a3s_code_core/permissions/mod.rs
1//! Permission system for tool execution control
2//!
3//! Implements a declarative permission system similar to Claude Code's permissions.
4//! Supports pattern matching with wildcards and three-tier evaluation:
5//! 1. Deny rules - checked first, any match = immediate denial
6//! 2. Allow rules - checked second, any match = auto-approval
7//! 3. Ask rules - checked third, forces confirmation prompt
8//! 4. Default behavior - falls back to HITL policy
9
10mod manager;
11mod policy;
12mod rule;
13
14#[cfg(test)]
15mod tests;
16
17use serde::{Deserialize, Serialize};
18
19pub use manager::{MatchingRules, PermissionManager};
20pub use policy::PermissionPolicy;
21pub use rule::PermissionRule;
22
23/// Trait for checking tool execution permissions.
24///
25/// Implement this trait to provide custom permission logic.
26/// The built-in `PermissionPolicy` implements this trait using
27/// declarative allow/deny/ask rules with pattern matching.
28pub trait PermissionChecker: Send + Sync {
29 /// Check whether a tool invocation is allowed, denied, or requires confirmation.
30 fn check(&self, tool_name: &str, args: &serde_json::Value) -> PermissionDecision;
31}
32
33/// Permission decision result
34#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
35#[serde(rename_all = "snake_case")]
36pub enum PermissionDecision {
37 /// Automatically allow without user confirmation
38 Allow,
39 /// Deny execution
40 Deny,
41 /// Ask user for confirmation
42 Ask,
43}