Expand description
cc-toolgate: a PreToolUse hook for Claude Code that gates Bash commands.
This crate evaluates shell commands against configurable rules and returns
one of three decisions: eval::Decision::Allow, eval::Decision::Ask,
or eval::Decision::Deny. Commands are parsed into an AST using
tree-sitter-bash, split into segments, and each segment is evaluated
against a CommandRegistry built from configuration.
§Architecture
parse— Shell parsing: tree-sitter-bash AST walker, shlex tokenizer, type definitions.eval— Evaluation engine: command registry, decision types, per-segment context.commands— Command specs: per-tool evaluation logic (git, cargo, kubectl, gh, etc.).config— Configuration loading: embedded defaults + user overlay merge.logging— Decision logging to~/.local/share/cc-toolgate/decisions.log.
Modules§
- commands
- Command spec trait and per-tool implementations. Command evaluation specs: per-tool logic for deciding allow/ask/deny.
- config
- Configuration types, loading, and overlay merge logic. Configuration loading and overlay merge logic.
- eval
- Evaluation engine: registry, decision aggregation, command context. Evaluation engine: builds a command registry from config and evaluates commands.
- logging
- File-based decision logging.
Decision logging to
~/.local/share/cc-toolgate/decisions.log. - parse
- Shell command parsing: tree-sitter AST, shlex tokenizer, pipeline types. Shell command parsing: tree-sitter-bash AST, shlex tokenizer, and pipeline types.
Functions§
- evaluate
- Build the registry from default config and evaluate a command string.