Permission System
Quira replaces the traditional identity-based access model — "who are you?" — with a capability-based security model — "what proof do you hold?" This fundamental shift eliminates ambient authority and makes every permission explicit, scoped, and time-limited.
Capability-based security
In traditional browsers, extensions and pages operate under ambient authority: once granted a broad permission, they can exercise it freely. Quira eliminates this pattern entirely. All capability token evaluations are centralized through the Context Trust Arbiter (CTA) — a single point of decision inspired by macOS AMFI.
| Property | Traditional (Chrome/Firefox) | Quira |
|---|---|---|
| Access model | Identity-based ACL | Capability token (unforgeable) |
| Token creation | Granted at install | HMAC-SHA256 bound to process + timestamp |
| Scope | Global or per-origin | Per-Space, per-permission, per-session |
| Delegation | Not possible | Attenuated sub-capabilities (read-only from read-write) |
| Revocation | Uninstall or manual toggle | Instant invalidation, all derived tokens revoked |
| Lifetime | Permanent until revoked | Time-bounded decay (configurable TTL) |
No ambient authority
A capability token is unforgeable, non-transferable, and process-bound. Even if an extension's memory is compromised, the attacker cannot use stolen tokens from a different process.
Context TCC
Inspired by macOS TCC (Transparency, Consent, and Control), Context TCC applies the same explicit consent model to the Context Graph — a category of data no browser has ever protected at this granularity.
Whenever a plugin or internal subsystem requests access to the Context Graph, Context TCC intercepts the request and presents a clear consent dialog explaining exactly what data will be accessed and why.
TCC permission types
| Permission | Scope | What it allows | Sensitivity |
|---|---|---|---|
read:nodes | Per-Space | Read page titles, URLs, and metadata from the graph | Medium |
read:embeddings | Per-Space | Read semantic embedding vectors — most sensitive permission | Critical |
write:edges | Per-Space | Create or modify relationships between graph nodes | High |
query:nl | Per-Space | Run natural language queries against the graph via the AI layer | High |
read:embeddings is critical
Embedding vectors encode semantic meaning of your browsing content. They can be inverted to reconstruct approximate page content. This permission requires explicit consent per Space and is never auto-granted.
Information Flow Control
Beyond controlling who can access data, Quira tracks where data flows. Every piece of data in the Context Graph carries an IFC label that constrains its propagation.
- Monotonic labels — Sensitivity labels can only increase, never decrease. Data derived from a "confidential" source inherits at least "confidential" sensitivity.
- Taint tracking — When AI processes graph data, the output inherits the maximum sensitivity of all inputs.
- Cross-Space barrier — Data from a Work Space cannot silently flow into a Personal Space. The user must explicitly authorize cross-Space transfers.
- Export control — Data leaving the browser (clipboard, file export, network) is checked against its IFC label. High-sensitivity data triggers a confirmation dialog.
Space-scoped security boundaries
Context Spaces are not just organizational containers — they are security boundaries. Each Space has its own independent security configuration:
- Independent capability token pools (tokens from Space A cannot access Space B)
- Separate privacy mode settings (Standard, Strict, Incognito per Space)
- Isolated Context Graph partitions with independent encryption keys
- Per-Space audit logs for all graph write operations
Plugin sandboxing
Quira plugins run in a sandboxed environment with a declarative capability model:
- Manifest declarations — Each plugin declares required capabilities in its manifest
- Attenuated delegation — Plugins receive the minimum capability tokens needed, not broad permissions
- Network allowlist — Plugins can only connect to domains declared in their manifest
- Storage quotas — Per-plugin storage limit (default 10 MB)
- Audit logging — All Context Graph operations by plugins are logged at
quira://settings/security/audit
Per-site permissions
Traditional web permissions (camera, microphone, location, notifications) follow the same capability model:
| Category | APIs | Default |
|---|---|---|
| Location | Geolocation API | Ask every time |
| Camera and Microphone | getUserMedia | Ask every time |
| Notifications | Notification API, Push API | Blocked |
| Clipboard | Clipboard API (read) | Ask every time |
| Autoplay | Audio/video autoplay | Blocked (user gesture required) |
| Downloads | Programmatic file downloads | Ask every time |