope: secrets.read:prod/payments/*
+          justification: "Need to check API keys."
+          ticket_id: INC-2043
+          requested_ttl_minutes: 60
+        policy:
+          policy_id: access-policy-demo-v1
+          max_ttl_minutes: 240
+          allowed_roles:
+            oncall_engineer:
+              actions: [read]
+              resources:
+                - prod/payments/logs/*
+              scope_prefixes:
+                - logs.read:prod/payments/
+          denied_resources:
+            - prod/payments/secrets
+          sensitive_resources:
+            - prod/payments/logs/*
+          required_approvals:
+            sensitive_resource: human_approval
+          grant_defaults:
+            approval_gate: human_approval_required
+        current_entitlements:
+          subject_id: user-21
+          roles: [oncall_engineer]
+          current_grants: []
+      expect:
+        status: sealed
+        receipt:
+          schema: runx.receipt.v1
+          state: sealed
+          disposition: closed
+          reason_code: process_closed
+
+    - name: missing-justification-fails-closed
+      runner: default
+      inputs:
+        objective: "Reject incomplete access requests."
+        access_request:
+          request_id: req-2026-06-23-003
+          requester:
+            id: user-22
+            role: support_agent
+          action: read
+          resource: prod/support/tickets
+          requested_scope: tickets.read:prod/support/*
+          requested_ttl_minutes: 30
+        policy:
+          policy_id: access-policy-demo-v1
+          max_ttl_minutes: 60
+          allowed_roles:
+            support_agent:
+              actions: [read]
+              resources:
+                - prod/support/tickets
+              scope_prefixes:
+                - tickets.read:prod/support/
+          denied_resources: []
+          sensitive_resources: []
+          required_approvals: {}
+        current_entitlements:
+          subject_id: user-22
+          roles: [support_agent]
+          current_grants: []
+      expect:
+        status: failure
+
+runners:
+  default:
+    default: true
+    type: cli-tool
+    command: node
+    input_mode: stdin
+    args:
+      - run.mjs
+    outputs:
+      decision_packet: object
+      grant_proposal: object
+      escalation: object
+      evidence_json: object
+      report: string
+    artifacts:
+      wrap_as: access_request_review_packet
+      packet: runx.security.access_request_review.v1
+    inputs:
+      access_request:
+        type: json
+        required: true
+        description: Bounded access request packet.
+      policy:
+        type: json
+        required: true
+        description: Governing access policy.
+      current_entitlements:
+        type: json
+        required: true
+        description: Current role and grant state for the requester.
+      objective:
+        type: string
+        required: false
+        description: Operator intent for the review.

skills/access-request-review/evidence/clean-install.json

@@ -0,0 +1,43 @@
+{
+  "status": "success",
+  "registry": {
+    "action": "install",
+    "source": "remote",
+    "ref": "lubuseb/access-request-review@sha-2100c1996336",
+    "install": {
+      "status": "installed",
+      "destination": "/tmp/runx-access-request-review-clean-install/lubuseb/access-request-review/sha-2100c1996336/SKILL.md",
+      "skill_name": "access-request-review",
+      "source": "runx-registry",
+      "source_label": "runx registry",
+      "skill_id": "lubuseb/access-request-review",
+      "version": "sha-2100c1996336",
+      "digest": "sha256:5d7e4a0c2122f7f98d418827f0115f81c158004ac9a12f2236ba6eb212d60aee",
+      "profile_digest": "sha256:865d7c9c5be962b752080face77831ddbf4d110b6fae85ee40baba3dae6b436e",
+      "profile_state_path": "/tmp/runx-access-request-review-clean-install/lubuseb/access-request-review/sha-2100c1996336/.runx/profile.json",
+      "runner_names": [
+        "default"
+      ],
+      "trust_tier": "community"
+    },
+    "receipt_metadata": {
+      "destination": "/tmp/runx-access-request-review-clean-install/lubuseb/access-request-review/sha-2100c1996336/SKILL.md",
+      "digest": "sha256:5d7e4a0c2122f7f98d418827f0115f81c158004ac9a12f2236ba6eb212d60aee",
+      "install_count": 1,
+      "package_digest": "4dadabe78e9b528dd7b256eaf9bbefb7a272e4c0e1edc401ec6de2f9758d858a",
+      "profile_digest": "sha256:865d7c9c5be962b752080face77831ddbf4d110b6fae85ee40baba3dae6b436e",
+      "publisher": {
+        "display_name": "LubuSeb",
+        "handle": "lubuseb",
+        "id": "user_53f00ae7ec2363e37ac6ff68",
+        "kind": "user"
+      },
+      "ref": "lubuseb/access-request-review@sha-2100c1996336",
+      "skill_id": "lubuseb/access-request-review",
+      "source_label": "runx registry",
+      "status": "installed",
+      "trust_tier": "community",
+      "version": "sha-2100c1996336"
+    }
+  }
+}