permission

package
v1.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 21, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package permission implements a three-layer authorization model:

  1. Core Covenant — immutable ethical bedrock checked at compile-time
  2. Plan Mode — rejects all write operations during planning
  3. Policy Gate — Allow/Ask/Deny rules per tool and subject

It is used by the agent to gate every tool invocation.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CleanCommand

func CleanCommand(cmd string) string

CleanCommand extracts the meaningful command from a possibly-wrapped shell command. Used by Subject() to improve permission matching.

func Subject

func Subject(args json.RawMessage) string

Subject extracts the matchable subject string from a call's raw JSON args. It recursively flattens nested values (e.g. {"command": {"name": "whoami"}}) so that permission rules don't silently miss deeply nested tool calls.

Types

type Approver

type Approver interface {
	Approve(ctx context.Context, toolName, subject string, args json.RawMessage) (allow, remember bool, err error)
}

Approver resolves a writer tool prompt interactively.

type Gate

type Gate struct {
	Policy     Policy
	Approver   Approver
	OnRemember func(rule string)
}

Gate is what the agent consults at execute time.

func NewGate

func NewGate(p Policy, a Approver) *Gate

NewGate wires a Policy to an Approver (nil for non-interactive/YOLO use).

func (*Gate) Check

func (g *Gate) Check(ctx context.Context, toolName string, args json.RawMessage, readOnly bool) (bool, string, error)

Check decides whether a tool call may run.

  1. If the call matches a deny rule → block
  2. If the call matches an ask rule and Approver is present → prompt
  3. If the call matches an allow rule → allow (even for writers)
  4. If readOnly or no Approver → allow
  5. Otherwise (writer + Approver present) → prompt (mode default)

type Policy

type Policy struct {
	Allow []Rule
	Ask   []Rule
	Deny  []Rule
}

Policy holds allow, ask, and deny rules. Precedence: deny > ask > allow. A tool call not matching any rule falls through to the mode's default (plan=block writers, normal=prompt, yolo=auto-allow).

func NewDenyPolicy

func NewDenyPolicy(deny []string) Policy

NewDenyPolicy builds a Policy from a deny rule list only (backward compat).

func NewPolicy

func NewPolicy(allow, ask, deny []string) Policy

NewPolicy builds a Policy from allow/ask/deny rule lists.

func (Policy) Classify

func (p Policy) Classify(toolName string, args json.RawMessage) (decision string, reason string)

Classify returns "deny", "ask", "allow", or "" (fall through) for a tool call.

func (Policy) Denied

func (p Policy) Denied(toolName string, args json.RawMessage) (string, bool)

Denied reports whether a tool call matches a deny rule, with a reason.

type Rule

type Rule struct {
	Tool    string
	Subject string
}

Rule matches tool calls. Tool is the tool name; Subject, when non-empty, is a glob (see matchGlob) the call's subject must match. An empty Subject matches every call to Tool.

func ParseRule

func ParseRule(s string) (Rule, bool)

ParseRule parses "ToolName" or "ToolName(glob)".

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL