pub trait PermissionPolicy:
Send
+ Sync
+ 'static {
// Required method
fn decide(&self, request: &PermissionRequest) -> PolicyDecision;
// Provided method
fn supports_interaction(&self) -> bool { ... }
}Expand description
Policy for handling permission requests.
Implement this trait to automatically approve, deny, or filter permission requests before they reach the user. Useful for:
- Headless servers: Auto-approve everything in trusted environments
- Allowlists: Only prompt for paths/commands outside a safe list
- Audit logging: Log all permission requests regardless of decision
- Rate limiting: Deny requests that exceed usage thresholds
§Example: Custom Allowlist Policy
ⓘ
use agent_core_runtime::agent::interface::{PermissionPolicy, PolicyDecision};
use agent_core_runtime::permissions::{PermissionRequest, GrantTarget};
struct AllowlistPolicy {
allowed_paths: Vec<String>,
}
impl PermissionPolicy for AllowlistPolicy {
fn decide(&self, request: &PermissionRequest) -> PolicyDecision {
match &request.target {
GrantTarget::Path { path, .. } => {
let path_str = path.to_string_lossy();
if self.allowed_paths.iter().any(|p| path_str.starts_with(p)) {
PolicyDecision::Allow
} else {
PolicyDecision::AskUser
}
}
_ => PolicyDecision::AskUser,
}
}
}Required Methods§
Sourcefn decide(&self, request: &PermissionRequest) -> PolicyDecision
fn decide(&self, request: &PermissionRequest) -> PolicyDecision
Decide how to handle a permission request.
Called before the request is sent to the consumer. Return:
AlloworAllowWithGrantto approve immediatelyDenyto reject immediatelyAskUserto forward to the consumer for user decision
Provided Methods§
Sourcefn supports_interaction(&self) -> bool
fn supports_interaction(&self) -> bool
Whether this policy supports interactive user questions.
Returns false for headless/auto-approve policies, causing
UserInteractionRequired events to be auto-cancelled (the tool
receives “User declined to answer”).
Returns true (default) for interactive policies where a user
can answer questions.