Documentation
¶
Index ¶
- type Approver
- type AuditEntry
- type Capability
- type Checker
- type Choice
- type Classification
- type Classifier
- type Decision
- type DecisionEngine
- type DecisionKind
- type DecisionSource
- type Engine
- func (e *Engine) Decide(ctx context.Context, req Request) (*Decision, error)
- func (e *Engine) FilesystemRoots() FilesystemRoots
- func (e *Engine) Mode() Mode
- func (e *Engine) PlanMode() bool
- func (e *Engine) SetApprover(fn Approver)
- func (e *Engine) SetFilesystemRoots(roots FilesystemRoots)
- func (e *Engine) SetMode(mode Mode)
- func (e *Engine) SetPlanMode(active bool)
- func (e *Engine) SetSkillAllows(rawTools []string)
- type EngineConfig
- type FilesystemRoots
- type Metadata
- type Mode
- type Prompt
- type Request
- type Rule
- type RuleSet
- type Store
- type StoreEntry
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditEntry ¶
type AuditEntry struct {
Time time.Time `json:"time"`
Mode Mode `json:"mode"`
PlanMode bool `json:"plan_mode"`
Tool string `json:"tool"`
Capability Capability `json:"capability"`
Summary string `json:"summary"`
Decision string `json:"decision"`
Reason string `json:"reason,omitempty"`
Allow bool `json:"allow"`
}
type Capability ¶
type Capability string
const ( CapabilityRead Capability = "read" CapabilityWrite Capability = "write" CapabilityExec Capability = "exec" CapabilityHook Capability = "hook" CapabilityNetwork Capability = "network" CapabilityInternal Capability = "internal" CapabilityUnknown Capability = "unknown" )
type Classification ¶ added in v1.6.6
type Classification struct {
Capability Capability
Path string
Command string
Workdir string
URL string
Summary string
Reason string
Key string
}
Classification describes how the permission engine should treat a tool call. The harness owns the mapping from tool names to capabilities and operand fields, and provides it via EngineConfig.Classifier.
Field semantics by Capability:
- Read : Path is checked against ReadRoots; populates summary.
- Write : Path is checked against WriteRoots; populates summary and contributes to the audit key (write:<path>).
- Exec : Command populates summary; hashed into the audit key (exec:<hash>). Workdir, if set, is checked against WriteRoots.
- Network : URL populates summary; host extracted into audit key (network:<host>). Empty URL falls back to network:<tool>.
- Internal: no operand fields used; key is internal:<tool>.
- Unknown : key is tool:<tool>.
Summary, Reason, and Key are optional overrides — empty fields fall back to engine-derived defaults.
type Classifier ¶ added in v1.6.6
type Classifier func(req Request) Classification
Classifier maps a Request to a Classification. The harness owns the mapping from tool names to capabilities and operand fields. If nil, every request defaults to CapabilityUnknown unless Request.Metadata supplies a Capability override.
type Decision ¶
type Decision struct {
Kind DecisionKind `json:"kind"`
Source DecisionSource `json:"source,omitempty"`
Reason string `json:"reason,omitempty"`
Capability Capability `json:"capability,omitempty"`
Summary string `json:"summary,omitempty"`
Key string `json:"key,omitempty"`
OutsideRoots bool `json:"outside_roots,omitempty"`
Prompted bool `json:"prompted,omitempty"`
Preview string `json:"preview,omitempty"`
UpdatedArgs json.RawMessage `json:"updated_args,omitempty"`
Suggestions []string `json:"suggestions,omitempty"`
}
type DecisionEngine ¶
type DecisionKind ¶
type DecisionKind string
const ( DecisionAllow DecisionKind = "allow" DecisionAllowOnce DecisionKind = "allow_once" DecisionAllowSession DecisionKind = "allow_session" DecisionAllowAlways DecisionKind = "allow_always" DecisionDeny DecisionKind = "deny" )
type DecisionSource ¶
type DecisionSource string
const ( DecisionSourceTool DecisionSource = "tool" DecisionSourceRule DecisionSource = "rule" DecisionSourceSkill DecisionSource = "skill" DecisionSourceMode DecisionSource = "mode" DecisionSourcePrompt DecisionSource = "prompt" DecisionSourceStore DecisionSource = "store" DecisionSourceRoots DecisionSource = "roots" DecisionSourceInternal DecisionSource = "internal" )
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
func NewEngine ¶
func NewEngine(cfg EngineConfig) *Engine
func (*Engine) FilesystemRoots ¶
func (e *Engine) FilesystemRoots() FilesystemRoots
func (*Engine) SetApprover ¶
func (*Engine) SetFilesystemRoots ¶
func (e *Engine) SetFilesystemRoots(roots FilesystemRoots)
func (*Engine) SetPlanMode ¶
func (*Engine) SetSkillAllows ¶
type EngineConfig ¶
type EngineConfig struct {
Workspace string
Mode Mode
Rules *RuleSet
Roots FilesystemRoots
Store *Store
Approver Approver
OnAudit func(AuditEntry)
// Classifier maps tool requests to capabilities + operand fields.
