Documentation
¶
Overview ¶
Package permission implements a three-layer authorization model:
- Core Covenant — immutable ethical bedrock checked at compile-time
- Plan Mode — rejects all write operations during planning
- Policy Gate — Allow/Ask/Deny rules per tool and subject
It is used by the agent to gate every tool invocation.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CleanCommand ¶
CleanCommand extracts the meaningful command from a possibly-wrapped shell command. Used by Subject() to improve permission matching.
func Subject ¶
func Subject(args json.RawMessage) string
Subject extracts the matchable subject string from a call's raw JSON args. It recursively flattens nested values (e.g. {"command": {"name": "whoami"}}) so that permission rules don't silently miss deeply nested tool calls.
Types ¶
type Approver ¶
type Approver interface {
Approve(ctx context.Context, toolName, subject string, args json.RawMessage) (allow, remember bool, err error)
}
Approver resolves a writer tool prompt interactively.
type Gate ¶
Gate is what the agent consults at execute time.
func (*Gate) Check ¶
func (g *Gate) Check(ctx context.Context, toolName string, args json.RawMessage, readOnly bool) (bool, string, error)
Check decides whether a tool call may run.
- If the call matches a deny rule → block
- If the call matches an ask rule and Approver is present → prompt
- If the call matches an allow rule → allow (even for writers)
- If readOnly or no Approver → allow
- Otherwise (writer + Approver present) → prompt (mode default)
type Policy ¶
Policy holds allow, ask, and deny rules. Precedence: deny > ask > allow. A tool call not matching any rule falls through to the mode's default (plan=block writers, normal=prompt, yolo=auto-allow).
func NewDenyPolicy ¶
NewDenyPolicy builds a Policy from a deny rule list only (backward compat).