Documentation
¶
Overview ¶
Package permissions implements Claude Code's permission gate.
Mirrors src/utils/permissions/permissions.ts and shellRuleMatching.ts.
A permission rule is a string like:
"Bash" — allow/deny all Bash calls "Bash(git log)" — exact command match "Bash(git log *)" — prefix match (trailing space + * = prefix) "Edit" — all Edit calls "Edit(/path/*)" — path prefix match
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PersistAllow ¶
PersistAllow writes rule to the allow list in <cwd>/.claude/settings.local.json. This is the "always allow" persistence path — mirrors TS localSettings destination. Uses raw-JSON map so unknown fields are preserved.
func SuggestRule ¶
SuggestRule returns the broad rule string to use for "always allow". Mirrors TS suggestionForPrefix / createReadRuleSuggestion:
- Read/Edit/Write: directory-level Read(//dir/**)
- Bash: prefix wildcard Bash(cmd subcmd:*) or exact Bash(full command)
- others: tool name only
Types ¶
type Gate ¶
type Gate struct {
// contains filtered or unexported fields
}
Gate holds the active permission state for a session.
func (*Gate) AllowForSession ¶
AllowForSession adds a rule to the session-level allow list.
func (*Gate) Check ¶
Check determines whether toolName with toolInput may run. toolInput is the raw argument string (e.g. the command for Bash).