permissions

package

v0.1.0 Latest Latest Go to latest Published: May 12, 2026 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/GrayCodeAI/hawk

Links

Open Source Insights

Documentation ¶

Index ¶

func DefaultPath(projectDir string) string
func Save(path string, rules []Rule) error
type AskRecord
type AutoModeState
- func NewAutoModeState() *AutoModeState
- func (a *AutoModeState) Record(toolName, summary string, allowed bool)
- func (a *AutoModeState) ShouldAutoAllow(toolName, summary string) (bool, bool)
type BypassKillswitch
- func NewBypassKillswitch() *BypassKillswitch
type Classifier
- func NewClassifier() *Classifier
- func (c *Classifier) Classify(command string) string
type Rule
- func Load(path string) ([]Rule, error)
type ShadowedRuleDetector
- func (d *ShadowedRuleDetector) DetectShadowedRules(allowRules, denyRules []string) []string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DefaultPath ¶

func DefaultPath(projectDir string) string

DefaultPath returns the default permissions file path for a project directory.

func Save ¶

func Save(path string, rules []Rule) error

Save serializes permission rules to a JSON file atomically.

Types ¶

type AskRecord ¶

type AskRecord struct {
	ToolName string
	Summary  string
	Allowed  bool
	Count    int
}

AskRecord records a permission decision.

type AutoModeState ¶

type AutoModeState struct {
	// contains filtered or unexported fields
}

AutoModeState tracks auto-allow decisions for learning user preferences.

func NewAutoModeState ¶

func NewAutoModeState() *AutoModeState

NewAutoModeState creates a new auto-mode state.

func (*AutoModeState) Record ¶

func (a *AutoModeState) Record(toolName, summary string, allowed bool)

Record records a permission decision.

func (*AutoModeState) ShouldAutoAllow ¶

func (a *AutoModeState) ShouldAutoAllow(toolName, summary string) (bool, bool)

ShouldAutoAllow checks if a tool should be automatically allowed.

type BypassKillswitch ¶

type BypassKillswitch struct {
	// contains filtered or unexported fields
}

BypassKillswitch disables permission checks globally.

func NewBypassKillswitch ¶

func NewBypassKillswitch() *BypassKillswitch

NewBypassKillswitch creates a new bypass killswitch.

func (*BypassKillswitch) Disable ¶

func (b *BypassKillswitch) Disable()

Disable disables the bypass killswitch.

func (*BypassKillswitch) Enable ¶

func (b *BypassKillswitch) Enable()

Enable enables the bypass killswitch.

func (*BypassKillswitch) IsEnabled ¶

func (b *BypassKillswitch) IsEnabled() bool

IsEnabled checks if the bypass killswitch is enabled.

type Classifier ¶

type Classifier struct {
	// contains filtered or unexported fields
}

Classifier classifies commands as safe or dangerous.

func NewClassifier ¶

func NewClassifier() *Classifier

NewClassifier creates a new permission classifier.

func (*Classifier) Classify ¶

func (c *Classifier) Classify(command string) string

Classify classifies a command as safe, unsafe, or unknown.

type Rule ¶

type Rule struct {
	Tool    string `json:"tool"`    // tool name, e.g. "Bash"
	Pattern string `json:"pattern"` // glob pattern, e.g. "go test*"
	Action  string `json:"action"`  // "allow" or "deny"
}

Rule captures a single permission rule for persistence.

func Load ¶

func Load(path string) ([]Rule, error)

Load deserializes permission rules from a JSON file.

type ShadowedRuleDetector ¶

type ShadowedRuleDetector struct{}

ShadowedRuleDetector detects when permission rules shadow each other.

func (*ShadowedRuleDetector) DetectShadowedRules ¶

func (d *ShadowedRuleDetector) DetectShadowedRules(allowRules, denyRules []string) []string

DetectShadowedRules finds shadowed permission rules.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL