Skip to main content

AgentCapabilities

agent_sdk

Struct AgentCapabilities 

Source 
pub struct AgentCapabilities {
    pub read: bool,
    pub write: bool,
    pub exec: bool,
    pub allowed_paths: Vec<String>,
    pub denied_paths: Vec<String>,
    pub allowed_commands: Vec<String>,
    pub denied_commands: Vec<String>,
}
Expand description

Capabilities that control what the agent can do.

This provides a security model for primitive tools (Read, Write, Grep, Glob, Bash). Paths are matched using glob patterns, commands using regex patterns.

By default, everything is allowed — the SDK is unopinionated and leaves security policy to the client. Use the builder methods to configure restrictions.

§Example

use agent_sdk::AgentCapabilities;

// Read-only agent that can only access src/ directory
let caps = AgentCapabilities::read_only()
    .with_allowed_paths(vec!["src/**/*".into()]);

// Full access agent with some restrictions
let caps = AgentCapabilities::full_access()
    .with_denied_paths(vec!["**/.env*".into(), "**/secrets/**".into()]);

Fields§

§read: bool

Can read files

§write: bool

Can write/edit files

§exec: bool

Can execute shell commands

§allowed_paths: Vec<String>

Allowed path patterns (glob). Empty means all paths allowed.

§denied_paths: Vec<String>

Denied path patterns (glob). Takes precedence over allowed_paths.

§allowed_commands: Vec<String>

Allowed commands (regex patterns). Empty means all commands allowed when exec=true.

§denied_commands: Vec<String>

Denied commands (regex patterns). Takes precedence over allowed_commands.

Implementations§

Source§

impl AgentCapabilities

Source

pub const fn none() -> Self

Create capabilities with no access (must explicitly enable)

Source

pub const fn read_only() -> Self

Create read-only capabilities

Source

pub const fn full_access() -> Self

Create full access capabilities

Source

pub const fn with_read(self, enabled: bool) -> Self

Builder: enable read access

Source

pub const fn with_write(self, enabled: bool) -> Self

Builder: enable write access

Source

pub const fn with_exec(self, enabled: bool) -> Self

Builder: enable exec access

Source

pub fn with_allowed_paths(self, paths: Vec<String>) -> Self

Builder: set allowed paths

Source

pub fn with_denied_paths(self, paths: Vec<String>) -> Self

Builder: set denied paths

Source

pub fn with_allowed_commands(self, commands: Vec<String>) -> Self

Builder: set allowed commands

Source

pub fn with_denied_commands(self, commands: Vec<String>) -> Self

Builder: set denied commands

Source

pub fn check_read(&self, path: &str) -> Result<(), String>

Check read permission, returning the denial reason on failure.

§Errors

Returns the denial reason when read is disabled, the path matches a denied pattern, or the path is not in the allowed list.

Source

pub fn check_write(&self, path: &str) -> Result<(), String>

Check write permission, returning the denial reason on failure.

§Errors

Returns the denial reason when write is disabled, the path matches a denied pattern, or the path is not in the allowed list.

Source

pub fn check_exec(&self, command: &str) -> Result<(), String>

Check exec permission, returning the denial reason on failure.

§Errors

Returns the denial reason when exec is disabled, the command matches a denied pattern, or the command is not in the allowed list.

Source

pub fn can_read(&self, path: &str) -> bool

Returns true if reading path is allowed.

Source

pub fn can_write(&self, path: &str) -> bool

Returns true if writing path is allowed.

Source

pub fn can_exec(&self, command: &str) -> bool

Returns true if executing command is allowed.

Source

pub fn check_path(&self, path: &str) -> Result<(), String>

Check whether a path passes the allow/deny rules, returning the specific denial reason on failure.

§Errors

Returns the denial reason when the path matches a denied pattern or is not in the allowed list.

Source

pub fn check_command(&self, command: &str) -> Result<(), String>

Check whether a command passes the allow/deny rules, returning the specific denial reason on failure.

§Security Note

Regex-based command filtering is a heuristic, not a security boundary. Shell metacharacters (;, &&, |, backticks, $()) allow chaining arbitrary commands. For example, denied_commands: ["^sudo"] does NOT block bash -c "sudo rm -rf /". The pre_tool_use hook is the authoritative gate for command approval.

Invalid deny patterns fail closed (block everything) to prevent misconfigured deny rules from silently allowing dangerous commands.

§Errors

Returns the denial reason when the command matches a denied pattern or is not in the allowed list.

Trait Implementations§

Source§

impl Clone for AgentCapabilities

Source§

fn clone(&self) -> AgentCapabilities

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for AgentCapabilities

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for AgentCapabilities

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for AgentCapabilities

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for AgentCapabilities

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,