Documentation
¶
Overview ¶
Package config provides multi-level settings management for GenCode. Settings are loaded from multiple sources with the following priority (lowest to highest):
- ~/.claude/settings.json (Claude user level - compatibility)
- ~/.gen/settings.json (Gen user level)
- .claude/settings.json (Claude project level - compatibility)
- .gen/settings.json (Gen project level)
- .claude/settings.local.json (Claude local level - compatibility)
- .gen/settings.local.json (Gen local level)
- Environment variables / CLI arguments
- managed-settings.json (system level - cannot be overridden)
Index ¶
- Variables
- func BuildRule(toolName string, args map[string]any) string
- func GetDisabledTools() map[string]bool
- func GetDisabledToolsAt(userLevel bool) map[string]bool
- func IsDestructiveCommand(cmd string) bool
- func IsReadOnlyTool(toolName string) bool
- func MatchRule(rule, pattern string) bool
- func UpdateDisabledTools(disabledTools map[string]bool) error
- func UpdateDisabledToolsAt(disabledTools map[string]bool, userLevel bool) error
- type Hook
- type HookCmd
- type Loader
- func (l *Loader) EnsureProjectDir() error
- func (l *Loader) EnsureUserDir() error
- func (l *Loader) GetProjectDir() string
- func (l *Loader) GetUserDir() string
- func (l *Loader) Load() (*Settings, error)
- func (l *Loader) LoadFile(path string) (*Settings, error)
- func (l *Loader) SaveToProject(settings *Settings) error
- func (l *Loader) SaveToUser(settings *Settings) error
- type OperationMode
- type PermissionResult
- type PermissionSettings
- type SessionPermissions
- type Settings
Constants ¶
This section is empty.
Variables ¶
var CommonAllowPatterns = []string{
"Bash(git:*)",
"Bash(npm:*)",
"Bash(yarn:*)",
"Bash(pnpm:*)",
"Bash(go:*)",
"Bash(make:*)",
"Bash(ls:*)",
"Bash(cat:*)",
"Bash(head:*)",
"Bash(tail:*)",
"Bash(pwd)",
}
CommonAllowPatterns contains commonly allowed patterns.
var CommonDenyPatterns = []string{
"Read(**/.env)",
"Read(**/.env.*)",
"Read(**/secrets/**)",
"Read(**/*credentials*)",
"Read(**/*password*)",
"Read(**/.aws/**)",
"Read(**/.ssh/**)",
"Edit(**/.env)",
"Edit(**/.env.*)",
"Write(**/.env)",
"Write(**/.env.*)",
}
CommonDenyPatterns contains commonly denied patterns for security.
var DestructiveCommands = []string{
"rm:-rf",
"rm:-fr",
"rm:-r",
"git:reset --hard",
"git:clean -fd",
"git:clean -f",
"git:push --force",
"git:push -f",
"chmod:777",
"chmod:-R 777",
":(){ :|:& };:",
"> /dev/",
"dd:if=",
"mkfs",
"fdisk",
}
DestructiveCommands are patterns that should always require user confirmation, even when session permissions like AllowAllBash are enabled. These commands can cause irreversible data loss or system damage.
var ReadOnlyTools = map[string]bool{ "Read": true, "Glob": true, "Grep": true, "WebFetch": true, "WebSearch": true, }
ReadOnlyTools is a list of tools that are considered read-only. These tools don't modify any files or state.
Functions ¶
func BuildRule ¶
BuildRule builds a rule string from a tool name and arguments. Format: "Tool(args)"
Different tools extract different parts of args:
- Bash: "Bash(command)" where command is the shell command
- Read/Edit/Write: "Read(file_path)"
- Glob/Grep: "Glob(pattern)" or "Grep(pattern)"
- WebFetch: "WebFetch(domain:hostname)"
func GetDisabledTools ¶ added in v1.1.0
GetDisabledTools returns the disabled tools from loaded settings.
func GetDisabledToolsAt ¶ added in v1.1.0
GetDisabledToolsAt returns the disabled tools from a specific level (not merged). If userLevel is true, loads from ~/.gen/settings.json, otherwise from .gen/settings.json.
func IsDestructiveCommand ¶ added in v1.1.0
IsDestructiveCommand checks if a bash command matches any destructive pattern. Returns true if the command should always require user confirmation.
func IsReadOnlyTool ¶
IsReadOnlyTool returns true if the tool is read-only.
func MatchRule ¶
MatchRule checks if a rule matches a pattern. Rule format: "Tool(args)" Pattern format: "Tool(pattern)" where pattern supports:
- "*" matches any sequence of characters
- "**" matches any sequence including path separators
- "domain:" prefix for WebFetch domain matching
func UpdateDisabledTools ¶ added in v1.1.0
UpdateDisabledTools updates the disabled tools in project-level settings. It only saves the DisabledTools field, preserving other settings.
