approval

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 25, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ApproverFunc 

type ApproverFunc func(ctx context.Context, prompt Prompt) (Choice, error)

type AuditEntry 

type AuditEntry struct {
	Time       time.Time
	Mode       Mode
	PlanMode   bool
	Tool       string
	Capability Capability
	Summary    string
	Decision   string
	Reason     string
	Allow      bool
}

type Capability 

type Capability string
const (
	CapRead     Capability = "read"
	CapWrite    Capability = "write"
	CapExec     Capability = "exec"
	CapHook     Capability = "hook"
	CapNetwork  Capability = "network"
	CapSubagent Capability = "subagent"
	CapInternal Capability = "internal"
	CapUnknown  Capability = "unknown"
)

type Choice 

type Choice string
const (
	ChoiceAllowOnce    Choice = "allow_once"
	ChoiceAllowSession Choice = "allow_session"
	ChoiceAllowAlways  Choice = "allow_always"
	ChoiceDeny         Choice = "deny"
)

type CommandCategory 

type CommandCategory string
const (
	CommandCategoryInfo    CommandCategory = "info"
	CommandCategoryPrompt  CommandCategory = "prompt"
	CommandCategorySession CommandCategory = "session"
	CommandCategoryConfig  CommandCategory = "config"
	CommandCategoryPlan    CommandCategory = "plan"
	CommandCategoryExit    CommandCategory = "exit"
)

func NormalizeCommandCategory 

func NormalizeCommandCategory(raw string) CommandCategory

type CommandRequest 

type CommandRequest struct {
	Name      string
	Category  CommandCategory
	NeedsIdle bool
	IsRunning bool
	Summary   string
	Preview   string
}

type Engine 

type Engine struct {
	// contains filtered or unexported fields
}

func NewEngine 

func NewEngine(cwd string, mode Mode, rules *RuleSet, onAudit func(AuditEntry)) (*Engine, error)

func (*Engine) ApproveCommand 

func (e *Engine) ApproveCommand(_ context.Context, req CommandRequest) error

func (*Engine) ApproveHook 

func (e *Engine) ApproveHook(ctx context.Context, req HookRequest) error

func (*Engine) ApproveTool 

func (e *Engine) ApproveTool(ctx context.Context, req agentcore.ToolApprovalRequest) (*agentcore.ToolApprovalResult, error)

func (*Engine) Mode 

func (e *Engine) Mode() Mode

func (*Engine) PlanMode 

func (e *Engine) PlanMode() bool

func (*Engine) ReplaceToolMetadata 

func (e *Engine) ReplaceToolMetadata(tools []agentcore.Tool)

func (*Engine) SetApprover 

func (e *Engine) SetApprover(fn ApproverFunc)

func (*Engine) SetFilesystemRoots 

func (e *Engine) SetFilesystemRoots(roots FilesystemRoots)

func (*Engine) SetMode 

func (e *Engine) SetMode(mode Mode)

func (*Engine) SetPlanMode 

func (e *Engine) SetPlanMode(active bool)

func (*Engine) SetSkillAllows 

func (e *Engine) SetSkillAllows(rawTools []string)

SetSkillAllows replaces the temporary allow rules from a skill's allowed-tools. Pass nil or empty to clear. Each entry is parsed as a permission rule (e.g. "Read", "Bash(npm test *)"). Invalid entries are silently ignored.

type FilesystemRoots 

type FilesystemRoots struct {
	ReadRoots  []string
	WriteRoots []string
}

type HookRequest 

type HookRequest struct {
	Event    string
	Tool     string
	Command  string
	Blocking bool
}

type Mode 

type Mode string
const (
	ModeStrict      Mode = "strict"
	ModeBalanced    Mode = "balanced"
	ModeAcceptEdits Mode = "accept_edits"
	ModeTrust       Mode = "trust"
	ModePlan        Mode = "plan" // 兼容旧调用;新代码应使用 SetPlanMode
)

func ParseMode 

func ParseMode(raw string) (Mode, error)

type Prompt 

type Prompt struct {
	Tool         string
	Summary      string
	Reason       string
	Capability   Capability
	Preview      string
	OutsideRoots bool // hint to UI: only allow_once and deny are safe choices
}

type Rule 

type Rule struct {
	Raw     string // original string, e.g. "Bash(npm test *)"
	Kind    string // "Bash","Edit","Read","WebFetch","Subagent","tool"
	Pattern string // content inside parentheses, or bare tool name pattern
}

Rule is a single permission rule parsed from settings.

func ParseRule 

func ParseRule(raw string) (Rule, error)

ParseRule parses a single rule string like "Bash(npm test *)" or "mcp__ctx7__*".

type RuleSet 

type RuleSet struct {
	Allow []Rule
	Deny  []Rule
}

RuleSet holds allow and deny rule lists.

func ParseRuleSet 

func ParseRuleSet(allow, deny []string) (*RuleSet, error)

ParseRuleSet parses raw allow/deny string arrays into a RuleSet. Returns nil if both arrays are empty.

func (*RuleSet) Evaluate 

func (rs *RuleSet) Evaluate(info toolInfo) (ruleAction, bool)

Evaluate checks toolInfo against the rule set. Returns (action, true) if a rule matched, or ("", false) to fall through. Evaluation order: deny first, then allow.

type Store 

type Store struct {
	// contains filtered or unexported fields
}

func NewStore 

func NewStore(path string) (*Store, error)

func (*Store) Add 

func (s *Store) Add(entry storedEntry) error

func (*Store) Has 

func (s *Store) Has(key string) bool

type ToolMetadata 

type ToolMetadata struct {
	ToolName    string
	Capability  Capability
	SummaryHint string
	Reason      string
	KeyPrefix   string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.