Motivation
Nacos AI resources already have owner and scope metadata, and the visibility plugin contract is used by AI resource read/write paths. The current default visibility behavior is useful but still incomplete for team collaboration:
- global administrators can read/write all AI resources;
- the resource owner can read/write the resource;
PUBLIC resources are readable by non-owners;
PRIVATE resources are not visible to other users unless an explicit permission check succeeds.
The code and specs already reserve an explicit authorization model:
DefaultAiVisibilityService checks the explicit resource permission @@visibility/{namespaceId}/{resourceType}/{resourceName} for single-resource access.
VisibilityService.adviseQuery(...) returns AuthorizedResources so list/search queries can include explicitly authorized resources.
DefaultVisibilityAdvisorConverter already has the hook to include authorizedResourceNames, but the default visibility service currently leaves the authorized resource list empty.
- The visibility plugin spec says visible resources may be owner-only, public-readable, or explicitly authorized, and that list/search APIs must apply visibility before count and pagination.
- The default auth plugin spec documents the visibility permission resource format and says the default implementation should support explicit visibility permission.
What is missing is a plugin-owned management API and implementation for granting a specific user read/write permission to a specific AI resource.
This should be completed in 3.3.
Problem
Today, the default AI resource visibility model effectively behaves as owner/admin/public-read for most user workflows. There is no clear API for a resource owner or administrator to grant another user read or write permission on one AI resource.
This blocks common collaboration scenarios, for example:
- user
alice owns a private skill and wants user bob to read it;
- user
alice owns a private agentspec and wants user bob to update drafts or publish versions;
- a team wants to keep a resource private while granting a small set of users access;
- list/search APIs should show resources that the caller is explicitly authorized to read, not only public resources and resources owned by the caller.
A key design constraint: the authorization API should belong to the plugin implementation, not to the generic AI resource API.
Generic AI resource APIs should continue to manage resource metadata, versions, lifecycle, scope, labels, and content. They should not know how a specific visibility/auth plugin stores grants, roles, users, or external authorization state.
Desired Capability
1. Add plugin-owned AI resource visibility authorization APIs
Add v3 APIs owned by the default auth/visibility plugin implementation. The exact path can be finalized in design, but it should live under the plugin API surface such as /v3/auth/..., not under /v3/admin/ai/*, /v3/console/ai/*, or generic AI resource controllers.
The API should support at least:
- grant read permission for a user on one AI resource;
- grant write permission for a user on one AI resource;
- revoke read/write permission;
- list current grants for one AI resource;
- optionally list AI resources explicitly granted to the current user or a target user, if needed by the console.
The model should include:
namespaceId;
resourceType, such as mcp, prompt, skill, or agentspec;
resourceName;
- grantee identity, initially user-based;
- action:
r, w, or a compatible rw representation;
- operator and audit-friendly metadata if available.
2. Keep the API boundary plugin-specific
The default nacos auth/visibility plugin can implement these APIs using its RBAC/permission storage, for example by writing permissions with resource:
@@visibility/{namespaceId}/{resourceType}/{resourceName}
Other visibility/auth plugins should be free to implement their own API or report that grant management is unsupported. The generic AI resource service should only call the VisibilityService SPI for validation and query advice.
3. Complete runtime authorization behavior
After a grant is created:
- single-resource read should allow a user with explicit
r permission;
- single-resource write should allow a user with explicit
w permission;
- list/search/count should include explicitly authorized resources through
AuthorizedResources;
- explicit read grants should not imply write permission;
- write permission should be at least as strict as read permission, as required by the visibility plugin spec;
- read-denied single-resource access should continue to hide existence when the API contract requires not found;
- write-denied operations should return access denied.
4. Define who can manage grants
The first-stage 3.3 behavior should be explicit and conservative. Suggested rule:
- global administrators can manage grants for any AI resource;
- the resource owner can manage grants for that resource;
- users with explicit write permission can modify the resource, but whether they can delegate grants should be a deliberate plugin policy, not an accidental side effect.
The selected rule should be documented in the default auth/visibility plugin spec.
5. Console integration
If the console exposes AI resource sharing or authorization management, it should call the plugin-owned API and handle "unsupported by current plugin" gracefully.
The console should not hard-code default plugin storage details into generic AI resource pages.
6. Specs and tests
Update the affected specs:
- visibility plugin spec;
- default auth plugin spec;
- AI resource model/lifecycle specs if they need to clarify the boundary between resource metadata and visibility grants;
- v3 API surface spec for the new plugin-owned API family.