Types ¶
type Hook ¶
type Hook struct {
// Matcher is a pattern to match against the event
Matcher string `json:"matcher,omitempty"`
// Hooks are the commands to execute when matched
Hooks []HookCmd `json:"hooks,omitempty"`
}
Hook defines an event hook configuration
type HookCmd ¶
type HookCmd struct {
// Type is the hook type (e.g., "command", "prompt", "agent")
// Currently only "command" is supported.
Type string `json:"type"`
// Command is the shell command to execute (for type=command)
Command string `json:"command,omitempty"`
// Prompt is the LLM prompt (for type=prompt/agent, not yet supported)
Prompt string `json:"prompt,omitempty"`
// Model specifies the model for prompt/agent hooks
Model string `json:"model,omitempty"`
// Async runs the hook asynchronously (fire-and-forget)
Async bool `json:"async,omitempty"`
// Timeout in seconds (default: 600)
Timeout int `json:"timeout,omitempty"`
// StatusMessage is displayed while the hook executes
StatusMessage string `json:"statusMessage,omitempty"`
// Once ensures the hook only runs once per session
Once bool `json:"once,omitempty"`
}
HookCmd defines a single hook command
type Loader ¶
type Loader struct {
// contains filtered or unexported fields
}
Loader handles loading and merging settings from multiple sources.
func NewLoader ¶
func NewLoader() *Loader
NewLoader creates a new settings loader. It defaults to:
- userDir: ~/.gen
- projectDir: .gen
- claudeCompat: true (also loads from .claude directories)
func NewLoaderWithOptions ¶
NewLoaderWithOptions creates a loader with custom options.
func (*Loader) EnsureProjectDir ¶
EnsureProjectDir creates the project config directory if it doesn't exist.
func (*Loader) EnsureUserDir ¶
EnsureUserDir creates the user config directory if it doesn't exist.
func (*Loader) GetProjectDir ¶
GetProjectDir returns the project config directory path.
func (*Loader) GetUserDir ¶
GetUserDir returns the user config directory path.
func (*Loader) Load ¶
Load loads and merges settings from all sources. Priority (lowest to highest):
- ~/.claude/settings.json (Claude user level)
- ~/.gen/settings.json (Gen user level)
- .claude/settings.json (Claude project level)
- .gen/settings.json (Gen project level)
- .claude/settings.local.json (Claude local level)
- .gen/settings.local.json (Gen local level)
Later sources override earlier ones.
func (*Loader) SaveToProject ¶ added in v1.1.0
SaveToProject saves settings to the project-level settings file. It merges with existing settings if the file exists.
func (*Loader) SaveToUser ¶ added in v1.1.0
SaveToUser saves settings to the user-level settings file. It merges with existing settings if the file exists.
type OperationMode ¶ added in v1.1.0
type OperationMode int
OperationMode defines the current operation mode
const ( ModeNormal OperationMode = iota // Normal: permission prompts enabled ModeAutoAccept // Auto-accept: auto-approve edits/writes ModePlan // Plan: read-only tools only )
func (OperationMode) Next ¶ added in v1.1.0
func (m OperationMode) Next() OperationMode
Next returns the next mode in the cycle
func (OperationMode) String ¶ added in v1.1.0
func (m OperationMode) String() string
String returns the display name for the mode
type PermissionResult ¶
type PermissionResult int
PermissionResult represents the result of a permission check.
const ( // PermissionAllow means the action is automatically allowed. PermissionAllow PermissionResult = iota // PermissionDeny means the action is automatically denied. PermissionDeny // PermissionAsk means the action requires user confirmation. PermissionAsk )
func (PermissionResult) String ¶
func (p PermissionResult) String() string
String returns a human-readable representation of the permission result.
type PermissionSettings ¶
type PermissionSettings struct {
// Allow contains patterns that are automatically allowed
Allow []string `json:"allow,omitempty"`
// Deny contains patterns that are automatically denied
Deny []string `json:"deny,omitempty"`
// Ask contains patterns that require user confirmation
Ask []string `json:"ask,omitempty"`
}
PermissionSettings defines permission rules for tool execution. Rules use the format "Tool(pattern)" where pattern uses glob-like syntax.
