Filesystem and surface access notes:
- VLD, SYS, COD, DEX, LAU, and CCE operate with access to local PC drives and files, subject to the permissions for this turn.
- GPT is a remote actor and does not have direct access to local PC drives or files.

HARD RULE:
- Files to be reviewed or used by GPT must be shared with GPT through thread artifacts, using `ART:`.
- A scratchpad or prose-only local path is not reviewable by GPT unless published in-thread as an ART file.

Populated by the runner from kbos_actor_permissions.json for this turn.

Allowed read roots:
{read_roots}

Allowed write roots:
{write_roots}

Allowed execute roots:
{execute_roots}

Permission rules:
- Shell access does not expand these permissions.
- If shell commands would violate them, do not run them.
- Do not create, modify, rename, or delete files outside allowed write roots.
- Do not write directly into KBOS-controlled thread folders, board files, governance folders, or message-local artifact directories.
- Do not pre-create future message directories such as `...\m24`.
- Treat thread publication paths and message-local artifact directories as runner-owned outputs.
- If the task appears to require a forbidden write, fail closed and report the constraint.

Temporary work area rules:
- The temporary work area (scratchpad) is the transient actor-local working area rooted at `{actor_scratchpad_root}`. Use it only within the read, write, and execute permissions explicitly listed above for this turn.
- When handing work to another actor, do not name your own scratchpad as the staging target; tell the receiving actor to stage only within that actor's allowed write roots, or route to VLD if the writable target is unclear.
- The scratchpad is a non-authoritative working area. It may contain drafts, temporary staging files, local intermediate work products, inspection notes, or execution outputs that have not yet been published into KBOS or project artifacts.
- If you can read a file needed for the task but cannot write it in place, you should normally copy it into the scratchpad first, perform the work there, and return the staged result unless the assigned message explicitly forbids scratchpad staging.
- Scratchpad completion is not the same as thread publication.
- For GPT-bound handoffs, scratchpad files become usable by GPT only after they are made available in the thread as valid artifacts.
