> ## Documentation Index
> Fetch the complete documentation index at: https://docs.budscollab.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Permissions

> Permission boundary fields for BudsCollab SDK packages.

Every strict package declares a `permissionBoundary`. The default posture is
read-only, no BudsCollab filesystem access, no network access, and only
declared exported data classes.

Required fields:

* `budscollabLocalFilesystemAccess`: always `false`.
* `externalAppLocalFilesystemAccess`: `none` or `user-selected-repo`.
* `exportedDataClasses`: sanitized data classes the package may return to the
  host.
* `networkAccess`: `none` or `declared-origins`.
* `writePolicy`: `read-only` or `confirmed-writes-with-audit`.
* `auditLog`: `required` or `not-required`.

Read-only packages must use `writePolicy: "read-only"`. Packages with write or
mutating tools must use `confirmed-writes-with-audit` and `auditLog:
"required"`.

Custom renderers also need a renderer boundary. Use `json-render-only` for the
safe default lane. Use `isolated-external-renderer` only when the artifact needs
custom rendering and has declared origins plus sandbox isolation.
