permission

package
v1.210.0-test.21 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 15, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditEntry 

type AuditEntry struct {
	Timestamp  string                 `json:"timestamp"`
	User       string                 `json:"user,omitempty"`
	SessionID  string                 `json:"session_id,omitempty"`
	Tool       string                 `json:"tool"`
	Params     map[string]interface{} `json:"params"`
	Permission string                 `json:"permission"` // allowed, denied, blocked
	Result     string                 `json:"result"`     // success, failure
}

AuditEntry represents a single audit log entry.

type CLIPrompter 

type CLIPrompter struct {
	// contains filtered or unexported fields
}

CLIPrompter implements Prompter using command-line prompts.

func NewCLIPrompter 

func NewCLIPrompter() *CLIPrompter

NewCLIPrompter creates a new CLI prompter.

func NewCLIPrompterWithCache 

func NewCLIPrompterWithCache(cache *PermissionCache) *CLIPrompter

NewCLIPrompterWithCache creates a CLI prompter with persistent cache.

func (*CLIPrompter) Prompt 

func (p *CLIPrompter) Prompt(ctx context.Context, tool Tool, params map[string]interface{}) (bool, error)

Prompt asks the user for permission via CLI.

type CacheData 

type CacheData struct {
	Permissions PermissionSet `json:"permissions"`
}

CacheData represents the structure of the permission cache file.

type Checker 

type Checker struct {
	// contains filtered or unexported fields
}

Checker handles permission checking for tool execution.

func NewChecker 

func NewChecker(config *Config, prompter Prompter) *Checker

NewChecker creates a new permission checker.

func (*Checker) CheckPermission 

func (c *Checker) CheckPermission(ctx context.Context, tool Tool, params map[string]interface{}) (bool, error)

CheckPermission checks if a tool can be executed.

type Config 

type Config struct {
	Mode            Mode     `yaml:"mode" json:"mode" mapstructure:"mode"`
	AllowedTools    []string `yaml:"allowed_tools" json:"allowed_tools" mapstructure:"allowed_tools"`
	RestrictedTools []string `yaml:"restricted_tools" json:"restricted_tools" mapstructure:"restricted_tools"`
	BlockedTools    []string `yaml:"blocked_tools" json:"blocked_tools" mapstructure:"blocked_tools"`
	YOLOMode        bool     `yaml:"yolo_mode" json:"yolo_mode" mapstructure:"yolo_mode"`
	AuditEnabled    bool     `yaml:"audit_enabled" json:"audit_enabled" mapstructure:"audit_enabled"`
	AuditPath       string   `yaml:"audit_path" json:"audit_path" mapstructure:"audit_path"`
}

Config holds permission configuration.

type Decision 

type Decision struct {
	Allowed bool
	Reason  string
}

Decision represents a permission decision.

type Mode 

type Mode string

Mode represents the permission checking mode. 

const (
	// ModePrompt always prompts the user for permission.
	ModePrompt Mode = "prompt"
	// ModeAllow automatically allows all tools.
	ModeAllow Mode = "allow"
	// ModeDeny automatically denies all tools.
	ModeDeny Mode = "deny"
	// ModeYOLO bypasses all permission checks (dangerous).
	ModeYOLO Mode = "yolo"
)

type PermissionCache 

type PermissionCache struct {
	// contains filtered or unexported fields
}

PermissionCache stores persistent permission decisions.

func NewPermissionCache 

func NewPermissionCache(basePath string) (*PermissionCache, error)

NewPermissionCache creates a new permission cache.

func (*PermissionCache) AddAllow 

func (c *PermissionCache) AddAllow(pattern string) error

AddAllow adds a tool to the allow list and saves.

func (*PermissionCache) AddDeny 

func (c *PermissionCache) AddDeny(pattern string) error

AddDeny adds a tool to the deny list and saves.

func (*PermissionCache) Clear 

func (c *PermissionCache) Clear() error

Clear removes all cached permissions.

func (*PermissionCache) GetAllowList 

func (c *PermissionCache) GetAllowList() []string

GetAllowList returns a copy of the allow list.

func (*PermissionCache) GetDenyList 

func (c *PermissionCache) GetDenyList() []string

GetDenyList returns a copy of the deny list.

func (*PermissionCache) IsAllowed 

func (c *PermissionCache) IsAllowed(toolName string) bool

IsAllowed checks if a tool is in the allow list.

func (*PermissionCache) IsDenied 

func (c *PermissionCache) IsDenied(toolName string) bool

IsDenied checks if a tool is in the deny list.

func (*PermissionCache) RemoveAllow 

func (c *PermissionCache) RemoveAllow(pattern string) error

RemoveAllow removes a pattern from the allow list.

func (*PermissionCache) RemoveDeny 

func (c *PermissionCache) RemoveDeny(pattern string) error

RemoveDeny removes a pattern from the deny list.

type PermissionSet 

type PermissionSet struct {
	Allow []string `json:"allow"`
	Deny  []string `json:"deny"`
}

PermissionSet contains allow/deny lists similar to Claude Code's format.

type Prompter 

type Prompter interface {
	// Prompt asks the user for permission to execute a tool.
	Prompt(ctx context.Context, tool Tool, params map[string]interface{}) (bool, error)
}

Prompter defines the interface for user prompting.

type Tool 

type Tool interface {
	Name() string
	Description() string
	IsRestricted() bool
}

Tool interface (minimal interface needed for permission checking).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.