aft/bash_permissions/
mod.rs

1//! Bash permission scanner for hoisted bash. Phase 0 stub; Phase 1 Track C fills in.
2//!
3//! Ports OpenCode's tree-sitter-based permission scan that walks the parsed
4//! command tree to identify sub-commands that touch external directories or
5//! match permission rules.
6
7pub mod arity;
8pub mod scan;
9
10use crate::context::AppContext;
11use serde::{Deserialize, Serialize};
12
13#[derive(Debug, Clone, Serialize, Deserialize)]
14pub struct PermissionAsk {
15    pub kind: PermissionKind,
16    pub patterns: Vec<String>,
17    pub always: Vec<String>,
18}
19
20#[derive(Debug, Clone, Serialize, Deserialize)]
21pub enum PermissionKind {
22    #[serde(rename = "external_directory")]
23    ExternalDirectory,
24    #[serde(rename = "bash")]
25    Bash,
26}
27
28/// Scan a bash command and return the list of permission asks needed.
29pub fn scan(command: &str, ctx: &AppContext) -> Vec<PermissionAsk> {
30    scan::scan(command, ctx)
31}
aft/bash_permissions/mod.rs

aft/bash_permissions/
mod.rs
