Documentation
¶
Index ¶
- Constants
- type DeniedResponse
- type FilesystemPermissions
- type GrantedResponse
- type Input
- type NetworkPermissions
- type PermissionGrantScope
- type RequestedPermissions
- type Tool
- func (t *Tool) BackfillInput(_ context.Context, input map[string]any) map[string]any
- func (t *Tool) Call(ctx context.Context, input tool.CallInput, permissionCheck types.CanUseToolFn) (tool.CallResult, error)
- func (t *Tool) CheckPermissions(_ context.Context, input map[string]any, _ tool.ToolUseContext) types.PermissionResult
- func (t *Tool) Definition() tool.Definition
- func (t *Tool) Description(_ context.Context) (string, error)
- func (t *Tool) FormatResult(data any) string
- func (t *Tool) IsConcurrencySafe(_ map[string]any) bool
- func (t *Tool) IsEnabled() bool
- func (t *Tool) IsReadOnly(_ map[string]any) bool
- func (t *Tool) RequiresUserInteraction() bool
- func (t *Tool) ValidateInput(_ context.Context, input map[string]any) (map[string]any, error)
Constants ¶
const Description = `Requests additional permissions before performing an operation that exceeds the current authorization.
Use this tool when you need to:
- Read or write to paths outside the current workspace
- Access network resources that are not yet permitted
- Perform file system operations (create, delete, move) that require explicit user consent
- Execute commands that would normally require approval
## When to use
Call this tool BEFORE the operation that needs the permission, not after a failure.
Be specific: list the exact paths or network targets needed.
Provide a clear reason that explains WHY the permission is necessary.
## Scope
- ` + "`turn`" + ` (default): permission is valid for the remainder of this turn only.
- ` + "`session`" + `: permission persists for the entire session.
## Handling denial
If the user denies the request (` + "`granted: false`" + `), you must find a safe alternative or inform the user that the task cannot be completed without the requested permissions. Do NOT retry the same request.
## Examples
Good reason: "Need to read ~/.ssh/config to verify the SSH key used by the deployment script."
Bad reason: "Need more permissions."
Good reason: "Writing build artifacts to /tmp/seshat-build/ to avoid polluting the workspace."
Bad reason: "Write access needed."
`
Description is the model-facing description of this tool.
const SearchHint = "request additional permissions for file system or network access"
SearchHint is used by tool_search for ranking.
const ToolName = "request_permissions"
ToolName is the canonical name of this tool.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DeniedResponse ¶
DeniedResponse is returned when the user denies the request.
type FilesystemPermissions ¶
FilesystemPermissions describes the filesystem access being requested.
type GrantedResponse ¶
type GrantedResponse struct {
Granted bool `json:"granted"`
Scope PermissionGrantScope `json:"scope"`
Permissions RequestedPermissions `json:"permissions"`
}
GrantedResponse is returned when the user approves the request.
type Input ¶
type Input struct {
Reason string `json:"reason"`
Permissions RequestedPermissions `json:"permissions"`
Scope PermissionGrantScope `json:"scope"`
}
Input is the parsed input to request_permissions.
type NetworkPermissions ¶
type NetworkPermissions struct {
Targets []string `json:"targets,omitempty"`
Enabled bool `json:"enabled,omitempty"`
}
NetworkPermissions describes the network access being requested.
type PermissionGrantScope ¶
type PermissionGrantScope string
PermissionGrantScope controls how long a granted permission remains valid.
const ( GrantScopeTurn PermissionGrantScope = "turn" GrantScopeSession PermissionGrantScope = "session" )
type RequestedPermissions ¶
type RequestedPermissions struct {
Filesystem *FilesystemPermissions `json:"filesystem,omitempty"`
Network *NetworkPermissions `json:"network,omitempty"`
}
RequestedPermissions is the top-level permissions payload.
type Tool ¶
type Tool struct{}
Tool implements the request_permissions tool.
func (*Tool) BackfillInput ¶
BackfillInput returns input unchanged.
func (*Tool) Call ¶
func (t *Tool) Call( ctx context.Context, input tool.CallInput, permissionCheck types.CanUseToolFn, ) (tool.CallResult, error)
Call executes the permission request through the approval pipeline. A user denial returns a structured JSON response (not an error) so the model can handle it gracefully and propose a safe alternative.
func (*Tool) CheckPermissions ¶
func (t *Tool) CheckPermissions(_ context.Context, input map[string]any, _ tool.ToolUseContext) types.PermissionResult
CheckPermissions always delegates to the global pipeline — the approval happens inside Call via ResolveToolPermission.
func (*Tool) Definition ¶
func (t *Tool) Definition() tool.Definition
Definition returns the tool definition.
func (*Tool) Description ¶
Description returns the tool description.
func (*Tool) FormatResult ¶
FormatResult serialises the tool output.
func (*Tool) IsConcurrencySafe ¶
IsConcurrencySafe reports that permission requests must run serially.
func (*Tool) IsReadOnly ¶
IsReadOnly reports that permission requests have side-effects (they change the session grant state).
func (*Tool) RequiresUserInteraction ¶
RequiresUserInteraction ensures this tool is never auto-approved in bypass mode.