Testing should cover:
- grant/revoke API validation and authorization;
- owner/admin grant management rules;
- explicit read and write checks in
DefaultAiVisibilityService;
- list/search/count including explicitly authorized resources before pagination;
- no leakage of private resources without explicit permission;
- console/API behavior when the selected visibility plugin does not support grant management.
Because this adds HTTP API behavior, the API integration test scenario matrix and coverage registry should also be updated according to the repository API IT rules.
Non-goals
- This issue should not move grant management into generic AI resource controllers.
- This issue should not require every custom visibility plugin to adopt the default plugin storage model.
- This issue should not make
PUBLIC resources writable by all users.
- This issue should not replace the existing owner/scope visibility model.
Acceptance Criteria
- The default plugin provides a clear v3 API to grant/revoke/list user read/write access for one AI resource.
- The API is implemented under the plugin-owned auth/visibility API surface.
- Explicitly granted users can read/write the target AI resource according to the granted action.
- List/search/count APIs include explicitly readable resources correctly.
- Owner/admin grant management rules are documented and tested.
- Generic AI resource APIs remain storage-agnostic and delegate visibility decisions to the visibility plugin.
Motivation
Nacos AI resources already have
ownerandscopemetadata, and the visibility plugin contract is used by AI resource read/write paths. The current default visibility behavior is useful but still incomplete for team collaboration:PUBLICresources are readable by non-owners;PRIVATEresources are not visible to other users unless an explicit permission check succeeds.The code and specs already reserve an explicit authorization model:
DefaultAiVisibilityServicechecks the explicit resource permission@@visibility/{namespaceId}/{resourceType}/{resourceName}for single-resource access.VisibilityService.adviseQuery(...)returnsAuthorizedResourcesso list/search queries can include explicitly authorized resources.DefaultVisibilityAdvisorConverteralready has the hook to includeauthorizedResourceNames, but the default visibility service currently leaves the authorized resource list empty.What is missing is a plugin-owned management API and implementation for granting a specific user read/write permission to a specific AI resource.
This should be completed in 3.3.
Problem
Today, the default AI resource visibility model effectively behaves as owner/admin/public-read for most user workflows. There is no clear API for a resource owner or administrator to grant another user read or write permission on one AI resource.
This blocks common collaboration scenarios, for example:
aliceowns a privateskilland wants userbobto read it;aliceowns a privateagentspecand wants userbobto update drafts or publish versions;A key design constraint: the authorization API should belong to the plugin implementation, not to the generic AI resource API.
Generic AI resource APIs should continue to manage resource metadata, versions, lifecycle, scope, labels, and content. They should not know how a specific visibility/auth plugin stores grants, roles, users, or external authorization state.
Desired Capability
1. Add plugin-owned AI resource visibility authorization APIs
Add v3 APIs owned by the default auth/visibility plugin implementation. The exact path can be finalized in design, but it should live under the plugin API surface such as
/v3/auth/..., not under/v3/admin/ai/*,/v3/console/ai/*, or generic AI resource controllers.The API should support at least:
The model should include:
namespaceId;resourceType, such asmcp,prompt,skill, oragentspec;resourceName;r,w, or a compatiblerwrepresentation;2. Keep the API boundary plugin-specific
The default
nacosauth/visibility plugin can implement these APIs using its RBAC/permission storage, for example by writing permissions with resource:Other visibility/auth plugins should be free to implement their own API or report that grant management is unsupported. The generic AI resource service should only call the
VisibilityServiceSPI for validation and query advice.3. Complete runtime authorization behavior
After a grant is created:
rpermission;wpermission;AuthorizedResources;4. Define who can manage grants
The first-stage 3.3 behavior should be explicit and conservative. Suggested rule:
The selected rule should be documented in the default auth/visibility plugin spec.
5. Console integration
If the console exposes AI resource sharing or authorization management, it should call the plugin-owned API and handle "unsupported by current plugin" gracefully.
The console should not hard-code default plugin storage details into generic AI resource pages.
6. Specs and tests
Update the affected specs:
Testing should cover:
DefaultAiVisibilityService;Because this adds HTTP API behavior, the API integration test scenario matrix and coverage registry should also be updated according to the repository API IT rules.
Non-goals
PUBLICresources writable by all users.Acceptance Criteria