Module permissions 

Permission system.

Controls which tool operations are allowed. Checks are run before every tool execution. The system supports three modes:

• Allow — execute without asking
• Deny — block with a reason
• Ask — prompt the user interactively

Rules can be configured per-tool and per-pattern (e.g., allow Bash for git * commands, deny FileWrite outside the project).

Modules

tracking

Permission denial tracking.

Structs

PermissionChecker

Checks permissions for tool operations based on configured rules.

Enums

PermissionDecision

Decision from a permission check.