Discussion
The PCSL spec lists health and finances as valid namespaces (marked "sensitive, off by default"). Currently there is no enforcement at the server level - any client can request these scopes and get them if they exist in context.json.
Proposal
Should the server require explicit user confirmation before issuing tokens with sensitive scopes?
Options:
- CLI confirmation prompt -
pcsl token create app health triggers typer.confirm("Share health data with 'app'?")
- Scope allowlist in
.env - user explicitly opts in: SENSITIVE_SCOPES=health,finances
- Protocol-level flag in spec - mark scopes as
sensitivity: high in /.well-known/pcsl.json and let clients decide how to handle it
- No change — user is responsible, keep it simple
Questions for the community
- What's the right UX here?
- Should the protocol spec define sensitivity levels or leave it to implementations?
Relevant spec file: pcsl/spec/SPEC.md
Discussion
The PCSL spec lists
healthandfinancesas valid namespaces (marked "sensitive, off by default"). Currently there is no enforcement at the server level - any client can request these scopes and get them if they exist incontext.json.Proposal
Should the server require explicit user confirmation before issuing tokens with sensitive scopes?
Options:
pcsl token create app healthtriggerstyper.confirm("Share health data with 'app'?").env- user explicitly opts in:SENSITIVE_SCOPES=health,financessensitivity: highin/.well-known/pcsl.jsonand let clients decide how to handle itQuestions for the community
Relevant spec file:
pcsl/spec/SPEC.md