PORTICO: Revocable Capabilities for Secure Coding Agents

Igor Santos-Grueiro· July 8, 2026 View original

Summary

PORTICO is a reference monitor that introduces revocable resource-and-effect capabilities for coding agents, addressing "lingering authority" where agents retain broad tool access unnecessarily. It compiles explicit task contracts into epoch-bound handles, ensuring capabilities are revoked after subgoals are met, thereby enhancing security and preventing unauthorized post-closure actions.

Coding agents often maintain overly broad access to tools throughout an entire task, even when a specific resource is only needed for a brief subgoal. This issue, termed "lingering authority," leaves temporary resource capabilities exposed long after their justification has passed. To mitigate this, PORTICO, a new reference monitor, introduces revocable capabilities for agents. It translates explicit task contracts into initial capabilities, grant rules, trusted closure predicates, and global deny rules. During execution, expansions are materialized as opaque, epoch-bound handles. Upon subgoal completion, PORTICO removes these handles from the agent's interface and rejects any attempts to reuse stale capabilities, preventing unauthorized side effects. Experimental results show PORTICO successfully blocks contract-forbidden effects post-closure, while a non-revoking comparator permits them, demonstrating enhanced security and scope compliance in various coding agent tasks involving file writes, git mutations, and network egress.

Why it matters

This system significantly enhances the security and reliability of AI coding agents by preventing unintended or malicious actions stemming from over-privileged access, which is crucial for deploying autonomous agents in sensitive development or operational environments.

How to implement this in your domain

  1. 1Evaluate PORTICO's reference monitor design for securing your AI coding agents.
  2. 2Implement explicit task contracts to define precise, revocable capabilities for agents.
  3. 3Integrate epoch-bound handles to manage temporary resource access for subgoals.
  4. 4Develop mechanisms to audit and prevent post-closure reuse of agent capabilities.

Who benefits

Software DevelopmentCybersecurityAI DevelopmentDevOps

Key takeaways

  • PORTICO introduces revocable capabilities for secure coding agents.
  • It addresses "lingering authority" by limiting tool access to specific subgoals.
  • The system prevents unauthorized post-closure actions by agents.
  • PORTICO enhances security and scope compliance in agent-driven development.

Original post by Igor Santos-Grueiro

"arXiv:2606.22504v1 Announce Type: cross Abstract: Coding agents often receive broad tool access for an entire task, even when a resource is needed only for one subgoal. We call this gap lingering authority: a temporary resource/effect capability remains exposed after the episode…"

View on X

Originally posted by Igor Santos-Grueiro on X · view source

Want to go deeper?

Turn these trends into skills with Learnijoy's hands-on AI & tech courses.

Explore courses