Documentation
¶
Index ¶
- Variables
- func DecomposeCommand(cmd string) ([]string, error)
- func IsFileTool(toolName string) bool
- func IsSensitivePath(path string) bool
- func SaveLocal(projectsRoot, projectID string, add Rules) error
- func SuggestForSubcommands(command string) [][]Suggestion
- type Decision
- type Gate
- type Request
- type ResponseAction
- type Rules
- type Suggestion
Constants ¶
This section is empty.
Variables ¶
var ErrUnknownRequest = errors.New("no pending permission request")
Functions ¶
func DecomposeCommand ¶
DecomposeCommand splits a shell command on &&, ||, &, ;, |, LF, and CR respecting single and double quotes. Returns an error if $( or backticks are found outside single quotes (command substitution cannot be safely pattern-matched).
func IsFileTool ¶
func IsSensitivePath ¶
func SaveLocal ¶
SaveLocal writes to the per-project permissions file, merging new patterns into the existing file (append-only, no duplicates).
func SuggestForSubcommands ¶
func SuggestForSubcommands(command string) [][]Suggestion
SuggestForSubcommands returns suggestions grouped by subcommand. Each inner slice is the suggestions for one subcommand.
Types ¶
type Decision ¶
type Decision int
Decision is the outcome of evaluating rules against a tool call.
func Check ¶
Check evaluates local rules first, then global. Local overrides global: if any rule matches in local, that decision is final. If no local rule matches, global is checked. If neither matches, the default is DecisionAsk.
type Gate ¶
type Gate struct {
// OnRequest is called when a new permission request is registered.
OnRequest func(ctx context.Context, req Request)
// contains filtered or unexported fields
}
Gate bridges synchronous permission checks to an async request/response round-trip through the Wails frontend.
func (*Gate) Ask ¶
Ask registers a pending request and blocks until the user responds or ctx is cancelled. Returns true for allow, false for deny.
func (*Gate) AskRequest ¶
func (g *Gate) AskRequest(ctx context.Context, req Request) ResponseAction
AskRequest registers a pending structured request and blocks until the user responds or ctx is cancelled.
func (*Gate) CancelAll ¶
func (g *Gate) CancelAll()
CancelAll resolves every pending request as denied and clears the pending set.
type Request ¶
type Request struct {
ID string `json:"id"`
ToolName string `json:"tool"`
Arg string `json:"args"`
ResolvedArg string `json:"resolved_arg,omitempty"`
CanAllowAll bool `json:"can_allow_all,omitempty"`
BatchIndex int `json:"batch_index,omitempty"`
BatchTotal int `json:"batch_total,omitempty"`
BatchFiles []string `json:"batch_files,omitempty"`
}
Request is the structured payload sent to the frontend when the gate needs to ask the user for permission.
type ResponseAction ¶
type ResponseAction string
ResponseAction is the user's answer to a permission prompt.
const ( ResponseAllow ResponseAction = "allow" ResponseDeny ResponseAction = "deny" ResponseAllowAll ResponseAction = "allow_all" )
type Rules ¶
type Rules struct {
Allow []string `json:"allow,omitempty"`
Deny []string `json:"deny,omitempty"`
Ask []string `json:"ask,omitempty"`
}
Rules is the shape of both global permissions (in config.json) and local permissions (in projects/<id>/permissions.json).
type Suggestion ¶
type Suggestion struct {
Rule string `json:"rule"` // full rule string, e.g. "run_command(npm run *)"
Label string `json:"label"` // human-readable label for the UI
}
Suggestion is a pattern choice shown in the "Allow for project" UI.
func Suggest ¶
func Suggest(toolName, arg, projectRoot string) []Suggestion
Suggest returns pattern suggestions of escalating generality for a tool call. For run_command, compound commands are decomposed and suggestions are returned per unmatched subcommand.
Source Files