Example rules:
- "Bash(npm:*)" - Match npm commands
- "Read(**/.env)" - Match .env files in any directory
- "Edit(/path/**)" - Match files under /path
- "WebFetch(domain:github.com)" - Match specific domain
type SessionPermissions ¶
type SessionPermissions struct {
// AllowAllEdits allows all edit operations without prompting
AllowAllEdits bool
// AllowAllWrites allows all write operations without prompting
AllowAllWrites bool
// AllowAllBash allows all bash commands without prompting
AllowAllBash bool
// AllowAllSkills allows all skill invocations without prompting
AllowAllSkills bool
// AllowAllTasks allows all task/agent spawning without prompting
AllowAllTasks bool
// AllowedTools contains tools that have been allowed for this session
AllowedTools map[string]bool
// AllowedPatterns contains specific patterns that have been allowed
AllowedPatterns map[string]bool
}
SessionPermissions tracks runtime permission state for the current session. This allows "allow all" type responses to persist during a session.
func NewSessionPermissions ¶
func NewSessionPermissions() *SessionPermissions
NewSessionPermissions creates a new session permissions instance
func (*SessionPermissions) AllowPattern ¶
func (sp *SessionPermissions) AllowPattern(pattern string)
AllowPattern marks a specific pattern as allowed for this session
func (*SessionPermissions) AllowTool ¶
func (sp *SessionPermissions) AllowTool(toolName string)
AllowTool marks a tool as allowed for this session
func (*SessionPermissions) IsPatternAllowed ¶
func (sp *SessionPermissions) IsPatternAllowed(pattern string) bool
IsPatternAllowed checks if a specific pattern is allowed for this session
func (*SessionPermissions) IsToolAllowed ¶
func (sp *SessionPermissions) IsToolAllowed(toolName string) bool
IsToolAllowed checks if a tool is allowed for this session
type Settings ¶
type Settings struct {
// Permissions defines permission rules for tools
Permissions PermissionSettings `json:"permissions,omitempty"`
// Model is the default model to use (e.g., "claude-sonnet-4-20250514")
Model string `json:"model,omitempty"`
// Hooks defines event hooks (e.g., PreToolUse, PostToolUse)
Hooks map[string][]Hook `json:"hooks,omitempty"`
// Env defines environment variables to set
Env map[string]string `json:"env,omitempty"`
// EnabledPlugins defines which plugins are enabled
EnabledPlugins map[string]bool `json:"enabledPlugins,omitempty"`
// DisabledTools defines which tools are disabled
// Key is tool name, value true means disabled
// Project-level settings can override user-level by setting to false
DisabledTools map[string]bool `json:"disabledTools,omitempty"`
}
Settings represents the complete GenCode configuration. Compatible with Claude Code settings format.
func Default ¶
func Default() *Settings
Default returns the default settings without loading from files.
func MergeSettings ¶
MergeSettings merges two Settings objects. Values from 'overlay' override values in 'base'. For slices (like permission rules), overlay values replace base values. For maps, overlay values are merged with base values.
func NewSettings ¶
func NewSettings() *Settings
NewSettings creates a new Settings instance with default values
func (*Settings) CheckPermission ¶
func (s *Settings) CheckPermission(toolName string, args map[string]any, session *SessionPermissions) PermissionResult
CheckPermission checks if a tool action is allowed based on settings and session permissions. Priority:
- Deny rules (highest priority - cannot be bypassed by session permissions)
- Destructive command protection (always ask for dangerous bash commands)
- Session permissions (runtime, e.g., "allow all edits this session")
- Allow rules
- Ask rules
- Default behavior (read-only tools allowed, others need confirmation)
Source Files