Module permissions 

Permission system for tool execution control

Implements a declarative permission system similar to Claude Code’s permissions. Supports pattern matching with wildcards and three-tier evaluation:

1. Deny rules - checked first, any match = immediate denial
2. Allow rules - checked second, any match = auto-approval
3. Ask rules - checked third, forces confirmation prompt
4. Default behavior - falls back to HITL policy

Structs

MatchingRules

Matching rules for debugging

PermissionManager

Permission manager that handles per-session permissions

PermissionPolicy

Permission policy configuration

PermissionRule

A permission rule with pattern matching support

Enums

PermissionDecision

Permission decision result

Traits

PermissionChecker

Trait for checking tool execution permissions.