Permission modes are explicit
`plan`, `edit`, and `auto` make the agent's authority visible. The default path favors inspection before mutation.
Security
Agent power needs visible boundaries.
Voss treats repository automation as a security-sensitive workflow. The harness is built around scoped file access, explicit permission modes, local auth reuse, and auditable sessions.
Current posture.
Writes are scoped to the project
Harness tools operate from the current working directory and keep file operations inside the project boundary.
Shell access is gated
Shell execution is treated as a separate permission surface instead of being bundled into ordinary file edits.
Subscription auth stays local
Claude Code and Codex login reuse local OAuth state; Voss does not need a second hosted credential service.