Skip to main content

Module permissions

Module permissions 

Source
Expand description

Permission system for tool execution control

Implements a declarative permission system similar to Claude Code’s permissions. Supports pattern matching with wildcards and three-tier evaluation:

  1. Deny rules - checked first, any match = immediate denial
  2. Allow rules - checked second, any match = auto-approval
  3. Ask rules - checked third, forces confirmation prompt
  4. Default behavior - falls back to HITL policy

Structs§

InteractiveToolGuardrail
Shared Codex-style guardrail used by the terminal and web Code products.
MatchingRules
Matching rules for debugging
PermissionManager
Permission manager that handles per-session permissions
PermissionPolicy
Permission policy configuration
PermissionRule
A permission rule with pattern matching support

Enums§

InteractiveApprovalMode
How an interactive host treats operations that would normally require HITL.
PermissionDecision
Permission decision result

Traits§

PermissionChecker
Trait for checking tool execution permissions.