// See Classification for field semantics.
Classifier Classifier
// PlanModeAllowedTools names tools that may run in plan mode despite not
// having Read capability. Empty by default — plan mode is read-only.
// Use this for harness-specific control tools (e.g. an "exit_plan_mode"
// tool that must run while the harness is in plan mode).
PlanModeAllowedTools []string
// PlanModeExecAllowed lets the harness opt specific exec calls (typically
// the bash tool, used for grep/find/git status during plan exploration)
// through plan-mode's default exec ban. When this returns true, the call
// is allowed in plan mode without triggering the underlying mode's ask
// flow — the harness is asserting the exec is safe under plan-mode
// semantics (typically enforced by the system prompt). Nil = default
// behavior (all exec denied in plan mode).
PlanModeExecAllowed func(req Request) bool
// PlanModeWriteAllowed lets the harness opt specific write calls through
// plan-mode's default write ban. Typical use: a designated plan file the
// model edits incrementally during planning. The harness owns the policy
// (path matching, etc.); agentcore stays generic. Nil = default behavior
// (all writes denied in plan mode).
PlanModeWriteAllowed func(req Request) bool
}
type FilesystemRoots ¶
type FilesystemRoots struct {
ReadRoots []string
WriteRoots []string
InternalReadable []string
InternalWritable []string
}
FilesystemRoots scope filesystem access for tool requests. The two pairs serve different audiences:
ReadRoots / WriteRoots: user-configured. Subject to deny rules and mode-based prompts (e.g. balanced mode asks for any write). Out-of-roots access triggers an OutsideRoots prompt; AllowAlways for that prompt is downgraded to AllowOnce so a one-shot consent does not silently grant persistent access.
InternalReadable / InternalWritable: harness-declared. Reserved for paths the harness itself manages (auto-memory dir, plan store, scratch space). Matches bypass the OutsideRoots prompt and the mode-based ask so the agent can read/write these locations silently. Deny rules and plan-mode read-only enforcement still apply.
A path matched by InternalWritable is also treated as readable, so callers that want bidirectional access only need to populate the writable list.
type Metadata ¶
type Metadata struct {
Capability Capability `json:"capability,omitempty"`
SummaryHint string `json:"summary_hint,omitempty"`
Reason string `json:"reason,omitempty"`
Key string `json:"key,omitempty"`
KeyPrefix string `json:"key_prefix,omitempty"`
}
type Request ¶
type Request struct {
ToolID string `json:"tool_id,omitempty"`
ToolName string `json:"tool_name"`
ToolLabel string `json:"tool_label,omitempty"`
Summary string `json:"summary,omitempty"`
Reason string `json:"reason,omitempty"`
Args json.RawMessage `json:"args,omitempty"`
Preview json.RawMessage `json:"preview,omitempty"`
Metadata Metadata `json:"metadata,omitempty"`
}
type RuleSet ¶
func ParseRuleSet ¶
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
func (*Store) Add ¶
func (s *Store) Add(entry StoreEntry) error
type StoreEntry ¶
Source Files
Click to show internal directories.
Click to hide internal directories.